| ballaballa15 | 18.05.2013 18:44 |
Gamarue.I gefunden, Explorer extrem langsam, startet manchmal gar nicht
Hallo zusammen,
ich habe schon seit längerem die Vermutung, dass ich mir einen Virus o. Ä. eingefangen
habe. Insbesondere der Explorer und der IExplorer (aber auch andere Programme) starten
extrem langsam oder auch gar nicht. Ich sehe die Prozesse dann zwar in der Prozessliste,
aber ein GUI taucht nicht auf. Ich habe vor einiger Zeit schon einmal Malwarebytes' Anti-
Malware und OTL laufen lassen, jedoch ohne Fund.
Gestern hat dann die Windows-eigene Suche den Fund von Gamarue.I gemeldet. Ich habe
mir die Zusatzinformationen dazu angesehen, aber weder den beschriebenen Eintrag in der
Registry noch eine exe in %temp% gefunden. Danach habe ich mich dann auf die Suche
im Netz begeben und hier einen Thread gefunden, der diesen Virus behandelt hat. Daraufhin
habe ich wie in dem Thread beschrieben mbar laufen lassen, was verschiedene Viren im
Mülleimer gefunden hat. Diese habe ich löschen lassen. Da ich aber sicher sein muss, dass
mein Rechner viren- und trojanerfrei ist, habe ich mich hier angemeldet und die in "Für alle
Hilfesuchenden" beschriebenen Schritte durchgeführt. Hier die Schritte und die dabei
aufgetretenen Probleme
1. defogger: keine Funde, keine Probleme
2. OTL: Es wurde nur die Datei OTL.txt erzeugt, keine Extra.txt.
3. Gmer: ich nutze Avira Antivir. Da sich der Scanner nicht abschalten ließ (und ich vorher
schon öfter solche Probleme hatte), habe ich Antivir kurzerhand deinstalliert und den
Scan nach dem Neustart durchgeführt. Beim Scan kam die folgende Meldung zweimal:
"C:\Windows\system32\config\software: Der Prozess kann nicht auf die Datei zugreifen,
da sie von einem anderen Prozess verwendet wird."
Hier nun das OTL.txt file. Das gmer.txt ist zu lang, darum hänge ich es als Datei an.
gmer.txt: Code:
OTL logfile created on: 18.05.2013 18:11:32 - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Desktop\virus-trojaner
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,18 Gb Total Physical Memory | 1,76 Gb Available Physical Memory | 55,38% Memory free
6,35 Gb Paging File | 4,50 Gb Available in Paging File | 70,83% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 213,35 Gb Total Space | 97,41 Gb Free Space | 45,66% Space Free | Partition Type: NTFS
Drive D: | 465,76 Gb Total Space | 41,37 Gb Free Space | 8,88% Space Free | Partition Type: NTFS
Drive E: | 19,53 Gb Total Space | 3,29 Gb Free Space | 16,84% Space Free | Partition Type: NTFS
Computer Name: ELLI | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\***\Desktop\virus-trojaner\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Adobe\Acrobat 10.0\Acrobat\acrotray.exe (Adobe Systems Inc.)
PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\TeamViewer\Version8\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
PRC - C:\Programme\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation)
PRC - C:\Programme\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation)
PRC - C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Programme\Sandboxie\SbieSvc.exe (SANDBOXIE L.T.D)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Programme\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
PRC - C:\Programme\Common Files\Logishrd\KHAL3\KHALMNPR.exe (Logitech, Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\FreePDF_XP\fpassist.exe (shbox.de)
PRC - C:\Programme\Realtek\Audio\HDA\RtHDVBg.exe (Realtek Semiconductor)
PRC - C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Programme\ThreatFire\TFTray.exe (PC Tools)
PRC - C:\Programme\ThreatFire\TFService.exe (PC Tools)
PRC - C:\Windows\System32\lxbkcoms.exe ( )
========== Modules (No Company Name) ==========
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.CSharp\0666fcb78e409ffc35556c6c659786e8\Microsoft.CSharp.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Dynamic\b41a70bb1c545fb8c23b7d36c9461ab4\System.Dynamic.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\2f9e0112e10f9e70d3430d0be9863976\System.Core.ni.dll ()
MOD - C:\Programme\Adobe\Acrobat 10.0\Acrobat\Locale\de_DE\AcroTray.DEU ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\f7cb3ae5de64f8cbde3ccc57c780743a\IAStorUtil.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\d908c91e24616e6b8d38c9da61038b25\Accessibility.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\15872842e3e63ddf0f720f406706198e\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3f95a6d480ed1ebe45cf27b770ba94ed\mscorlib.ni.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\WindowsBase\3.0.0.0__31bf3856ad364e35\WindowsBase.dll ()
MOD - C:\Programme\Logitech\SetPointP\Macros\MacroCore.dll ()
MOD - C:\Windows\System32\IccLibDll.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll ()
MOD - C:\Programme\Unlocker\UnlockerCOM.dll ()
MOD - C:\Programme\WinRar\wrar393d\RarExt.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll ()
MOD - C:\Programme\Filzip\fzshext.dll ()
MOD - C:\Programme\WS_FTP Pro\wshosts.dll ()
MOD - C:\Programme\WS_FTP Pro\sslsvc.dll ()
MOD - C:\Programme\WS_FTP Pro\nsftpch.dll ()
========== Services (SafeList) ==========
SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (TeamViewer8) -- C:\Programme\TeamViewer\Version8\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (nvUpdatusService) -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (SbieSvc) -- C:\Programme\Sandboxie\SbieSvc.exe (SANDBOXIE L.T.D)
SRV - (LBTServ) -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (afcdpsrv) -- C:\Programme\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis)
SRV - (SQLWriter) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
SRV - (MSSQL$SQLEXPRESS) -- C:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (SQLBrowser) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
SRV - (MSSQLServerADHelper) -- C:\Programme\Microsoft SQL Server\90\Shared\sqladhlp90.exe (Microsoft Corporation)
SRV - (ServiceLayer) -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (AcrSch2Svc) -- C:\Programme\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)
SRV - (IAStorDataMgrSvc) -- C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (SwitchBoard) -- C:\Programme\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (ThreatFire) -- C:\Program Files\ThreatFire\TFService.exe (PC Tools)
SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (lxbk_device) -- C:\Windows\System32\lxbkcoms.exe ( )
SRV - (msvsmon90) -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe (Microsoft Corporation)
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (x10nets) -- C:\Programme\Common Files\X10\Common\X10nets.exe (X10)
========== Driver Services (SafeList) ==========
DRV - (zghsmdm) -- system32\DRIVERS\zghsmdm.sys File not found
DRV - (ncplelhp) -- system32\DRIVERS\ncplelhp.sys File not found
DRV - (massfilter_hs) -- system32\drivers\massfilter_hs.sys File not found
DRV - (huawei_enumerator) -- system32\DRIVERS\ew_jubusenum.sys File not found
DRV - (gtstusbser) -- system32\DRIVERS\gtstusbser.sys File not found
DRV - (aswMBR) -- C:\Users\***\AppData\Local\Temp\aswMBR.sys File not found
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (nvpciflt) -- C:\Windows\System32\drivers\nvpciflt.sys (NVIDIA Corporation)
DRV - (SbieDrv) -- C:\Programme\Sandboxie\SbieDrv.sys (SANDBOXIE L.T.D)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (ghsdiagMDM) -- C:\Windows\System32\drivers\ghsdiagMDM.sys (HS Incorporated)
DRV - (pneteth) -- C:\Windows\System32\drivers\pneteth.sys (June Fabrics Technology Inc.)
DRV - (LMouFilt) -- C:\Windows\System32\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV - (LUsbFilt) -- C:\Windows\System32\drivers\LUsbFilt.sys (Logitech, Inc.)
DRV - (LHidFilt) -- C:\Windows\System32\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV - (LTXMD_VAC) -- C:\Windows\System32\drivers\lmvac.sys (Windows (R) Win 7 DDK provider)
DRV - (VSPerfDrv100) -- C:\Programme\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\VSPerfDrv100.sys (Microsoft Corporation)
DRV - (afcdp) -- C:\Windows\System32\drivers\afcdp.sys (Acronis)
DRV - (tdrpman273) -- C:\Windows\System32\drivers\tdrpm273.sys (Acronis)
DRV - (timounter) -- C:\Windows\System32\drivers\timntr.sys (Acronis)
DRV - (snapman) -- C:\Windows\System32\drivers\snapman.sys (Acronis)
DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (sscdmdm) -- C:\Windows\System32\drivers\sscdmdm.sys (MCCI Corporation)
DRV - (sscdbus) -- C:\Windows\System32\drivers\sscdbus.sys (MCCI Corporation)
DRV - (sscdmdfl) -- C:\Windows\System32\drivers\sscdmdfl.sys (MCCI Corporation)
DRV - (ssadmdm) -- C:\Windows\System32\drivers\ssadmdm.sys (MCCI Corporation)
DRV - (ssadserd) -- C:\Windows\System32\drivers\ssadserd.sys (MCCI Corporation)
DRV - (ssadbus) -- C:\Windows\System32\drivers\ssadbus.sys (MCCI Corporation)
DRV - (ssadmdfl) -- C:\Windows\System32\drivers\ssadmdfl.sys (MCCI Corporation)
DRV - (epmntdrv) -- C:\Windows\System32\epmntdrv.sys ()
DRV - (EuGdiDrv) -- C:\Windows\System32\EuGdiDrv.sys ()
DRV - (UnlockerDriver5) -- C:\Programme\Unlocker\UnlockerDriver5.sys ()
DRV - (hotcore3) -- C:\Windows\System32\drivers\hotcore3.sys (Paragon Software Group)
DRV - (IntcDAud) -- C:\Windows\System32\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV - (RSUSBSTOR) -- C:\Windows\System32\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV - (Impcd) -- C:\Windows\System32\drivers\Impcd.sys (Intel Corporation)
DRV - (androidusb) -- C:\Windows\System32\drivers\androidusb.sys (Google Inc)
DRV - (rtl8192se) -- C:\Windows\System32\drivers\rtl8192se.sys (Realtek Semiconductor Corporation )
DRV - (TfSysMon) -- C:\Windows\System32\drivers\TfSysMon.sys (PC Tools)
DRV - (TfFsMon) -- C:\Windows\System32\drivers\TfFsMon.sys (PC Tools)
DRV - (TfNetMon) -- C:\Windows\System32\drivers\TfNetMon.sys (PC Tools)
DRV - (HECI) -- C:\Windows\System32\drivers\HECI.sys (Intel Corporation)
DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
DRV - (L1C) -- C:\Windows\System32\drivers\L1C62x86.sys (Atheros Communications, Inc.)
DRV - (mcdbus) -- C:\Windows\System32\drivers\mcdbus.sys (MagicISO, Inc.)
DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia)
DRV - (fxusbase) -- C:\Windows\System32\drivers\fxusbase.sys (AVM Berlin)
DRV - (AVMCOWAN) -- C:\Windows\System32\drivers\avmcowan.sys (AVM GmbH)
DRV - (Tosrfusb) -- C:\Windows\System32\drivers\tosrfusb.sys (TOSHIBA CORPORATION)
DRV - (Tosrfcom) -- C:\Windows\System32\drivers\tosrfcom.sys (TOSHIBA Corporation)
DRV - (tosrfbd) -- C:\Windows\System32\drivers\tosrfbd.sys (TOSHIBA CORPORATION)
DRV - (Tosrfhid) -- C:\Windows\System32\drivers\Tosrfhid.sys (TOSHIBA Corporation.)
DRV - (TosRfSnd) -- C:\Windows\System32\drivers\TosRfSnd.sys (TOSHIBA Corporation)
DRV - (XUIF) -- C:\Windows\System32\drivers\x10ufx2.sys (X10 Wireless Technology, Inc.)
DRV - (tosrfbnp) -- C:\Windows\System32\drivers\tosrfbnp.sys (TOSHIBA Corporation)
DRV - (tosporte) -- C:\Windows\System32\drivers\tosporte.sys (TOSHIBA Corporation)
DRV - (tosrfnds) -- C:\Windows\System32\drivers\tosrfnds.sys (TOSHIBA Corporation.)
DRV - (LMouFlt2) -- C:\Windows\System32\drivers\lmouflt2.sys (Logitech, Inc.)
DRV - (LHidFlt2) -- C:\Windows\System32\drivers\LHIDFLT2.SYS (Logitech, Inc.)
DRV - (ElbyCDFL) -- C:\Windows\System32\drivers\ElbyCDFL.sys (Elaborate Bytes AG)
DRV - (X10UIF) -- C:\Windows\System32\drivers\x10uif.sys (X10 Wireless Technology, Inc.)
DRV - (SBKUPNT) -- C:\Windows\System32\drivers\SBKUPNT.SYS ()
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = DE D0 11 7C 17 89 CB 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {13DD7DCF-D06B-499D-A950-1A7EC7C4CFC1}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKCU\..\SearchScopes\{11AB3833-F360-473B-A857-6D1A9774F867}: "URL" = hxxp://go.web.de/tb/ie_searchplugin/?su={searchTerms}
IE - HKCU\..\SearchScopes\{13DD7DCF-D06B-499D-A950-1A7EC7C4CFC1}: "URL" = hxxp://www.google.de/search?q={searchTerms}&rlz=
IE - HKCU\..\SearchScopes\{5D3A767A-5CBB-4602-9C09-E865141272C2}: "URL" = hxxp://go.1und1.de/tb/ie_searchplugin/?su={searchTerms}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{86F56D31-551E-46E1-B1BE-264FD65693E4}: "URL" = hxxp://go.gmx.net/tb/ie_searchplugin/?su={searchTerms}
IE - HKCU\..\SearchScopes\{B5F0A817-9D9E-476C-943E-A19A39AA993A}: "URL" = hxxp://search.gmx.com/web?q={searchTerms}&origin=tb_splugin_ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.startup.homepage: "about:Tabs"
FF - prefs.js..extensions.enabledAddons: groovesharkUnlocker%40overlord1337:1.3.4
FF - prefs.js..extensions.enabledAddons: gwt-dev-plugin%40google.com:1.20
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_171.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@doubletwist.com/NPPodcast: C:\Program Files\Common Files\doubleTwist\NPPodcast.dll File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\***\AppData\Local\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\***\AppData\Local\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2013.05.17 18:08:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: C:\Program Files\Adobe\Adobe Contribute CS5.1\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2013.01.13 21:41:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.04.30 01:14:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.4\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013.03.27 00:36:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.4\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.4\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013.03.27 00:36:11 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.4\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
[2012.05.21 21:03:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2013.04.21 12:38:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\ahhnnaqp.default\extensions
[2013.04.21 12:38:45 | 000,000,000 | ---D | M] (Google Web Toolkit Developer Plugin for Firefox) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\ahhnnaqp.default\extensions\gwt-dev-plugin@google.com
[2013.04.21 12:38:45 | 000,050,424 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\ahhnnaqp.default\extensions\groovesharkUnlocker@overlord1337.xpi
[2013.03.08 19:34:45 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2013.04.30 01:14:21 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2013.02.28 19:31:04 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013.02.28 19:31:04 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2013.02.28 19:31:04 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2013.02.28 19:31:04 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2013.02.28 19:31:04 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2013.02.28 19:31:04 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2011.08.27 10:10:21 | 000,001,384 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip4.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe.activate.com
O1 - Hosts: 127.0.0.1 adobeereg.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip4.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Programme\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll File not found
O2 - BHO: (WsftpBrowserHelper Class) - {601ED020-FB6C-11D3-87D8-0050DA59922B} - C:\Programme\WS_FTP Pro\wsbho2k0.dll (Ipswitch, Inc. 81 Hartwell Ave. Lexington, MA)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Programme\Free Download Manager\iefdmcks.dll ()
O2 - BHO: (Microsoft-Webtestaufzeichnung 10.0-Hilfsprogramm) - {DDA57003-0068-4ed2-9D32-4D1EC707D94D} - c:\Programme\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll (Microsoft Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll File not found
O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Programme\Orbitdownloader\GrabPro.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Programme\Orbitdownloader\GrabPro.dll ()
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4 - HKLM..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [IAStorIcon] C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SwitchBoard] C:\Programme\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ThreatFire] C:\Programme\ThreatFire\TFTray.exe (PC Tools)
O4 - HKCU..\Run: [SandboxieControl] C:\Program Files\Sandboxie\SbieCtrl.exe (SANDBOXIE L.T.D)
O4 - HKLM..\RunOnce: [Z1] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00 [binary data]
O8 - Extra context menu item: &Download by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Download all with Free Download Manager - C:\Program Files\Free Download Manager\dlall.htm ()
O8 - Extra context menu item: Download selected with Free Download Manager - C:\Program Files\Free Download Manager\dlselected.htm ()
O8 - Extra context menu item: Download with Free Download Manager - C:\Program Files\Free Download Manager\dllink.htm ()
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Mit FRITZ!Box Anrufen - Reg Error: Value error. File not found
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: elsteronline.de ([www] https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.69.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{68C9D953-1D4D-4A2B-9878-04A336D537EB}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{907F94BB-C780-4C92-A932-84C76D63EFDA}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A41036A5-4F13-4DC5-BCE3-EFB0C2422B3B}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AC5AD5F2-187D-470D-AE01-C40EB86FE059}: DhcpNameServer = 192.168.69.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D65918CC-34CD-46A8-BF0C-7EC6801735AD}: DhcpNameServer = 192.168.69.1
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{9bbe848b-c61c-11e1-94b9-404e57434401}\Shell - "" = AutoRun
O33 - MountPoints2\{9bbe848b-c61c-11e1-94b9-404e57434401}\Shell\AutoRun\command - "" = G:\QsSetup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2013.05.18 17:32:52 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\virus-trojaner
[2013.05.17 22:58:39 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\mbar
[2013.05.11 23:05:34 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Cura 13.04
[2013.05.11 23:04:55 | 000,000,000 | ---D | C] -- C:\Program Files\Cura_13.04
[2013.05.11 20:31:10 | 000,000,000 | ---D | C] -- C:\Program Files\openscad-2013.01
[2013.05.09 01:30:28 | 000,066,656 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avnetflt.sys
[2013.04.20 17:18:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apache HTTP Server 2.2
[2013.04.20 17:18:15 | 000,000,000 | ---D | C] -- C:\Apache2.2
[2013.04.20 16:54:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ActivePerl 5.16.3 Build 1603
[2013.04.20 16:52:46 | 000,000,000 | ---D | C] -- C:\Perl
[2012.01.24 00:18:27 | 000,196,608 | ---- | C] (Ingenieurbüro ***) -- C:\Program Files\Web.de EmailChecker.exe
[2011.08.27 10:56:43 | 000,810,952 | ---- | C] (Charles DeWeese) -- C:\Program Files\FlashSfv.exe
[2011.02.14 23:42:19 | 000,036,864 | ---- | C] (Ingenieurbüro ***) -- C:\Program Files\SmartRename.exe
[2011.02.06 01:56:40 | 000,056,832 | ---- | C] (Ingenieurbüro ***) -- C:\Program Files\Backup.exe
[2010.11.23 23:29:53 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\***\AppData\Roaming\pcouffin.sys
[4 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2013.05.18 17:39:40 | 000,002,220 | ---- | M] () -- C:\Windows\Sandboxie.ini
[2013.05.18 17:35:56 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable
[2013.05.18 17:30:56 | 000,001,090 | ---- | M] () -- C:\Windows\wiso.ini
[2013.05.18 17:30:43 | 000,002,083 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WISO Mein Steuer-Sparbuch heute.lnk
[2013.05.18 17:21:17 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.05.18 13:50:56 | 000,000,600 | ---- | M] () -- C:\Users\***\AppData\Local\PUTTY.RND
[2013.05.18 12:20:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.05.17 22:53:08 | 000,018,624 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.05.17 22:53:08 | 000,018,624 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.05.17 22:45:11 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.05.17 22:43:32 | 003,660,464 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.05.17 22:41:43 | 2559,467,520 | -HS- | M] () -- C:\hiberfil.sys
[2013.05.17 14:38:56 | 000,000,118 | ---- | M] () -- C:\Windows\System32\MRT.INI
[2013.05.12 11:35:37 | 000,998,808 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.05.12 11:35:37 | 000,247,572 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.05.11 23:00:36 | 000,033,543 | ---- | M] () -- C:\Users\***\_viminfo
[2013.05.09 01:30:00 | 000,066,656 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avnetflt.sys
[2013.05.02 07:34:17 | 000,144,102 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.05.02 07:34:17 | 000,004,462 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[4 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
========== Files Created - No Company Name ==========
[2013.05.18 17:35:56 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable
[2013.05.18 17:30:43 | 000,002,083 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WISO Mein Steuer-Sparbuch heute.lnk
[2013.05.17 14:38:56 | 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2013.05.13 00:15:23 | 000,001,142 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 8.lnk
[2013.05.11 20:31:53 | 000,001,486 | ---- | C] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Openscad.lnk
[2013.04.20 17:21:53 | 000,001,047 | ---- | C] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Apache Server httpd.lnk
[2013.04.08 22:51:20 | 000,004,096 | -H-- | C] () -- C:\Users\***\AppData\Local\keyfile3.drm
[2013.02.25 17:29:50 | 000,034,813 | ---- | C] () -- C:\Users\***\logo.jpg
[2013.01.08 18:53:37 | 000,119,000 | ---- | C] () -- C:\Users\***\AGBs.pdf
[2013.01.04 00:17:56 | 000,000,600 | ---- | C] () -- C:\Users\***\AppData\Local\PUTTY.RND
[2012.12.31 18:56:21 | 000,018,392 | ---- | C] () -- C:\Users\***\AppData\Roaming\UserTile.png
[2012.12.19 23:01:00 | 000,000,363 | ---- | C] () -- C:\Users\***\AppData\Roaming\Solve Elec 2.5 Prefs
[2012.12.01 03:49:00 | 000,000,600 | ---- | C] () -- C:\Users\***\AppData\Roaming\winscp.rnd
[2012.12.01 01:33:32 | 000,053,248 | ---- | C] () -- C:\Program Files\MD5 SHA-1 SHA1 Checksum Utility.exe
[2012.08.23 00:38:57 | 000,000,041 | ---- | C] () -- C:\Windows\Filzip.ini
[2012.08.14 02:40:31 | 000,000,051 | ---- | C] () -- C:\ProgramData\qltkbwxxljuvzhe
[2012.07.05 00:03:36 | 000,000,962 | ---- | C] () -- C:\Windows\Mobile Partner Manager.INI
[2012.05.30 23:03:07 | 000,065,536 | ---- | C] () -- C:\Windows\System32\Encrypt.dll
[2012.05.30 23:03:07 | 000,000,112 | ---- | C] () -- C:\Windows\System32\BASE_Lutea_Froyo_Upgrade_Tool_V1.2.ini
[2012.05.30 23:02:08 | 000,000,022 | ---- | C] () -- C:\Windows\sysdt.dll
[2012.01.24 00:17:04 | 000,139,264 | ---- | C] ( ) -- C:\Program Files\Interop.SHDocVw.dll
[2012.01.24 00:17:04 | 000,024,576 | ---- | C] () -- C:\Program Files\ExceptionLogger.dll
[2012.01.24 00:17:03 | 008,007,680 | ---- | C] ( ) -- C:\Program Files\Microsoft.mshtml.dll
[2012.01.22 00:21:31 | 000,101,716 | ---- | C] () -- C:\Program Files\md5.exe
[2012.01.10 23:17:08 | 000,128,204 | ---- | C] () -- C:\Windows\System32\igcompkrng575.bin
[2012.01.10 23:17:04 | 000,105,608 | ---- | C] () -- C:\Windows\System32\igfcg575m.bin
[2012.01.10 23:17:02 | 000,867,020 | ---- | C] () -- C:\Windows\System32\igkrng575.bin
[2012.01.10 22:29:54 | 013,904,384 | ---- | C] () -- C:\Windows\System32\ig4icd32.dll
[2012.01.10 22:14:34 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2011.12.06 03:31:44 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2011.09.08 23:24:22 | 002,681,344 | ---- | C] () -- C:\Windows\System32\dvmsg.dll
[2011.09.02 00:20:11 | 000,000,132 | ---- | C] () -- C:\Users\***\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2011.08.15 22:51:14 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2011.08.09 23:19:32 | 000,127,184 | ---- | C] () -- C:\Windows\Unwise.exe
[2011.06.30 14:16:17 | 000,002,422 | ---- | C] () -- C:\Users\***\.recently-used.xbel
[2011.06.29 23:52:33 | 000,151,040 | ---- | C] () -- C:\Program Files\hexedit.exe
[2011.06.18 10:21:16 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011.04.17 14:02:36 | 000,000,008 | RHS- | C] () -- C:\Users\***\ntuser.pol
[2011.03.13 16:13:15 | 000,000,012 | ---- | C] () -- C:\Program Files\Graphiktreiber wiederherstellen.bat
[2011.02.14 23:42:19 | 000,013,182 | ---- | C] () -- C:\Program Files\SmartRename Help.chm
[2011.02.03 23:52:25 | 000,000,127 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2011.01.30 11:14:15 | 000,000,017 | ---- | C] () -- C:\Users\***\AppData\Local\resmon.resmoncfg
[2011.01.22 22:08:58 | 000,081,555 | ---- | C] () -- C:\Program Files\Graphiktreiber wiederherstellen.exe
[2011.01.15 01:31:30 | 000,038,415 | ---- | C] () -- C:\Users\***\AppData\Roaming\Microsoft Excel.ADR
[2011.01.15 01:25:11 | 000,038,430 | ---- | C] () -- C:\Users\***\AppData\Roaming\Tabulatorgetrennte Werte (DOS).ADR
[2010.12.19 15:21:38 | 000,005,896 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010.11.23 23:29:53 | 000,007,887 | ---- | C] () -- C:\Users\***\AppData\Roaming\pcouffin.cat
[2010.11.23 23:29:53 | 000,001,144 | ---- | C] () -- C:\Users\***\AppData\Roaming\pcouffin.inf
[2010.11.21 16:42:17 | 000,033,543 | ---- | C] () -- C:\Users\***\_viminfo
[2009.07.13 22:41:01 | 000,001,331 | ---- | C] () -- C:\Program Files\URL Decoder - Encoder.html
========== ZeroAccess Check ==========
[2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
[2010.12.24 00:21:26 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Acronis
[2011.04.27 19:53:19 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Auslogics
[2011.08.15 23:19:18 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\avidemux
[2011.01.29 14:10:39 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Buhl Data Service
[2011.08.27 12:51:52 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\com.adobe.dmp.contentviewer
[2011.08.15 23:26:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoft
[2011.10.10 23:17:33 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\elsterformular
[2011.11.26 18:27:14 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Eumex 5520PC
[2011.12.09 21:19:05 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Foxit Software
[2013.03.24 13:25:15 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Free Download Manager
[2011.06.17 23:56:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FRITZ!
[2011.06.05 19:16:26 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FRITZ!fax für FRITZ!Box
[2011.02.03 23:52:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\GetRightToGo
[2011.01.15 19:32:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\GrabPro
[2011.08.15 23:19:18 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\gtk-2.0
[2013.03.22 13:37:29 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ICAClient
[2012.08.19 18:03:22 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\IcoFX
[2012.06.10 00:05:26 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ImgBurn
[2011.11.28 23:32:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\inkscape
[2011.01.10 21:55:26 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Jumping Bytes
[2012.04.06 18:06:20 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Leadertech
[2012.09.23 13:37:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Mael
[2011.01.10 21:55:26 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Mobile Master
[2011.01.15 19:24:30 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Mp3tag
[2011.09.25 13:49:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nokia
[2013.04.28 23:47:52 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Orbit
[2011.01.02 22:17:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PC Suite
[2012.12.31 18:56:21 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PeerNetworking
[2013.04.11 10:55:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ProgSense
[2012.12.06 01:59:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SciLor
[2011.01.29 01:33:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Subversion
[2012.06.09 22:09:54 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TeamViewer
[2012.07.05 00:12:52 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Telefónica
[2012.07.05 00:12:52 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TGCMLog
[2012.05.21 21:03:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Thunderbird
[2011.11.28 23:38:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Tobit
[2011.07.19 22:40:33 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Transcend Elite
[2011.09.07 23:48:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Vso
[2012.05.04 23:58:41 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\X10Receiver.NET
[2013.04.11 10:57:03 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Xumiuq
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:C39E55C5
< End of report >
Vielen Dank im Voraus!
A. |
