Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Trojaner nach e-mail-Anhangsöffnung, Sytem: Windows8 (https://www.trojaner-board.de/130396-trojaner-e-mail-anhangsoeffnung-sytem-windows8.html)

ad3001 31.01.2013 15:14
Trojaner nach e-mail-Anhangsöffnung, Sytem: Windows8
 
hallo,

heute morgen habe ich mir einen trojaner durch öffnen des anhangs einer angeblichen mahnung eingehandelt, der anhang wurde entpackt und geöffnet, es erschien aber kein dokument, sondern ich habe wahrscheinlich die installation des trojaners damit gestartet (ich nutze win8 auf meinem pc). da sich kein word-dokument o.ä. öffnete, wurde ich misstrauisch, habe kurz im internet recherchiert und ca. fünf min später die internetverbindung gekappt.
der bei win8 integrierte virenscanner hat nichts gefunden. (Mainboard GA-N650SLI-DS4L, Arbeitsspeicher 8 GB Ram, 64-Bit-Betriebssystem, Intel Core 2Quad CPU Q6600 @2.40GHz, Grafik: NVIDIA GeForce 8600 GT))

ich weiss nicht genau, um welchen trojaner es sich handelt, habe bereits eine e-mail an trojaner-board geschrieben. der suchlauf mit malwarebytes anti-malware ergab folgendes:

Code:
Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.01.28.06

Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16466
*** :: AS [Administrator]

31.01.2013 13:07:10
MBAM-log-2013-01-31 (13-15-05).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 229508
Laufzeit: 1 Minute(n), 49 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 4
C:\$Recycle.Bin\S-1-5-21-1629929417-1819531260-4265927573-1001\$RMM5845.dll (PUP.RiskwareTool.CK) -> Keine Aktion durchgeführt.
C:\Users\***\AppData\Local\Temp\{173B5-87F26C-87F66C} (Spyware.Zbot) -> Keine Aktion durchgeführt.
C:\Users\***\AppData\Local\Temp\lwhamieknp.pre (Trojan.Downloader.Gen) -> Keine Aktion durchgeführt.
C:\Users\***\AppData\Local\Temp\pywcpgluar.pre (Trojan.Downloader.Gen) -> Keine Aktion durchgeführt.

(Ende)
ausserdem habe ich bereits die von euch empfohlenen scans des systems defogger, otl und gmer durchgeführt...allerdings hat gmer meinen computer (trotz administrator-ausführung und ausführen im kompatibilitätsmodus) abstürzen lassen (fünf versuche)...

die anderen protokolle sind hier:

Code:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 11:47 on 31/01/2013 (***)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
Code:
OTL logfile created on: 31.01.2013 12:09:12 - Run 1
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\***\Desktop
64bit- An unknown product  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16453)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
8,00 Gb Total Physical Memory | 5,92 Gb Available Physical Memory | 74,06% Memory free
16,00 Gb Paging File | 13,94 Gb Available in Paging File | 87,15% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232,88 Gb Total Space | 185,32 Gb Free Space | 79,58% Space Free | Partition Type: NTFS
Drive K: | 232,88 Gb Total Space | 109,04 Gb Free Space | 46,82% Space Free | Partition Type: NTFS
 
Computer Name: AS | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.01.31 12:05:28 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
PRC - [2012.12.18 20:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.10.02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2012.12.06 05:23:00 | 000,170,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)
SRV:64bit: - [2012.12.06 05:22:59 | 000,178,176 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV:64bit: - [2012.11.06 05:36:55 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV:64bit: - [2012.11.06 05:17:41 | 000,169,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2012.09.20 10:10:47 | 002,367,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService)
SRV:64bit: - [2012.09.20 07:31:18 | 000,116,736 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)
SRV:64bit: - [2012.09.20 07:30:41 | 000,179,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)
SRV:64bit: - [2012.07.26 04:08:04 | 001,968,128 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)
SRV:64bit: - [2012.07.26 04:07:47 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)
SRV:64bit: - [2012.07.26 04:07:42 | 000,263,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)
SRV:64bit: - [2012.07.26 04:07:40 | 000,283,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)
SRV:64bit: - [2012.07.26 04:07:25 | 000,012,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)
SRV:64bit: - [2012.07.26 04:06:36 | 000,463,872 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:64bit: - [2012.07.26 04:06:34 | 000,743,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)
SRV:64bit: - [2012.07.26 04:06:33 | 000,161,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)
SRV:64bit: - [2012.07.26 04:06:33 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV:64bit: - [2012.07.26 04:06:00 | 000,438,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)
SRV:64bit: - [2012.07.26 04:05:55 | 000,059,904 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV:64bit: - [2012.07.26 04:05:34 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\efssvc.dll -- (EFS)
SRV:64bit: - [2012.07.26 04:05:28 | 000,207,872 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)
SRV:64bit: - [2012.07.26 04:05:24 | 000,342,016 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)
SRV:64bit: - [2012.07.26 04:05:08 | 000,122,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AUInstallAgent.dll -- (AllUserInstallAgent)
SRV:64bit: - [2012.07.26 01:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)
SRV:64bit: - [2012.07.26 01:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)
SRV:64bit: - [2012.07.26 01:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)
SRV:64bit: - [2012.07.26 01:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)
SRV:64bit: - [2012.07.26 01:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)
SRV:64bit: - [2012.07.26 01:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)
SRV - [2013.01.19 09:34:21 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.12.18 20:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.11.06 05:36:55 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll -- (PrintNotify)
SRV - [2012.10.02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012.07.26 04:20:04 | 000,018,432 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.11.27 08:00:32 | 000,194,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2012.11.27 04:56:29 | 000,031,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
DRV:64bit: - [2012.11.27 04:55:44 | 000,029,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthhfHid.sys -- (bthhfhid)
DRV:64bit: - [2012.11.20 05:54:31 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hidi2c.sys -- (hidi2c)
DRV:64bit: - [2012.11.06 08:52:07 | 000,445,160 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\USBHUB3.SYS -- (USBHUB3)
DRV:64bit: - [2012.11.06 08:36:23 | 000,069,864 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\pdc.sys -- (pdc)
DRV:64bit: - [2012.11.06 04:55:44 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\fxppm.sys -- (FxPPM)
DRV:64bit: - [2012.10.12 09:08:01 | 000,027,880 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012.10.11 08:25:48 | 000,056,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdstor.sys -- (sdstor)
DRV:64bit: - [2012.10.11 08:13:49 | 000,058,088 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\Drivers\dam.sys -- (dam)
DRV:64bit: - [2012.10.11 04:51:49 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2012.09.20 08:55:33 | 000,337,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\USBXHCI.SYS -- (USBXHCI)
DRV:64bit: - [2012.09.20 08:55:33 | 000,212,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\UCX01000.SYS -- (UCX01000)
DRV:64bit: - [2012.09.20 08:55:30 | 000,120,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpioclx.sys -- (GPIOClx0101)
DRV:64bit: - [2012.09.20 08:55:29 | 000,028,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpiowin32.sys -- (msgpiowin32)
DRV:64bit: - [2012.09.20 08:55:27 | 003,265,256 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2012.09.20 08:55:24 | 000,533,224 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2012.09.20 08:03:08 | 000,148,712 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\tpm.sys -- (TPM)
DRV:64bit: - [2012.07.26 06:26:46 | 000,025,328 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.07.26 06:26:45 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\condrv.sys -- (condrv)
DRV:64bit: - [2012.07.26 06:00:58 | 000,322,800 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV:64bit: - [2012.07.26 06:00:58 | 000,106,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\VerifierExt.sys -- (VerifierExt)
DRV:64bit: - [2012.07.26 06:00:58 | 000,097,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\uaspstor.sys -- (UASPStor)
DRV:64bit: - [2012.07.26 06:00:57 | 000,077,040 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\acpiex.sys -- (acpiex)
DRV:64bit: - [2012.07.26 06:00:55 | 000,283,888 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\spaceport.sys -- (spaceport)
DRV:64bit: - [2012.07.26 06:00:55 | 000,077,552 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\storahci.sys -- (storahci)
DRV:64bit: - [2012.07.26 06:00:55 | 000,064,240 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\mvumis.sys -- (mvumis)
DRV:64bit: - [2012.07.26 06:00:55 | 000,030,960 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2012.07.26 06:00:52 | 000,092,400 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2012.07.26 06:00:52 | 000,081,136 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sss.sys -- (LSI_SSS)
DRV:64bit: - [2012.07.26 06:00:52 | 000,064,752 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2012.07.26 06:00:51 | 000,113,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV:64bit: - [2012.07.26 06:00:51 | 000,081,136 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorClass.sys -- (EhStorClass)
DRV:64bit: - [2012.07.26 06:00:49 | 000,258,288 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2012.07.26 06:00:49 | 000,106,736 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\3ware.sys -- (3ware)
DRV:64bit: - [2012.07.26 06:00:49 | 000,076,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2012.07.26 06:00:48 | 000,026,352 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2012.07.26 05:57:54 | 000,361,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\clfs.sys -- (CLFS)
DRV:64bit: - [2012.07.26 05:54:34 | 000,096,496 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\wfplwfs.sys -- (WFPLWFS)
DRV:64bit: - [2012.07.26 05:53:16 | 000,067,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vpci.sys -- (vpci)
DRV:64bit: - [2012.07.26 05:44:30 | 000,258,288 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\Drivers\WdFilter.sys -- (WdFilter)
DRV:64bit: - [2012.07.26 05:36:15 | 000,034,216 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\WdBoot.sys -- (WdBoot)
DRV:64bit: - [2012.07.26 04:17:38 | 000,036,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2012.07.26 03:29:14 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mshidumdf.sys -- (mshidumdf)
DRV:64bit: - [2012.07.26 03:29:08 | 000,048,640 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicDisplay.sys -- (BasicDisplay)
DRV:64bit: - [2012.07.26 03:29:03 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\HyperVideo.sys -- (HyperVideo)
DRV:64bit: - [2012.07.26 03:28:52 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicRender.sys -- (BasicRender)
DRV:64bit: - [2012.07.26 03:27:58 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vmgencounter.sys -- (gencounter)
DRV:64bit: - [2012.07.26 03:27:41 | 000,018,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\kdnic.sys -- (kdnic)
DRV:64bit: - [2012.07.26 03:27:37 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpitime.sys -- (acpitime)
DRV:64bit: - [2012.07.26 03:27:33 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\npsvctrig.sys -- (npsvctrig)
DRV:64bit: - [2012.07.26 03:27:29 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV:64bit: - [2012.07.26 03:27:16 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpipagr.sys -- (acpipagr)
DRV:64bit: - [2012.07.26 03:27:01 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hyperkbd.sys -- (hyperkbd)
DRV:64bit: - [2012.07.26 03:26:46 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SerCx.sys -- (SerCx)
DRV:64bit: - [2012.07.26 03:26:43 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SpbCx.sys -- (SpbCx)
DRV:64bit: - [2012.07.26 03:26:34 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012.07.26 03:26:13 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\bthhfenum.sys -- (BthHFEnum)
DRV:64bit: - [2012.07.26 03:25:57 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2012.07.26 03:25:56 | 000,057,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012.07.26 03:25:13 | 000,045,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\wpcfltr.sys -- (wpcfltr)
DRV:64bit: - [2012.07.26 03:25:01 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV:64bit: - [2012.07.26 03:23:53 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mslldp.sys -- (MsLldp)
DRV:64bit: - [2012.07.26 03:23:42 | 000,097,792 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\Ndu.sys -- (Ndu)
DRV:64bit: - [2012.06.02 15:31:52 | 000,344,192 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\nvmf6264.sys -- (NVNET)
DRV:64bit: - [2011.11.03 03:01:00 | 000,056,208 | ---- | M] (Rovi Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2010.07.29 00:25:10 | 000,029,720 | ---- | M] (Initio Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\ivusb.sys -- (ivusb)
DRV:64bit: - [2008.06.27 07:51:10 | 000,088,632 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\adfs.sys -- (adfs)
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.de.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 7D 3E 71 D4 16 D9 CD 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: web2pdfextension%40web2pdf.adobedotcom:2.0
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.1
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.10.2: C:\Windows\system32\npDeployJava1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.10.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.01.19 09:34:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.01.12 10:24:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.01.19 09:34:22 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.01.12 10:24:46 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
 
[2012.12.08 17:21:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2013.01.19 09:33:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
File not found (No name found) -- C:\PROGRAM FILES (X86)\ADOBE\ACROBAT 11.0\ACROBAT\BROWSER\WCFIREFOXEXTN
[2013.01.19 09:34:22 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.11.29 10:19:31 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.11.29 10:19:31 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.11.29 10:19:31 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.11.29 10:19:32 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.11.29 10:19:31 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.11.29 10:19:31 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2012.12.09 09:31:58 | 000,000,857 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\hosts
O1 - Hosts: 127.0.0.1                                activate.adobe.com
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKCU..\Run: [AdobeBridge]  File not found
O4 - HKCU..\Run: [lybyrxzc] C:\Users\***\Ypykfmcgavl\vlrprxzc.exe (LIGHTNING UK!)
O4 - HKCU..\Run: [Spotify] C:\Users\***\AppData\Roaming\Spotify\spotify.exe (Spotify Ltd)
O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\***\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: An vorhandene PDF-Datei anfügen - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html File not found
O8:64bit: - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html File not found
O8:64bit: - Extra context menu item: Linkziel in Adobe PDF konvertieren - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html File not found
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html File not found
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E00D5DEF-465C-4D4F-95ED-E351B7D71BAD}: DhcpNameServer = 192.168.2.1
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\NVIDIA~1\3DVISI~1\NVSTIN~1.DLL) - C:\PROGRA~2\NVIDIA~1\3DVISI~1\NVSTIN~1.DLL (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~2\NVIDIA~1\3DVISI~1\nvStInit.dll) - C:\PROGRA~2\NVIDIA~1\3DVISI~1\nvStInit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30 - LSA: Security Packages - (livessp) -  File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.01.31 12:08:18 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2013.01.31 07:21:17 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Bestelldaten Bestellung 31.01.2013
[2013.01.31 07:20:42 | 000,000,000 | ---D | C] -- C:\Users\***\Ypykfmcgavl
[2013.01.25 12:24:09 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\com.adobe.formscentral.FormsCentralForAcrobat
[2013.01.25 12:14:09 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe
[2013.01.25 10:41:10 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2013.01.25 10:41:10 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Adobe
[2013.01.25 10:40:37 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2013.01.25 09:16:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\My Company Name
[2013.01.19 09:33:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.01.13 16:27:54 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\gtk-2.0
[2013.01.13 16:21:02 | 000,000,000 | ---D | C] -- C:\Users\***\WorkAG
[2013.01.13 16:20:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TranscriberAG
[2013.01.12 10:24:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird
[2013.01.06 09:12:11 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Identities
[2013.01.06 09:10:57 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
[2013.01.04 14:12:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MP980 series Benutzerregistrierung
[2013.01.04 13:58:06 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonIJScan
[2013.01.04 13:57:44 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Canon
[2013.01.04 13:57:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CD-LabelPrint
[2013.01.04 13:57:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CD-LabelPrint
[2013.01.04 13:08:02 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonBJ
[2013.01.04 13:07:59 | 000,000,000 | -H-D | C] -- C:\Windows\SysNative\CanonIJ Uninstaller Information
[2013.01.04 13:07:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MP980 series
[2013.01.04 13:07:30 | 000,000,000 | -H-D | C] -- C:\Program Files\CanonBJ
[2013.01.04 12:32:56 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\CANON
[2013.01.04 12:32:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
[2013.01.04 12:32:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Canon
[2013.01.04 12:32:03 | 000,000,000 | ---D | C] -- C:\Program Files\Canon
 
========== Files - Modified Within 30 Days ==========
 
[2013.01.31 12:05:28 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2013.01.31 11:45:43 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable
[2013.01.31 11:45:09 | 001,745,416 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.01.31 11:45:09 | 000,751,892 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.01.31 11:45:09 | 000,710,046 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.01.31 11:45:09 | 000,155,620 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.01.31 11:45:09 | 000,132,416 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.01.31 11:43:11 | 000,050,477 | ---- | M] () -- C:\Users\***\Desktop\Defogger.exe
[2013.01.31 09:01:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.01.31 08:59:41 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2013.01.31 08:59:39 | 2576,482,303 | -HS- | M] () -- C:\hiberfil.sys
[2013.01.31 07:21:07 | 000,024,821 | ---- | M] () -- C:\Users\***\Desktop\Bestelldaten Bestellung 31.01.2013.zip
[2013.01.26 16:35:18 | 000,001,012 | ---- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013.01.26 16:16:19 | 454,467,227 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013.01.25 15:13:42 | 005,927,360 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.01.13 16:34:34 | 000,000,218 | ---- | M] () -- C:\Users\***\.recently-used.xbel
[2013.01.04 12:32:08 | 000,001,804 | ---- | M] () -- C:\Users\Public\Desktop\Canon My Printer.lnk
 
========== Files Created - No Company Name ==========
 
[2013.01.31 11:45:43 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable
[2013.01.31 11:44:27 | 000,050,477 | ---- | C] () -- C:\Users\***\Desktop\Defogger.exe
[2013.01.31 07:21:07 | 000,024,821 | ---- | C] () -- C:\Users\***\Desktop\Bestelldaten Bestellung 31.01.2013.zip
[2013.01.28 16:40:51 | 000,000,716 | ---- | C] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Update - Verknüpfung (2).lnk
[2013.01.26 16:35:18 | 000,001,012 | ---- | C] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013.01.25 09:16:46 | 000,001,097 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Widget Browser.lnk
[2013.01.25 09:13:41 | 000,000,997 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk
[2013.01.20 09:27:19 | 005,927,360 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.01.13 16:34:34 | 000,000,218 | ---- | C] () -- C:\Users\***\.recently-used.xbel
[2013.01.04 14:10:09 | 000,132,362 | ---- | C] () -- C:\Windows\SysNative\Cnmnput.chm
[2013.01.04 12:32:08 | 000,001,804 | ---- | C] () -- C:\Users\Public\Desktop\Canon My Printer.lnk
[2013.01.04 12:23:00 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2012.12.14 17:00:16 | 000,083,968 | ---- | C] () -- C:\Windows\SysWow64\OEMLicense.dll
[2012.12.08 22:37:16 | 000,000,310 | ---- | C] () -- C:\Windows\wininit.ini
[2012.07.26 09:13:10 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2012.07.26 09:13:09 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2012.07.26 08:21:26 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2012.07.26 02:17:42 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2012.07.25 21:37:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2012.07.25 21:28:31 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2012.06.02 15:31:19 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
 
========== ZeroAccess Check ==========
 
[2008.09.11 05:43:52 | 000,005,765 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-1629929417-1819531260-4265927573-1001\$R8V2GE1\de_DE\Configuration\Content\Reference\HTML\U.html
[2008.09.11 05:43:52 | 000,000,594 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-1629929417-1819531260-4265927573-1001\$R8V2GE1\de_DE\Configuration\Content\Reference\JavaScript\u.html
[2012.12.15 15:19:51 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.11.06 05:19:27 | 019,789,824 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.11.06 05:20:00 | 017,560,576 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012.07.26 04:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012.07.26 04:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012.07.26 04:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013.01.04 14:16:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Canon
[2013.01.25 10:41:10 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2013.01.25 12:24:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\com.adobe.formscentral.FormsCentralForAcrobat
[2013.01.31 09:00:51 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Dropbox
[2013.01.13 16:33:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\gtk-2.0
[2012.12.12 13:38:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\NexusFont
[2012.12.29 19:45:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\RavensburgerTipToi
[2012.12.16 09:24:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Spotify
[2013.01.25 10:40:37 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2012.12.14 21:08:44 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TeamViewer
[2012.12.08 17:34:19 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Thunderbird
 
========== Purity Check ==========
 
 

< End of report >

Code:
OTL Extras logfile created on: 31.01.2013 12:09:12 - Run 1
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\***\Desktop
64bit- An unknown product  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16453)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
8,00 Gb Total Physical Memory | 5,92 Gb Available Physical Memory | 74,06% Memory free
16,00 Gb Paging File | 13,94 Gb Available in Paging File | 87,15% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232,88 Gb Total Space | 185,32 Gb Free Space | 79,58% Space Free | Partition Type: NTFS
Drive K: | 232,88 Gb Total Space | 109,04 Gb Free Space | 46,82% Space Free | Partition Type: NTFS
 
Computer Name: AS | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = CE 37 E6 AF FF 6A CD 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{006432FB-9861-449E-AA05-0CC272C33414}" = lport=51001 | protocol=6 | dir=in | name=adobe version cue cs4 server |
"{2F3F4F97-D37F-4B66-A89F-4C465F8D21B3}" = lport=3703 | protocol=6 | dir=in | name=adobe version cue cs4 server |
"{7BD4C340-6774-417C-AD1F-9E0CC9C89E89}" = lport=51000 | protocol=6 | dir=in | name=adobe version cue cs4 server |
"{95D41892-724C-4F94-9BBB-1A15B81186EB}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 |
"{9D28983B-7017-43E6-A488-4C452D83F9E1}" = lport=3704 | protocol=6 | dir=in | name=adobe version cue cs4 server |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0A9483DB-BF09-4CAD-8AEB-4AA03026C05E}" = dir=out | name=@{microsoft.bingmaps_1.5.1.240_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} |
"{1117B0F2-D3A6-49B3-9566-86D203DDE5DF}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{157E9755-6279-4927-98FA-A67BEF7F6C3C}" = dir=out | name=taptiles |
"{2A1900FE-E3F3-44A1-8CFC-4175EAD22921}" = dir=out | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} |
"{2BF82E53-AB8C-4C78-B5C2-F3B0CB3480D0}" = dir=out | name=netzkino |
"{345AC0E9-DA94-4FE3-AB6F-20ADAC7D1E13}" = dir=out | name=@{microsoft.bing_1.5.1.259_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} |
"{45505919-A85C-45F2-90DE-175AF73DD8C8}" = dir=in | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} |
"{476B0848-907E-453B-BF92-803106FCEFE1}" = dir=out | name=mahjong deluxe free |
"{4FC1C214-70BB-4A80-B7FD-284FB38AC742}" = dir=out | name=@{microsoft.xboxlivegames_1.1.134.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} |
"{5ECF71FF-56A1-414E-AF97-FB131861B761}" = dir=out | name=microsoft solitaire collection |
"{74F832CE-CE39-4A61-BF1B-CE1A1770E884}" = dir=out | name=@{microsoft.zunemusic_1.1.144.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/33273} |
"{808F1451-4108-46FD-ADBB-F17324B5F0BD}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{81F2349B-EB53-4C65-A1B2-6E8D031B01E0}" = dir=out | name=@{microsoft.microsoftskydrive_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftskydrive/resources/shortproductname} |
"{9D86BF0C-DBE5-4A0D-9633-F67046956113}" = dir=out | name=@{microsoft.windowsphotos_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |
"{A096F972-F0F4-41DF-B18F-DC493B9F1FF7}" = protocol=6 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe |
"{AFE96DB4-19E6-4DEE-A74A-B537384AB521}" = dir=in | name=@{microsoft.windowsphotos_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |
"{B3F5080B-E4D1-4114-AACD-51ED951A1F9E}" = dir=out | name=@{microsoft.zunevideo_1.1.134.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/33270} |
"{B526611F-9A1F-43A3-912B-35557F8C3596}" = dir=in | name=@{microsoft.reader_6.2.9200.20523_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{B9F59201-82DB-431D-A467-911792130C91}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\adobe\adobe version cue cs4\server\bin\versioncuecs4.exe |
"{C08BCFC0-D9F4-433C-B067-B0221888E1C6}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{C0913514-9350-4971-86D5-72BB9A04CE23}" = dir=out | name=cookbook |
"{CF80EFBC-274B-4B04-9012-0F3617B28603}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\adobe\adobe version cue cs4\server\bin\versioncuecs4.exe |
"{D23C9B00-CBE0-4A74-B678-7854E5133C6F}" = dir=out | name=@{microsoft.bingweather_1.7.0.26_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} |
"{D8795ABB-D544-4533-A6D3-36D6936D8F73}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{DE660B68-3316-423D-B574-9C5BCBE8A439}" = dir=out | name=@{microsoft.reader_6.2.9200.20523_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{E46F59C2-6412-4A2D-8622-07F8256329FA}" = dir=out | name=microsoft minesweeper |
"{E7985E1D-C36F-4787-80A8-6350D07E9266}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{EA2FFE6D-0102-4EB6-B449-6667ADE96608}" = protocol=17 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{45E28B6B-E9D5-4938-8FCC-6ABB1248B652}C:\users\***\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{D8022F5C-6BC2-4424-A784-6551B7C8293F}C:\users\***\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\***\appdata\roaming\spotify\spotify.exe |
"UDP Query User{104478AC-169C-4B4A-8534-333FBC3A5E8B}C:\users\***\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\***\appdata\roaming\spotify\spotify.exe |
"UDP Query User{2EE06158-C077-4070-9EB9-36867987784A}C:\users\***\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP980_series" = Canon MP980 series MP Drivers
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{26A24AE4-039D-4CA4-87B4-2F86417010FF}" = Java 7 Update 10 (64-bit)
"{290329c4-a276-3aec-b633-9f5a39d8dd96}" = Python 3.3.0 (64-bit)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{185F9795-9663-4F13-9EF9-307A282ADB5A}" = ph
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2A075BB4-E976-4278-BF3F-E5C6945D84C0}" = bl
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.01) - Deutsch
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{AF37176A-78CA-545B-34EF-8B6A21514DD1}" = Adobe Help Manager
"{B05DE7B7-0B40-4411-BD4B-222CAE2D8F15}" = Adobe MotionPicture Color Files CS4
"{B15381DD-FF97-4FCD-A881-ED4DB0975500}" = Adobe Color Video Profiles AE CS4
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{C86E7C99-E4AD-79C7-375B-1AEF9A91EC2B}" = Acrobat.com
"{EFBE6DD5-B224-96E5-72B9-68D328CB12A6}" = Adobe Widget Browser
"{EFEDD205-43FE-4208-B682-0937E803E19E}_is1" = NexusFont 2.5 (ver 2.5.4.1400)
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"7-Zip" = 7-Zip 9.22beta
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Canon Easy-PhotoPrint Pro - PRO-1 series Extention Data" = Canon Easy-PhotoPrint Pro - PRO-1 series Extention Data
"Canon Easy-PhotoPrint Pro - Pro9000 series Extention Data" = Canon Easy-PhotoPrint Pro - Pro9000 series Extention Data
"Canon Easy-PhotoPrint Pro - Pro9500 series Extention Data" = Canon Easy-PhotoPrint Pro - Pro9500 series Extention Data
"Canon MP980 series Benutzerregistrierung" = Canon MP980 series Benutzerregistrierung
"CanonMyPrinter" = Canon My Printer
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Help Manager
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"com.adobe.WidgetBrowser" = Adobe Widget Browser
"Easy-PhotoPrint Pro" = Canon Easy-PhotoPrint Pro
"MediaNavigation.CDLabelPrint" = CD-LabelPrint
"Mozilla Firefox 18.0.1 (x86 de)" = Mozilla Firefox 18.0.1 (x86 de)
"Mozilla Thunderbird 17.0.2 (x86 de)" = Mozilla Thunderbird 17.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 2.0" = Canon MP Navigator EX 2.0
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Ravensburger tiptoi" = Ravensburger tiptoi
"VLC media player" = VLC media player 2.0.5
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Spotify" = Spotify
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 18.01.2013 07:01:44 | Computer Name = as | Source = Application Hang | ID = 1002
Description = Programm Illustrator.exe, Version 14.0.128.0 kann nicht mehr unter
 Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
 zu suchen.    Prozess-ID: 544    Startzeit: 01cdf56b0b0a0a3b    Endzeit: 31    Anwendungspfad:
C:\Program Files (x86)\Adobe\Adobe Illustrator CS4\Support Files\Contents\Windows\Illustrator.exe

Berichts-ID:
 6389c63e-615e-11e2-be8a-001a4d588d74    Vollständiger Name des fehlerhaften Pakets:
    Anwendungs-ID, die relativ zum fehlerhaften Paket ist: 
 
Error - 18.01.2013 07:03:57 | Computer Name = as | Source = Application Hang | ID = 1002
Description = Programm Illustrator.exe, Version 14.0.128.0 kann nicht mehr unter
 Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
 zu suchen.    Prozess-ID: 1ac    Startzeit: 01cdf56b361c2699    Endzeit: 25    Anwendungspfad:
C:\Program Files (x86)\Adobe\Adobe Illustrator CS4\Support Files\Contents\Windows\Illustrator.exe

Berichts-ID:
 baf3cf0c-615e-11e2-be8a-001a4d588d74    Vollständiger Name des fehlerhaften Pakets:
    Anwendungs-ID, die relativ zum fehlerhaften Paket ist: 
 
Error - 18.01.2013 07:38:44 | Computer Name = as | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Illustrator.exe, Version: 14.0.128.0,
 Zeitstempel: 0x48d39163  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0000c2a5  ID des fehlerhaften
 Prozesses: 0xd84  Startzeit der fehlerhaften Anwendung: 0x01cdf56e816b3624  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Adobe\Adobe Illustrator CS4\Support
 Files\Contents\Windows\Illustrator.exe  Pfad des fehlerhaften Moduls: unknown  Berichtskennung:
 9cb03814-6163-11e2-be8b-001a4d588d74  Vollständiger Name des fehlerhaften Pakets:
  Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
 
Error - 25.01.2013 07:10:27 | Computer Name = as | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: MsiExec.exe, Version: 5.0.9200.16384,
 Zeitstempel: 0x5010a60b  Name des fehlerhaften Moduls: MSIA132.tmp, Version: 11.0.0.0,
 Zeitstempel: 0x505fc5eb  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00005e9a  ID des fehlerhaften
 Prozesses: 0xcc4  Startzeit der fehlerhaften Anwendung: 0x01cdfaec943c512c  Pfad der
 fehlerhaften Anwendung: C:\Windows\syswow64\MsiExec.exe  Pfad des fehlerhaften Moduls:
 C:\Users\***\AppData\Local\Temp\MSIA132.tmp  Berichtskennung: d2696676-66df-11e2-be94-001a4d588d74
Vollständiger
 Name des fehlerhaften Pakets:  Anwendungs-ID, die relativ zum fehlerhaften Paket
 ist:
 
Error - 29.01.2013 03:17:29 | Computer Name = as | Source = Microsoft-Windows-Immersive-Shell | ID = 2486
Description = Die App „Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe!App“
 wurde nicht innerhalb der vorgesehenen Zeit gestartet.
 
Error - 29.01.2013 03:17:51 | Computer Name = as | Source = Application Hang | ID = 1002
Description = Programm Solitaire.exe, Version 1.0.0.0 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: d30    Startzeit:
01cdfdf0a983c7ed    Endzeit: 4294967295    Anwendungspfad: C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_1.3.0.21213_x86__8wekyb3d8bbwe\Solitaire.exe

Berichts-ID:
 f1879ea1-69e3-11e2-bea1-001a4d588d74    Vollständiger Name des fehlerhaften Pakets:
 Microsoft.MicrosoftSolitaireCollection_1.3.0.21213_x86__8wekyb3d8bbwe    Anwendungs-ID,
 die relativ zum fehlerhaften Paket ist: App 
 
Error - 29.01.2013 03:17:51 | Computer Name = as | Source = Microsoft-Windows-Immersive-Shell | ID = 5973
Description = Bei der Aktivierung der App „Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe!App“
 ist folgender Fehler aufgetreten: -2144927142. Weitere Informationen finden Sie
 im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
 
Error - 31.01.2013 02:21:09 | Computer Name = as | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: {ECF7-87F26C-87F66C}, Version: 0.0.0.0,
 Zeitstempel: 0x5107e555  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000096  Fehleroffset: 0x00187d94  ID des fehlerhaften
 Prozesses: 0xe40  Startzeit der fehlerhaften Anwendung: 0x01cdff7b283af30e  Pfad der
 fehlerhaften Anwendung: C:\Users\***\AppData\Local\Temp\{ECF7-87F26C-87F66C}
Pfad
 des fehlerhaften Moduls: unknown  Berichtskennung: 663d2f9b-6b6e-11e2-bea1-001a4d588d74
Vollständiger
 Name des fehlerhaften Pakets:  Anwendungs-ID, die relativ zum fehlerhaften Paket
 ist:
 
Error - 31.01.2013 02:21:09 | Computer Name = as | Source = Application Error | ID = 1005
Description = Aus einem der folgenden Gründe kann nicht auf die Datei "" zugegriffen
 werden:  Es besteht ein Problem mit der Netzwerkverbindung, dem Datenträger mit der
 gespeicherten Datei bzw. den auf dem Computer installierten  Speichertreibern, oder
 der Datenträger fehlt.  Das Programm {ECF7-87F26C-87F66C} wurde wegen dieses Fehlers
 geschlossen.    Programm: {ECF7-87F26C-87F66C}  Datei:    Der Fehlerwert ist im Abschnitt
 "Zusätzliche Dateien" aufgelistet.  Benutzeraktion  1. Öffnen Sie die Datei erneut.
Diese
 Situation ist eventuell ein temporäres Problem, das selbstständig behoben wird,
 wenn das Programm erneut ausgeführt wird.  2.  Wenn Sie weiterhin nicht auf die Datei
 zugreifen können und  - diese sich im Netzwerk befindet,  dann sollte der Netzwerkadministrator
 überprüfen, dass kein Netzwerkproblem besteht und dass eine Verbindung mit dem
Server hergestellt werden kann.  - diese sich auf einem Wechseldatenträger, wie z.
 B. einer Diskette oder einer CD, befindet, überprüfen Sie, ob der Datenträger richtig
 in den Computer eingelegt ist.  3. Überprüfen und reparieren Sie das Dateisystem,
 indem Sie CHKDSK ausführen. Klicken Sie dazu im Menü "Start" auf "Ausführen", geben
 Sie CMD ein, und klicken Sie auf "OK". Geben Sie an der Eingabeaufforderung CHKDSK
 /F ein, und drücken Sie die EINGABETASTE.  4. Stellen Sie die Datei von einer Sicherungskopie
 wieder her, wenn das Problem weiterhin besteht.  5. Überprüfen Sie, ob andere Dateien
 auf demselben Datenträger geöffnet werden können. Falls dies nicht möglich ist,
 ist der Datenträger eventuell beschädigt.  Wenden Sie sich an den Administrator
oder den Hersteller der Computerhardware, um weitere Unterstützung zu erhalten,
wenn es sich um eine Festplatte handelt.    Zusätzliche Daten  Fehlerwert: 00000000  Datenträgertyp:
 0
 
Error - 31.01.2013 02:41:25 | Computer Name = as | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: {173B5-87F26C-87F66C}, Version: 5.1.2600.5512,
 Zeitstempel: 0x50f83178  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.2.9200.16420,
 Zeitstempel: 0x505aaa82  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000410fe  ID des fehlerhaften
 Prozesses: 0xcb0  Startzeit der fehlerhaften Anwendung: 0x01cdff7dfd831ae5  Pfad der
 fehlerhaften Anwendung: C:\Users\***\AppData\Local\Temp\{173B5-87F26C-87F66C}
Pfad
 des fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll  Berichtskennung: 3b7e3359-6b71-11e2-bea1-001a4d588d74
Vollständiger
 Name des fehlerhaften Pakets:  Anwendungs-ID, die relativ zum fehlerhaften Paket
 ist:
 
[ System Events ]
Error - 28.01.2013 11:32:45 | Computer Name = as | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?28.?01.?2013 um 15:32:52 unerwartet heruntergefahren.
 
Error - 28.01.2013 11:33:00 | Computer Name = as | Source = Win32k | ID = 253
Description =
 
Error - 28.01.2013 11:38:01 | Computer Name = as | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?28.?01.?2013 um 16:32:45 unerwartet heruntergefahren.
 
Error - 28.01.2013 11:37:57 | Computer Name = as | Source = Win32k | ID = 253
Description =
 
Error - 28.01.2013 16:11:29 | Computer Name = as | Source = Win32k | ID = 253
Description =
 
Error - 29.01.2013 03:16:21 | Computer Name = as | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?28.?01.?2013 um 20:52:18 unerwartet heruntergefahren.
 
Error - 29.01.2013 03:16:18 | Computer Name = as | Source = Win32k | ID = 253
Description =
 
Error - 29.01.2013 16:56:56 | Computer Name = as | Source = Win32k | ID = 253
Description =
 
Error - 31.01.2013 03:59:48 | Computer Name = as | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?31.?01.?2013 um 08:36:26 unerwartet heruntergefahren.
 
Error - 31.01.2013 03:59:45 | Computer Name = as | Source = Win32k | ID = 253
Description =
 
 
< End of report >

in der hoffnung, dass ihr mir helfen könnt...
viele grüße
ad3001

markusg 31.01.2013 15:21
hi
du wirst wohl mit Datenverlust rechnen müssen
*** mit nutzernamen ersetzen

dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user.
wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts.


• Starte bitte die OTL.exe
• Kopiere nun das Folgende in die Textbox.



Code:
:OTL
O4 - HKCU..\Run: [lybyrxzc] C:\Users\***\Ypykfmcgavl\vlrprxzc.exe (LIGHTNING UK!)
 :Files
:Commands
[EMPTYFLASH]
[emptytemp]


• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Fix Button.
• OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren.
starte in den normalen modus.

ad3001 31.01.2013 15:53
hallo markusg,

erstmal das hier

Code:
All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\lybyrxzc deleted successfully.
File C:\Users\***\Ypykfmcgavl\vlrprxzc.exe not found.
========== COMMANDS ==========
 
[EMPTYFLASH]
 
User: All Users
 
User: ***
->Flash cache emptied: 62243 bytes
 
User: Default
->Flash cache emptied: 56475 bytes
 
User: Default User
->Flash cache emptied: 0 bytes
 
User: Public
 
User: UpdatusUser
 
Total Flash Files Cleaned = 0,00 mb
 
 
[EMPTYTEMP]
 
User: All Users
 
User: ***
->Temp folder emptied: 965579218 bytes
->Temporary Internet Files folder emptied: 48472666 bytes
->FireFox cache emptied: 25941124 bytes
->Flash cache emptied: 0 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 34988270 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 1.025,00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 01312013_154335

Files\Folders moved on Reboot...
C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

und dann meine frage, wenn ich sowieso mit datenverlust rechnen muss, ist es nicht fast besser die festplatte zu formatieren und alles neu aufzuspielen? meine wichtigsten daten sind gesichert auf externer festplatte, die auch beim "einfangen" des trojaners nicht angeschlossen war...?

und kann ich jetzt den zip ordner, der den trojaner enthält löschen?

gruß
ad3001

hallo,

ich hab meinen fehler bemerkt und hoffe, dass es nicht noch mehr probleme macht, dass ich *** beim ersten durchlauf nicht ersetzt habe durch meinen username...
jetzt nach dem durchgang mit meinem username, erscheint dies:

Code:
All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\lybyrxzc not found.
C:\Users\***\Ypykfmcgavl\vlrprxzc.exe moved successfully.
========== COMMANDS ==========
 
[EMPTYFLASH]
 
User: All Users
 
User: ***
->Flash cache emptied: 0 bytes
 
User: Default
->Flash cache emptied: 0 bytes
 
User: Default User
->Flash cache emptied: 0 bytes
 
User: Public
 
User: UpdatusUser
 
Total Flash Files Cleaned = 0,00 mb
 
 
[EMPTYTEMP]
 
User: All Users
 
User: ***
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 128 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 0,00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 01312013_163655

Files\Folders moved on Reboot...
C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
gruß
ad3001

markusg 31.01.2013 18:33
hi
willst du keine Daten retten?
formatieren können wir danach.
http://www.trojaner-board.de/115551-...e-version.html
beginnend mit Shadow Explorer bitte.

ad3001 31.01.2013 20:23
hallo erneut,

soweit ich das bisher überblicke sind alle meine daten in ordnung, bilder und sämtliche andere dateien sind nicht (bisher nicht?) umbenannt worden, ich bin seit dem "Befall" aber auch nicht mehr mit dem betroffenen computer im internet gewesen. können die dateien irgendwie "versteckt" geschädigt sein?

gruß
ad3001

markusg 04.02.2013 13:30
hi
du kannst ja auf Nummer sicher gehen, daten retten formatieren und absichern.
1. Datenrettung:2. Formatieren, Windows neu instalieren:3. PC absichern: http://www.trojaner-board.de/96344-a...-rechners.html
ich werde außerdem noch weitere punkte dazu posten.
4. alle Passwörter ändern!
5. nach PC Absicherung, die gesicherten Daten prüfen und falls sauber: zurückspielen.
6. werde ich dann noch was zum absichern von Onlinebanking mit Chip Card Reader + Star Money sagen.


Alle Zeitangaben in WEZ +1. Es ist jetzt 00:27 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19