Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Weißer Bildschirm (https://www.trojaner-board.de/131175-weisser-bildschirm.html)

basti2551 17.02.2013 16:26
Weißer Bildschirm
 
Hallo,
ich habe heute den PC gestartet und da war plötzlich ein BKA-Virus.
Nach einem Neustart ist nur mehr ein weißer Bildschirm zu sehen, nach dem anmelden.

Was komisch ist. Auf dem PC (Windows7) sind zwei Benutzer, bei einem kommt der
weiße Bildschirm und bei dem anderen kann ich ganz normal einsteigen.

Könnt ihr mir helfen den Virus zu beseitigen?

Mit freundlichen Grüßen

basti2551

markusg 17.02.2013 17:27
Hi,
Mit einem sauberen 2. Rechner eine OTLPE-CD erstellen und den infizierten Rechner dann von dieser CD booten:

Falls Du kein Brennprogramm installiert hast, lade dir bitte ISOBurner herunter. Das Programm wird Dir erlauben, OTLPE auf eine CD zu brennen und sie bootfähig zu machen. Du brauchst das Tool nur zu installieren, der Rest läuft automatisch => Wie brenne ich eine ISO Datei auf CD/DVD.


Lade OTLpe Download OTLPENet.exe von OldTimer herunter und speichere sie auf Deinem Desktop. Anmerkung: Die Datei ist ca. 120 MB groß und es wird bei langsamer Internet-Verbindung ein wenig dauern, bis Du sie runtergeladen hast.
  • Wenn der Download fertig ist, mache einen Doppelklick auf die Datei und beantworte die Frage "Do you want to burn the CD?" mit Yes.
  • Lege eine leere CD in Deinen Brenner.
  • ImgBurn (oder Dein Brennprogramm) wird das Archiv extrahieren und OTLPE Network auf die CD brennen.
  • Wenn der Brenn-Vorgang abgeschlossen ist, wirst Du eine Dialogbox sehen => "Operation successfully completed".
  • Du kannst nun die Fenster des Brennprogramms schließen.
Nun boote von der OTLPE CD. Hinweis: Wie boote ich von CD


Bebilderte Anleitung: OTLpe-Scan
  • Dein System sollte nach einigen Minuten den REATOGO-X-PE Desktop anzeigen.
  • Mache einen Doppelklick auf das OTLPE Icon.
  • Hinweis: Damit OTLPE auch das richtige installierte Windows scant, musst du den Windows-Ordner des auf der Platte installierten Windows auswählen, einfach nur C: auswählen gibt einen Fehler!
  • Wenn Du gefragt wirst "Do you wish to load the remote registry", dann wähle Yes.
  • Wenn Du gefragt wirst "Do you wish to load remote user profile(s) for scanning", dann wähle Yes.
  • Vergewissere Dich, dass die Box "Automatically Load All Remaining Users" gewählt ist und drücke OK.
  • OTLpe sollte nun starten.
  • Drücke Run Scan, um den Scan zu starten.
  • Wenn der Scan fertig ist, werden die Dateien C:\OTL.Txt und C:\Extras.Txt erstellt
  • Kopiere diese Datei auf Deinen USB-Stick, wenn Du keine Internetverbindung auf diesem System hast.
  • Bitte poste den Inhalt von C:\OTL.txt und Extras.txt.

basti2551 17.02.2013 18:08
Habe leider keine CD zuhause gibt es eine Alternative?
Sonst muss ich mir morgen eine kaufen.

markusg 17.02.2013 18:14
Gibts, aber mit CD ists meist besser.
Aber versuchs mal:
Erstellen wir einen bootbaren USB Stick für OTLPE

Wichtig:
Der USB Stick muss mindestens 512 MB oder mehr haben. Sichere gegebenfalls alle Dateien von dem USB Stick, diese werden nach den folgenden Schritten nicht
mehr vorhanden sein.
Downloade dir eeepcfr.zip und entpacke die Datei nach Systemroot (meistens
C:\).
  • Leere den USB Stick auf den Du OTLPE erstellen willst.
  • Navigiere nach C:\eeecpfr und starte usb_prep8.cmd.
  • Drücke
    im DOS Fenster eine beliebige Taste.
  • Gehe nun sicher das der richtige Laufwerksbuchstabe deines USB Sticks ganz oben steht.
    Für Drive Label: gib ein OTLPE.
    Unter Source Path to built BartPE/WinPE Files klicke ... und wähle den vorher erstellten OTLPE Ordner .
    Setze ein Häckchen bei Enable File Copy.
  • Klicke Start, akzeptiere die Nutzungsbestimmungen.
Nun kannst Du mit dem USB Stick dein System starten!

Nun boote von mit der OTLPE USB Stick.
Hinweis: Wie boote ich von CD (einfach statt ner CD USB Device
auswählen)
  • Dein System sollte nach einigen Minuten den REATOGO-X-PE Desktop anzeigen.
  • Mache einen Doppelklick auf das OTLPE Icon.
  • Wenn Du gefragt
    wirst "Do you wish to load the remote registry", dann wähle Yes.
  • Wenn Du gefragt wirst "Do you wish to load remote user profile(s)
    for scanning"    , dann wähle Yes.
  • Vergewissere Dich, dass die Box "Automatically Load All Remaining Users" gewählt ist und drücke OK.

  • OTLpe sollte nun starten.
  • Drücke Run Scan, um den Scan zu starten.
  • Wenn der Scan fertig ist, werden die Dateien C:\OTL.Txt
    und C:\Extras.Txt erstellt
  • Kopiere diese Datei auf Deinen USB-Stick, wenn Du keine Internetverbindung auf diesem System hast.
  • Bitte poste
    den Inhalt von C:\OTL.Txt und Extras.Txt.

basti2551 17.02.2013 18:50
Also ich habe jetzt die Datei entpackt und drei Dateien bekommen wo auch die
iso dabei ist aber wenn ich im Programm den Ordner auswählen möchte dann kann ich nicht auf ok klicken habe es wie beschrieben versucht

markusg 17.02.2013 18:51
Hi,
dann morgen mit CD.

basti2551 18.02.2013 19:08
habe leider heute keine zeit gefunden kaufe morgen eine

markusg 18.02.2013 19:10
du musst dich nicht abmelden, außer es sollte einige Wochen dauern :-)

basti2551 21.02.2013 13:20
Hier ist das Log-file:

Code:
OTL logfile created on: 2/21/2013 1:09:35 PM - Run
OTLPE by OldTimer - Version 3.1.48.0    Folder = X:\Programs\OTLPE
Windows 7 Home Premium  (Version = 6.1.7600) - Type = System
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: ÷sterreich | Language: DEA | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 86.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 96.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = G: | %SystemRoot% = G:\Windows | %ProgramFiles% = G:\Program Files
Drive C: | 100.00 Mb Total Space | 75.40 Mb Free Space | 75.41% Space Free | Partition Type: NTFS
Drive G: | 890.41 Gb Total Space | 740.06 Gb Free Space | 83.11% Space Free | Partition Type: NTFS
Drive H: | 40.00 Gb Total Space | 23.53 Gb Free Space | 58.83% Space Free | Partition Type: NTFS
Drive I: | 1.88 Gb Total Space | 1.88 Gb Free Space | 99.95% Space Free | Partition Type: FAT32
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012/12/14 10:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto] -- G:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/12/14 10:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto] -- G:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/10/10 11:38:35 | 009,011,200 | ---- | M] () [Auto] -- G:\Program Files\Freemium\SystemStore\SystemStore.exe -- (SystemStoreService)
SRV - [2012/09/20 07:28:48 | 030,785,672 | ---- | M] (Microsoft Corporation) [On_Demand] -- G:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2011/07/01 09:41:00 | 000,269,480 | ---- | M] (Avira GmbH) [Auto] -- G:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/05/14 06:35:26 | 000,136,360 | ---- | M] (Avira GmbH) [Auto] -- G:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010/10/03 03:20:31 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand] -- G:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/09/24 08:36:59 | 001,960,744 | ---- | M] (TeamViewer GmbH) [Auto] -- G:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe -- (TeamViewer5)
SRV - [2010/05/27 11:59:30 | 000,176,128 | ---- | M] (AMD) [Auto] -- G:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2010/03/03 22:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto] -- G:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
SRV - [2009/07/13 20:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand] -- G:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 20:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto] -- G:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/07/24 04:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto] -- G:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand] --  -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2012/12/14 10:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand] -- G:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/07/01 09:41:00 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System] -- G:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/07/01 09:41:00 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto] -- G:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/05/27 12:38:24 | 005,586,432 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- G:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2010/05/27 11:25:18 | 000,209,920 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand] -- G:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2010/05/06 04:21:42 | 000,108,560 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand] -- G:\Windows\System32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2009/09/22 08:34:44 | 000,579,072 | ---- | M] (Realtek Semiconductor Corporation                          ) [Kernel | On_Demand] -- G:\Windows\System32\drivers\RTL8192su.sys -- (RTL8192su)
DRV - [2009/07/13 18:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- G:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/13 18:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- G:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/05/11 03:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System] -- G:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com/?crg=3.1010000.10002&barid={D36284D0-04C8-11E2-8745-6C626D5FB596}
IE - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=wbst&s={searchTerms}&f=4
IE - HKLM\..\URLSearchHook: {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - G:\Program Files\DVDVideoSoftTB_DE\prxtbDVD0.dll (Conduit Ltd.)
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\anna_ON_G\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com
IE - HKU\anna_ON_G\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://medion.msn.com [binary data]
IE - HKU\anna_ON_G\Software\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\anna_ON_G\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.at/
IE - HKU\anna_ON_G\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
IE - HKU\Maria_ON_G\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://search.babylon.com/?affID=110823&tt=120912_pcp_3812_3&babsrc=HP_ss&mntrId=5ef7949100000000000074f06d540d9b
IE - HKU\Maria_ON_G\Software\Microsoft\Internet Explorer\Main,BrowserMngr Start Page = hxxp://search.babylon.com/?affID=110823&tt=120912_pcp_3812_3&babsrc=HP_ss&mntrId=5ef7949100000000000074f06d540d9b
IE - HKU\Maria_ON_G\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com
IE - HKU\Maria_ON_G\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
IE - HKU\Maria_ON_G\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://medion.msn.com [binary data]
IE - HKU\Maria_ON_G\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKU\Maria_ON_G\Software\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\Maria_ON_G\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.at/
IE - HKU\Maria_ON_G\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie
IE - HKU\Maria_ON_G\Software\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKU\Maria_ON_G\..\URLSearchHook: {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - G:\Program Files\DVDVideoSoftTB_DE\prxtbDVD0.dll (Conduit Ltd.)
IE - HKU\Maria_ON_G\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - Reg Error: Key error. File not found
IE - HKU\Maria_ON_G\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - G:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll (SweetIM Technologies Ltd.)
IE - HKU\Maria_ON_G\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Maria_ON_G\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: G:\Windows\System32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: G:\Windows\System32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: 
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: G:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: G:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: G:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE:  File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: G:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: G:\Program Files\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: G:\Program Files\Microsoft Office\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: G:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: G:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: G:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{b64982b1-d112-42b5-b1e4-d3867c4533f8}: C:\ProgramData\Browser Manager\2.3.787.43\{16cdff19-861d-48e3-a751-d99a27784753}\FirefoxExtension [2012/10/12 01:53:54 | 000,000,000 | ---D | M]
 
[2012/09/22 09:45:02 | 000,000,000 | ---D | M] (No name found) -- G:\Program Files\Mozilla Firefox\extensions
[2011/08/09 15:02:10 | 000,002,047 | ---- | M] () -- G:\Program Files\mozilla firefox\searchplugins\fcmdSrch.xml
 
O1 HOSTS File: ([2009/06/10 16:39:37 | 000,000,824 | ---- | M]) - G:\Windows\System32\drivers\etc\hosts
O2 - BHO: (DVDVideoSoftTB DE Toolbar) - {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - G:\Program Files\DVDVideoSoftTB_DE\prxtbDVD0.dll (Conduit Ltd.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - G:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - G:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - G:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - G:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB DE Toolbar) - {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - G:\Program Files\DVDVideoSoftTB_DE\prxtbDVD0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - G:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKU\anna_ON_G\..\Toolbar\WebBrowser: (DVDVideoSoftTB DE Toolbar) - {0027DA2D-C9F2-4B0B-AE05-E2CD1BDB6CFF} - G:\Program Files\DVDVideoSoftTB_DE\prxtbDVD0.dll (Conduit Ltd.)
O3 - HKU\anna_ON_G\..\Toolbar\WebBrowser: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - G:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKU\Maria_ON_G\..\Toolbar\WebBrowser: (DVDVideoSoftTB DE Toolbar) - {0027DA2D-C9F2-4B0B-AE05-E2CD1BDB6CFF} - G:\Program Files\DVDVideoSoftTB_DE\prxtbDVD0.dll (Conduit Ltd.)
O3 - HKU\Maria_ON_G\..\Toolbar\WebBrowser: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - G:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [avgnt] G:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BCSSync] G:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [IAStorIcon] G:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [StartCCC] G:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SweetIM] G:\Program Files\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [Sweetpacks Communicator] G:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe (SweetIM Technologies Ltd.)
O4 - HKU\Maria_ON_G..\Run: [IExplorer Util] G:\Users\Maria\AppData\Roaming\ie_util.exe ()
O4 - HKU\Maria_ON_G..\Run: [Koyxagp] G:\Users\Maria\AppData\Roaming\Leesmi\yqapy.exe ()
O4 - HKU\LocalService_ON_G..\RunOnce: [mctadmin] G:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_G..\RunOnce: [mctadmin] G:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: G:\Users\anna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ()
O4 - Startup: G:\Users\Maria\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Add to Google Photos Screensa&ver - G:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: An OneNote s&enden - G:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Free YouTube to MP3 Converter - G:\Users\Maria\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - G:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: eBay.at - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} -  File not found
O9 - Extra 'Tools' menuitem : eBay.at - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} -  File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - G:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - G:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Verkn¸pfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - G:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verkn¸pfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - G:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - G:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O20 - AppInit_DLLs: (c:\progra~2\browse~1\23787~1.43\{16cdf~1\browse~1.dll) - G:\ProgramData\Browser Manager\2.3.787.43\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.dll ()
O20 - AppInit_DLLs: (c:\progra~2\browse~1\22643~1.41\{16cdf~1\browse~1.dll) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - G:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - G:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKU\Maria_ON_G Winlogon: Shell - (explorer.exe) - G:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKU\Maria_ON_G Winlogon: Shell - (C:\Users\Maria\AppData\Roaming\skype.dat) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - G:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - G:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{b680ef25-8472-11e0-b346-6c626d5fb596}\Shell - "" = AutoRun
O33 - MountPoints2\{b680ef25-8472-11e0-b346-6c626d5fb596}\Shell\AutoRun\command - "" = G:\iStudio.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/02/17 14:19:25 | 005,156,352 | ---- | C] (Geza Kovacs) -- G:\Users\Maria\Desktop\unetbootin-windows-583.exe
[2013/02/17 14:13:28 | 001,150,912 | ---- | C] (pendrivelinux.com) -- G:\Users\Maria\Desktop\Universal-USB-Installer-1.9.2.4.exe
[2013/02/17 13:59:47 | 000,000,000 | ---D | C] -- G:\Users\Maria\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BootDisk2BootStick
[2013/02/17 13:59:47 | 000,000,000 | ---D | C] -- G:\Program Files\BootDisk2BootStick
[2013/02/17 13:43:24 | 003,933,400 | ---- | C] (Hewlett-Packard Company                                    ) -- G:\Users\Maria\Desktop\sp42741.exe
[2013/02/17 13:42:48 | 000,000,000 | ---D | C] -- G:\SWSetup
[2013/02/17 12:54:33 | 000,000,000 | ---D | C] -- G:\ProgramData\Microsoft\Windows\Start Menu\Programs\ISO to USB
[2013/02/17 12:54:33 | 000,000,000 | ---D | C] -- G:\Program Files\ISO to USB
[2013/02/17 12:44:35 | 000,000,000 | ---D | C] -- G:\OTLPE
[2013/02/17 12:32:19 | 000,000,000 | ---D | C] -- G:\Users\Maria\Desktop\lˆschen
[2013/02/17 12:28:48 | 000,000,000 | ---D | C] -- G:\eeepcfr
[2013/02/17 12:28:37 | 000,000,000 | ---D | C] -- G:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2013/02/17 12:28:37 | 000,000,000 | ---D | C] -- G:\Program Files\7-Zip
[2013/02/17 11:23:59 | 000,000,000 | ---D | C] -- G:\Users\Maria\AppData\Roaming\Avira
[2013/02/17 11:16:23 | 000,000,000 | ---D | C] -- G:\Users\anna\AppData\Roaming\Malwarebytes
[2013/02/17 10:08:09 | 000,000,000 | ---D | C] -- G:\Users\Maria\AppData\Roaming\Malwarebytes
[2013/02/17 10:08:01 | 000,000,000 | ---D | C] -- G:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/02/17 10:08:00 | 000,000,000 | ---D | C] -- G:\ProgramData\Malwarebytes
[2013/02/17 10:07:59 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- G:\Windows\System32\drivers\mbam.sys
[2013/02/17 10:07:59 | 000,000,000 | ---D | C] -- G:\Program Files\Malwarebytes' Anti-Malware
[2013/02/17 10:07:45 | 000,602,112 | ---- | C] (OldTimer Tools) -- G:\Users\anna\Downloads\Desktop\OTL.exe
[2013/02/17 10:07:44 | 010,156,344 | ---- | C] (Malwarebytes Corporation                                    ) -- G:\Users\anna\Downloads\Desktop\mbam-setup-1.70.0.1100.exe
[2013/02/17 10:07:34 | 000,000,000 | ---D | C] -- G:\Users\Maria\AppData\Local\Programs
[2013/02/14 13:31:46 | 002,345,984 | ---- | C] (Microsoft Corporation) -- G:\Windows\System32\win32k.sys
[2013/02/14 13:31:35 | 000,627,200 | ---- | C] (Microsoft Corporation) -- G:\Windows\System32\msfeeds.dll
[2013/02/14 13:31:34 | 000,064,512 | ---- | C] (Microsoft Corporation) -- G:\Windows\System32\msfeedsbs.dll
[2013/02/14 13:31:33 | 000,606,208 | ---- | C] (Microsoft Corporation) -- G:\Windows\System32\mstime.dll
[2013/02/14 13:31:33 | 000,386,048 | ---- | C] (Microsoft Corporation) -- G:\Windows\System32\html.iec
[2013/02/14 13:31:33 | 000,381,440 | ---- | C] (Microsoft Corporation) -- G:\Windows\System32\iedkcs32.dll
[2013/02/14 13:31:33 | 000,185,856 | ---- | C] (Microsoft Corporation) -- G:\Windows\System32\iepeers.dll
[2013/02/14 13:31:33 | 000,176,640 | ---- | C] (Microsoft Corporation) -- G:\Windows\System32\ieui.dll
[2013/02/14 13:31:33 | 000,132,096 | ---- | C] (Microsoft Corporation) -- G:\Windows\System32\url.dll
[2013/02/14 13:31:33 | 000,048,128 | ---- | C] (Microsoft Corporation) -- G:\Windows\System32\jsproxy.dll
[2013/02/14 13:31:33 | 000,044,544 | ---- | C] (Microsoft Corporation) -- G:\Windows\System32\licmgr10.dll
[2013/02/14 13:31:33 | 000,012,800 | ---- | C] (Microsoft Corporation) -- G:\Windows\System32\msfeedssync.exe
[2013/02/14 13:31:32 | 001,638,912 | ---- | C] (Microsoft Corporation) -- G:\Windows\System32\mshtml.tlb
[2013/02/14 13:31:23 | 000,187,240 | ---- | C] (Microsoft Corporation) -- G:\Windows\System32\drivers\FWPKCLNT.SYS
[2013/02/14 13:31:03 | 003,957,608 | ---- | C] (Microsoft Corporation) -- G:\Windows\System32\ntkrnlpa.exe
[2013/02/14 13:31:02 | 003,902,312 | ---- | C] (Microsoft Corporation) -- G:\Windows\System32\ntoskrnl.exe
[2013/02/14 13:30:54 | 000,271,360 | ---- | C] (Microsoft Corporation) -- G:\Windows\System32\conhost.exe
[2013/02/14 13:30:54 | 000,169,984 | ---- | C] (Microsoft Corporation) -- G:\Windows\System32\winsrv.dll
[2013/02/14 13:30:54 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- G:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/02/14 13:30:53 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- G:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
[2013/02/14 13:30:53 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- G:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
[2013/02/14 13:30:53 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- G:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
[2013/02/14 13:30:53 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- G:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
[2013/02/14 13:30:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- G:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
[2013/02/14 13:30:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- G:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013/02/14 13:30:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- G:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
[2013/02/14 13:30:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- G:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
[2013/02/14 13:30:52 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- G:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
[2013/02/14 13:30:52 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- G:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
[2013/02/14 13:30:52 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- G:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
[2013/02/14 13:30:52 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- G:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
[2013/02/14 13:30:52 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- G:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
[2013/02/14 13:30:52 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- G:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
[2013/02/14 13:30:52 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- G:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
[2013/02/14 13:30:52 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- G:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
[2013/02/14 13:30:52 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- G:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
[2013/02/14 13:30:52 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- G:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
[2013/02/14 13:30:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- G:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
[2013/02/14 13:30:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- G:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
[2013/02/14 13:30:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- G:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
[2013/02/14 13:30:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- G:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
[2013/02/14 13:30:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- G:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
[2013/02/14 13:30:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- G:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
[2013/02/14 13:30:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- G:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
[2013/02/14 13:30:51 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- G:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
[2013/02/14 13:30:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- G:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
[2013/02/14 13:27:00 | 000,000,000 | ---D | C] -- G:\Users\Maria\AppData\Roaming\Tecu
[2013/02/14 13:27:00 | 000,000,000 | ---D | C] -- G:\Users\Maria\AppData\Roaming\Tarok
[2013/02/14 13:27:00 | 000,000,000 | ---D | C] -- G:\Users\Maria\AppData\Roaming\Leesmi
[2013/02/13 05:56:29 | 000,000,000 | ---D | C] -- G:\Users\anna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
[2013/02/13 05:55:46 | 000,000,000 | ---D | C] -- G:\Users\anna\AppData\Roaming\Dropbox
[1 G:\Users\Maria\Documents\*.tmp files -> G:\Users\Maria\Documents\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/02/17 14:52:53 | 000,067,584 | --S- | M] () -- G:\Windows\bootstat.dat
[2013/02/17 14:03:57 | 000,010,096 | -H-- | M] () -- G:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/02/17 14:03:57 | 000,010,096 | -H-- | M] () -- G:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/02/17 14:01:10 | 000,001,096 | ---- | M] () -- G:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/02/17 13:59:47 | 000,001,115 | ---- | M] () -- G:\Users\Maria\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\BootDisk2BootStick.lnk
[2013/02/17 13:59:47 | 000,001,091 | ---- | M] () -- G:\Users\Maria\Desktop\BootDisk2BootStick.lnk
[2013/02/17 13:57:47 | 000,001,092 | ---- | M] () -- G:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/02/17 13:56:26 | 2415,321,088 | -HS- | M] () -- G:\hiberfil.sys
[2013/02/17 13:15:32 | 003,933,400 | ---- | M] (Hewlett-Packard Company                                    ) -- G:\Users\Maria\Desktop\sp42741.exe
[2013/02/17 12:54:33 | 000,000,923 | ---- | M] () -- G:\Users\Public\Desktop\ISO to USB.lnk
[2013/02/17 12:54:33 | 000,000,000 | ---D | M] -- G:\ProgramData\Microsoft\Windows\Start Menu\Programs\ISO to USB
[2013/02/17 12:28:38 | 000,000,000 | ---D | M] -- G:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2013/02/17 10:11:54 | 000,001,067 | ---- | M] () -- G:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/02/17 10:11:54 | 000,000,000 | ---D | M] -- G:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/02/17 10:05:51 | 010,156,344 | ---- | M] (Malwarebytes Corporation                                    ) -- G:\Users\anna\Downloads\Desktop\mbam-setup-1.70.0.1100.exe
[2013/02/17 09:56:37 | 000,693,478 | ---- | M] () -- G:\Windows\System32\perfh00A.dat
[2013/02/17 09:56:37 | 000,689,750 | ---- | M] () -- G:\Windows\System32\perfh015.dat
[2013/02/17 09:56:37 | 000,679,366 | ---- | M] () -- G:\Windows\System32\prfh0816.dat
[2013/02/17 09:56:37 | 000,654,150 | ---- | M] () -- G:\Windows\System32\perfh007.dat
[2013/02/17 09:56:37 | 000,632,204 | ---- | M] () -- G:\Windows\System32\perfh00E.dat
[2013/02/17 09:56:37 | 000,616,032 | ---- | M] () -- G:\Windows\System32\perfh009.dat
[2013/02/17 09:56:37 | 000,610,226 | ---- | M] () -- G:\Windows\System32\perfh01F.dat
[2013/02/17 09:56:37 | 000,148,334 | ---- | M] () -- G:\Windows\System32\perfc00E.dat
[2013/02/17 09:56:37 | 000,137,086 | ---- | M] () -- G:\Windows\System32\perfc00A.dat
[2013/02/17 09:56:37 | 000,134,864 | ---- | M] () -- G:\Windows\System32\perfc015.dat
[2013/02/17 09:56:37 | 000,133,776 | ---- | M] () -- G:\Windows\System32\prfc0816.dat
[2013/02/17 09:56:37 | 000,130,022 | ---- | M] () -- G:\Windows\System32\perfc007.dat
[2013/02/17 09:56:37 | 000,121,550 | ---- | M] () -- G:\Windows\System32\perfc01F.dat
[2013/02/17 09:56:37 | 000,106,412 | ---- | M] () -- G:\Windows\System32\perfc009.dat
[2013/02/17 09:52:27 | 000,000,004 | ---- | M] () -- G:\Users\Maria\AppData\Roaming\skype.ini
[2013/02/17 09:37:55 | 000,421,152 | ---- | M] () -- G:\Windows\System32\FNTCACHE.DAT
[2013/02/14 13:27:37 | 000,062,976 | ---- | M] () -- G:\Users\Maria\AppData\Roaming\ie_util.exe
[2013/02/13 05:58:38 | 000,001,047 | ---- | M] () -- G:\Users\anna\Downloads\Desktop\Dropbox.lnk
[2013/02/13 05:56:39 | 000,001,051 | ---- | M] () -- G:\Users\anna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013/02/10 05:41:08 | 001,150,912 | ---- | M] (pendrivelinux.com) -- G:\Users\Maria\Desktop\Universal-USB-Installer-1.9.2.4.exe
[1 G:\Users\Maria\Documents\*.tmp files -> G:\Users\Maria\Documents\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/02/17 13:59:47 | 000,001,115 | ---- | C] () -- G:\Users\Maria\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\BootDisk2BootStick.lnk
[2013/02/17 13:59:47 | 000,001,091 | ---- | C] () -- G:\Users\Maria\Desktop\BootDisk2BootStick.lnk
[2013/02/17 13:59:40 | 000,100,268 | ---- | C] () -- G:\Users\Maria\Desktop\BootDisk2BootStick v0.12.exe
[2013/02/17 12:54:33 | 000,000,923 | ---- | C] () -- G:\Users\Public\Desktop\ISO to USB.lnk
[2013/02/17 10:08:01 | 000,001,067 | ---- | C] () -- G:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/02/14 13:32:17 | 000,000,004 | ---- | C] () -- G:\Users\Maria\AppData\Roaming\skype.ini
[2013/02/14 13:27:37 | 000,062,976 | ---- | C] () -- G:\Users\Maria\AppData\Roaming\ie_util.exe
[2013/02/13 05:58:38 | 000,001,047 | ---- | C] () -- G:\Users\anna\Downloads\Desktop\Dropbox.lnk
[2013/02/13 05:56:39 | 000,001,051 | ---- | C] () -- G:\Users\anna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2011/05/25 06:54:58 | 000,000,182 | ---- | C] () -- G:\Windows\System32\EBPPORT4.DAT
[2011/05/25 06:54:40 | 000,000,025 | ---- | C] () -- G:\Windows\CDEC84Euro.ini
[2011/02/02 13:01:08 | 000,004,608 | ---- | C] () -- G:\Users\anna\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/11/15 15:17:34 | 000,913,739 | ---- | C] () -- G:\Users\Maria\AppData\Roaming\mdbu.bin
[2010/11/15 14:07:47 | 000,098,281 | ---- | C] () -- G:\Users\anna\AppData\Roaming\mdbu.bin
[2010/07/01 17:01:53 | 000,000,000 | ---- | C] () -- G:\Windows\ativpsrm.bin
[2010/06/29 08:53:52 | 000,073,728 | ---- | C] () -- G:\Windows\System32\RtNicProp32.dll
[2010/05/12 09:05:55 | 000,610,226 | ---- | C] () -- G:\Windows\System32\perfh01F.dat
[2010/05/12 09:05:55 | 000,285,034 | ---- | C] () -- G:\Windows\System32\perfi01F.dat
[2010/05/12 09:05:55 | 000,121,550 | ---- | C] () -- G:\Windows\System32\perfc01F.dat
[2010/05/12 09:05:55 | 000,037,160 | ---- | C] () -- G:\Windows\System32\perfd01F.dat
[2010/05/12 08:57:07 | 000,679,366 | ---- | C] () -- G:\Windows\System32\prfh0816.dat
[2010/05/12 08:57:07 | 000,336,656 | ---- | C] () -- G:\Windows\System32\prfi0816.dat
[2010/05/12 08:57:07 | 000,133,776 | ---- | C] () -- G:\Windows\System32\prfc0816.dat
[2010/05/12 08:57:07 | 000,040,548 | ---- | C] () -- G:\Windows\System32\prfd0816.dat
[2010/05/12 08:51:56 | 000,689,750 | ---- | C] () -- G:\Windows\System32\perfh015.dat
[2010/05/12 08:51:56 | 000,337,158 | ---- | C] () -- G:\Windows\System32\perfi015.dat
[2010/05/12 08:51:56 | 000,134,864 | ---- | C] () -- G:\Windows\System32\perfc015.dat
[2010/05/12 08:51:56 | 000,038,710 | ---- | C] () -- G:\Windows\System32\perfd015.dat
[2010/05/12 08:36:45 | 000,632,204 | ---- | C] () -- G:\Windows\System32\perfh00E.dat
[2010/05/12 08:36:45 | 000,287,518 | ---- | C] () -- G:\Windows\System32\perfi00E.dat
[2010/05/12 08:36:45 | 000,148,334 | ---- | C] () -- G:\Windows\System32\perfc00E.dat
[2010/05/12 08:36:45 | 000,048,094 | ---- | C] () -- G:\Windows\System32\perfd00E.dat
[2010/05/12 08:27:05 | 000,693,478 | ---- | C] () -- G:\Windows\System32\perfh00A.dat
[2010/05/12 08:27:05 | 000,341,432 | ---- | C] () -- G:\Windows\System32\perfi00A.dat
[2010/05/12 08:27:05 | 000,137,086 | ---- | C] () -- G:\Windows\System32\perfc00A.dat
[2010/05/12 08:27:05 | 000,041,390 | ---- | C] () -- G:\Windows\System32\perfd00A.dat
[2010/05/12 08:13:56 | 000,654,150 | ---- | C] () -- G:\Windows\System32\perfh007.dat
[2010/05/12 08:13:56 | 000,295,922 | ---- | C] () -- G:\Windows\System32\perfi007.dat
[2010/05/12 08:13:56 | 000,130,022 | ---- | C] () -- G:\Windows\System32\perfc007.dat
[2010/05/12 08:13:56 | 000,038,104 | ---- | C] () -- G:\Windows\System32\perfd007.dat
[2010/04/29 10:37:26 | 000,002,137 | ---- | C] () -- G:\Windows\System32\atipblag.dat
[2010/04/06 12:54:32 | 000,203,336 | ---- | C] () -- G:\Windows\System32\atiicdxx.dat
[2009/07/13 23:57:37 | 000,067,584 | --S- | C] () -- G:\Windows\bootstat.dat
[2009/07/13 23:33:53 | 000,421,152 | ---- | C] () -- G:\Windows\System32\FNTCACHE.DAT
[2009/07/13 21:05:48 | 000,616,032 | ---- | C] () -- G:\Windows\System32\perfh009.dat
[2009/07/13 21:05:48 | 000,291,294 | ---- | C] () -- G:\Windows\System32\perfi009.dat
[2009/07/13 21:05:48 | 000,106,412 | ---- | C] () -- G:\Windows\System32\perfc009.dat
[2009/07/13 21:05:48 | 000,031,548 | ---- | C] () -- G:\Windows\System32\perfd009.dat
[2009/07/13 21:05:05 | 000,000,741 | ---- | C] () -- G:\Windows\System32\NOISE.DAT
[2009/07/13 21:04:11 | 000,215,943 | ---- | C] () -- G:\Windows\System32\dssec.dat
[2009/07/13 19:02:54 | 000,245,248 | ---- | C] () -- G:\Windows\System32\DShowRdpFilter.dll
[2009/07/13 18:55:01 | 000,043,131 | ---- | C] () -- G:\Windows\mib.bin
[2009/07/13 18:51:43 | 000,073,728 | ---- | C] () -- G:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- G:\Windows\System32\BWContextHandler.dll
[2009/07/13 17:09:19 | 000,982,196 | ---- | C] () -- G:\Windows\System32\igkrng500.bin
[2009/07/13 17:09:19 | 000,417,344 | ---- | C] () -- G:\Windows\System32\igcompkrng500.bin
[2009/07/13 17:09:19 | 000,139,824 | ---- | C] () -- G:\Windows\System32\igfcg500.bin
[2009/07/13 17:09:19 | 000,097,448 | ---- | C] () -- G:\Windows\System32\igfcg500m.bin
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- G:\Windows\System32\mlang.dat
[2009/02/18 12:55:20 | 000,294,912 | ---- | C] () -- G:\Windows\System32\ATIODE.exe
[2009/02/03 15:52:02 | 000,045,056 | ---- | C] () -- G:\Windows\System32\ATIODCLI.exe
[2007/04/27 02:43:58 | 000,120,200 | ---- | C] () -- G:\Windows\System32\DLLDEV32i.dll
 
========== LOP Check ==========
 
[2009/07/13 23:53:55 | 000,000,000 | -HSD | M] -- G:\ProgramData\Application Data
[2012/09/22 09:44:53 | 000,000,000 | ---D | M] -- G:\ProgramData\Babylon
[2012/10/12 01:53:52 | 000,000,000 | ---D | M] -- G:\ProgramData\Browser Manager
[2010/10/03 02:24:57 | 000,000,000 | -H-D | M] -- G:\ProgramData\CanonBJ
[2011/01/21 12:53:55 | 000,000,000 | -H-D | M] -- G:\ProgramData\CanonIJScan
[2012/09/22 10:20:41 | 000,000,000 | -H-D | M] -- G:\ProgramData\Common Files
[2009/07/13 23:53:55 | 000,000,000 | -HSD | M] -- G:\ProgramData\Desktop
[2009/07/13 23:53:55 | 000,000,000 | -HSD | M] -- G:\ProgramData\Documents
[2009/07/13 23:53:55 | 000,000,000 | -HSD | M] -- G:\ProgramData\Favorites
[2010/11/15 13:46:26 | 000,000,000 | ---D | M] -- G:\ProgramData\HappyFoto-Designer
[2012/06/09 09:29:39 | 000,000,000 | ---D | M] -- G:\ProgramData\MAGIX
[2009/07/13 23:53:55 | 000,000,000 | -HSD | M] -- G:\ProgramData\Start Menu
[2012/09/22 10:19:10 | 000,000,000 | ---D | M] -- G:\ProgramData\SweetIM
[2012/09/22 10:19:17 | 000,000,000 | ---D | M] -- G:\ProgramData\Tarma Installer
[2010/06/30 05:05:34 | 000,000,000 | ---D | M] -- G:\ProgramData\Temp
[2009/07/13 23:53:55 | 000,000,000 | -HSD | M] -- G:\ProgramData\Templates
[2012/12/06 14:23:44 | 000,000,000 | ---D | M] -- G:\ProgramData\tmp
[2012/09/22 10:20:51 | 000,000,000 | ---D | M] -- G:\ProgramData\TuneUp Software
[2010/10/13 08:07:24 | 000,000,000 | ---D | M] -- G:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2012/09/22 10:20:41 | 000,000,000 | -HSD | M] -- G:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
[2013/02/09 04:40:07 | 000,032,632 | ---- | M] () -- G:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2012/11/29 11:54:10 | 000,000,000 | -HSD | M] -- G:\$RECYCLE.BIN
[2010/07/01 16:54:47 | 000,000,000 | ---D | M] -- G:\ATI
[2011/03/06 09:59:59 | 000,000,000 | ---D | M] -- G:\COMTEST_V650
[2010/10/02 09:26:24 | 000,000,000 | -HSD | M] -- G:\Documents and Settings
[2013/02/17 12:28:49 | 000,000,000 | ---D | M] -- G:\eeepcfr
[2010/10/02 13:02:33 | 000,000,000 | RH-D | M] -- G:\MSOCache
[2013/02/17 12:46:03 | 000,000,000 | ---D | M] -- G:\OTLPE
[2013/02/17 13:59:47 | 000,000,000 | R--D | M] -- G:\Program Files
[2013/02/17 10:08:00 | 000,000,000 | -H-D | M] -- G:\ProgramData
[2010/10/02 09:26:24 | 000,000,000 | -HSD | M] -- G:\Recovery
[2013/02/17 13:42:48 | 000,000,000 | ---D | M] -- G:\SWSetup
[2013/02/17 10:52:59 | 000,000,000 | -HSD | M] -- G:\System Volume Information
[2010/10/02 12:47:55 | 000,000,000 | R--D | M] -- G:\Users
[2013/02/17 10:24:20 | 000,000,000 | ---D | M] -- G:\Windows
 
< %PROGRAMFILES%\*.exe >
 
Invalid Environment Variable: %LOCALAPPDATA%\*.exe
 
< %systemroot%\*. /mp /s >
 
 
< MD5 for: AGP440.SYS  >
[2009/07/13 20:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- G:\Windows\System32\drivers\AGP440.sys
[2009/07/13 20:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- G:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys
[2009/07/13 20:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- G:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
 
< MD5 for: AHCIX86S.SYS  >
[2007/11/14 12:44:42 | 000,129,552 | ---- | M] (Promise Technology, Inc.) MD5=58CB1FA96B24DFE2196548E959B1996B -- G:\ATI\Win7_Vista\8_741\Packages\Drivers\SBDrv\SB6xx\RAID\LH\ahcix86s.sys
[2009/10/26 12:41:10 | 000,189,496 | ---- | M] (Advanced Micro Devices, Inc) MD5=6C27F0A964EA98F457CAAB9A47030538 -- G:\ATI\Win7_Vista\8_741\Packages\Drivers\SBDrv\SB6xx\RAID\W7\ahcix86s.sys
 
< MD5 for: ATAPI.SYS  >
[2009/07/13 20:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- G:\Windows\System32\drivers\atapi.sys
[2009/07/13 20:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- G:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys
[2009/07/13 20:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- G:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009/07/13 20:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- G:\Windows\System32\cngaudit.dll
[2009/07/13 20:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- G:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
 
< MD5 for: EXPLORER.EXE  >
[2011/02/26 00:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- G:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2009/07/13 20:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- G:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2011/02/26 00:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- G:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[2009/10/31 00:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- G:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2011/02/26 00:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- G:\Windows\explorer.exe
[2011/02/26 00:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- G:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- G:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[2009/08/03 00:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- G:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009/08/03 00:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- G:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009/10/31 01:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- G:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe
 
< MD5 for: IASTOR.SYS  >
[2010/03/03 21:33:26 | 000,435,736 | ---- | M] (Intel Corporation) MD5=26541A068572F650A2FA490726FE81BE -- G:\Windows\System32\drivers\iaStor.sys
[2010/03/03 21:33:26 | 000,435,736 | ---- | M] (Intel Corporation) MD5=26541A068572F650A2FA490726FE81BE -- G:\Windows\System32\DriverStore\FileRepository\iaahci.inf_x86_neutral_e8a55be84650e755\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2011/03/11 00:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- G:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys
[2011/03/11 00:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- G:\Windows\System32\drivers\iaStorV.sys
[2011/03/11 00:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- G:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0033117673c16921\iaStorV.sys
[2011/03/11 00:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- G:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys
[2011/03/11 00:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- G:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys
[2009/07/13 20:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- G:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys
[2009/07/13 20:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- G:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
[2011/03/11 00:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- G:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009/07/13 20:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- G:\Windows\System32\netlogon.dll
[2009/07/13 20:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- G:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011/03/11 00:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- G:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys
[2011/03/11 00:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- G:\Windows\System32\drivers\nvstor.sys
[2011/03/11 00:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- G:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_38e464dbe521cc7f\nvstor.sys
[2011/03/11 00:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- G:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys
[2011/03/11 00:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- G:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys
[2011/03/11 00:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- G:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys
[2009/07/13 20:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- G:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys
[2009/07/13 20:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- G:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009/07/13 20:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- G:\Windows\System32\scecli.dll
[2009/07/13 20:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- G:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009/07/13 20:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- G:\Windows\System32\user32.dll
[2009/07/13 20:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- G:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2009/07/13 20:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- G:\Windows\System32\userinit.exe
[2009/07/13 20:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- G:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012/12/14 10:49:28 | 000,216,424 | ---- | M] () MD5=22101A85B3CA2FE2BE05FE9A61A7A83D -- G:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009/10/28 01:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- G:\Windows\System32\winlogon.exe
[2009/10/28 01:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- G:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009/10/28 00:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- G:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2009/07/13 20:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- G:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009/07/13 18:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- G:\Windows\System32\drivers\ws2ifsl.sys
[2009/07/13 18:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- G:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2010/12/21 00:34:12 | 000,080,384 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- G:\Windows\system32\davclnt.dll
[2009/07/13 20:15:13 | 000,018,944 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- G:\Windows\system32\drprov.dll
[2009/07/13 20:15:14 | 000,189,952 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- G:\Windows\system32\EhStorShell.dll
[2009/07/13 20:15:21 | 000,828,928 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- G:\Windows\system32\fontext.dll
[2009/07/13 20:16:11 | 000,069,120 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- G:\Windows\system32\ntlanman.dll
[2012/01/04 04:03:07 | 000,442,880 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- G:\Windows\system32\ntshrui.dll
[2012/06/08 23:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- G:\Windows\system32\shell32.dll
 
Invalid Environment Variable: %USERPROFILE%\*.*
 
Invalid Environment Variable: %USERPROFILE%\Local Settings\Temp\*.exe
 
Invalid Environment Variable: %USERPROFILE%\Local Settings\Temp\*.dll
 
Invalid Environment Variable: %USERPROFILE%\Application Data\*.exe
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 68 bytes -> G:\Users\Maria\Documents\spider.sav:KAVICHS
@Alternate Data Stream - 20 bytes -> G:\Users\anna\Downloads\Desktop\OTL.exe:Mac_Metadata
@Alternate Data Stream - 20 bytes -> G:\Users\anna\Downloads\Desktop\mbam-setup-1.70.0.1100.exe:Mac_Metadata
@Alternate Data Stream - 20 bytes -> G:\eeepcfr:Mac_Metadata
< End of report >

markusg 21.02.2013 14:47
Hi
auf deinem zweiten pc gehe auf start, programme zubehör editor, kopiere dort
rein:
Code:
:OTL
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O4 - HKU\Maria_ON_G..\Run: [Koyxagp] G:\Users\Maria\AppData\Roaming\Leesmi\yqapy.exe ()
O9 - Extra Button: eBay.at - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} -  File not found
O9 - Extra 'Tools' menuitem : eBay.at - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} -  File not found
O20 - AppInit_DLLs: (c:\progra~2\browse~1\22643~1.41\{16cdf~1\browse~1.dll) -  File not found
O20 - HKU\Maria_ON_G Winlogon: Shell - (C:\Users\Maria\AppData\Roaming\skype.dat) -  File not found
[2013/02/17 09:52:27 | 000,000,004 | ---- | M] () -- G:\Users\Maria\AppData\Roaming\skype.ini
[2013/02/14 13:27:00 | 000,000,000 | ---D | C] -- G:\Users\Maria\AppData\Roaming\Tecu
[2013/02/14 13:27:00 | 000,000,000 | ---D | C] -- G:\Users\Maria\AppData\Roaming\Tarok
[2013/02/14 13:27:00 | 000,000,000 | ---D | C] -- G:\Users\Maria\AppData\Roaming\Leesmi
:Files
G:\Users\Maria\AppData\Roaming\Leesmi
:Commands
[EMPTYFLASH]
[emptytemp]


dieses speicherst du auf nem usb stick als fix.txt
nutze nun wieder OTLPENet.exe (starte also von der erstellten cd) und hake alles an, wie es bereits im post zu OTLPENet.exe beschrieben ist.
• Klicke nun bitte auf den Fix Button.
es sollte nun eine meldung ähnlich dieser: "load fix from file" erscheinen, lade also die fix.txt von deinem stick.
wenn dies nicht funktioniert, bitte den fix manuell eintragen.
dann klicke erneut den fix buton. pc startet evtl. neu. wenn ja, nimm die cd aus dem laufwerk, windows sollte nun normal starten und die otl.txt öffnen,
log posten bitte.

starte in den normalen modus.

falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden

Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang
in den Thread posten!



Drücke bitte die http://larusso.trojaner-board.de/Images/windows.jpg + E Taste.
  • Öffne dein Systemlaufwerk ( meistens C: )
  • Suche nun
    folgenden Ordner: _OTL und öffne diesen.
  • Mache einen Rechtsklick auf den Ordner Movedfiles --> Senden an --> Zip-Komprimierter Ordner

  • Dies wird eine Movedfiles.zip Datei in _OTL erstellen
  • Lade diese bitte in unseren Uploadchannel
    hoch. ( Durchsuchen --> C:\_OTL\Movedfiles.zip )
Teile mir mit ob der Upload problemlos geklappt hat. Danke im voraus :)

basti2551 22.02.2013 08:44
Danke nun ist er weg.

Hier das Logfile

Code:
Error: Unable to interpret <:OTL
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O4 - HKU\Maria_ON_G..\Run: [Koyxagp] G:\Users\Maria\AppData\Roaming\Leesmi\yqapy.exe ()
O9 - Extra Button: eBay.at - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} -  File not found
O9 - Extra 'Tools' menuitem : eBay.at - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} -  File not found
O20 - AppInit_DLLs: (c:\progra~2\browse~1\22643~1.41\{16cdf~1\browse~1.dll) -  File not found
O20 - HKU\Maria_ON_G Winlogon: Shell - (C:\Users\Maria\AppData\Roaming\skype.dat) -  File not found
[2013/02/17 09:52:27 | 000,000,004 | ---- | M] () -- G:\Users\Maria\AppData\Roaming\skype.ini
[2013/02/14 13:27:00 | 000,000,000 | ---D | C] -- G:\Users\Maria\AppData\Roaming\Tecu
[2013/02/14 13:27:00 | 000,000,000 | ---D | C] -- G:\Users\Maria\AppData\Roaming\Tarok
[2013/02/14 13:27:00 | 000,000,000 | ---D | C] -- G:\Users\Maria\AppData\Roaming\Leesmi
:Files
G:\Users\Maria\AppData\Roaming\Leesmi
:Commands
[EMPTYFLASH]
[emptytemp]
        > in the current context!
 
OTLPE by OldTimer - Version 3.1.48.0 log created on 02222013_083459
Das Uploaden in den Uploadchannel hat geklappt ist allerdings nur eine Datei und ein leerer
Ordner



Vielen Danke für deine Hilfe

basti2551

markusg 22.02.2013 12:08
hi
hast beim eingeben evtl. was falsch gemacht,bitte noch mal ohne das
<

basti2551 22.02.2013 16:38
Ich sehe nirgends ein <
aber der Virus kommt jetzt nicht mehr, da müsste er doch weg sein oder?

markusg 22.02.2013 17:10
hi,
Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

basti2551 23.02.2013 15:12
Hier das Logfile

Code:
ComboFix 13-02-23.01 - Maria 23.02.2013  14:55:39.1.2 - x86
Microsoft Windows 7 Home Premium  6.1.7600.0.1252.43.1031.18.3071.2036 [GMT 1:00]
ausgef¸hrt von:: c:\users\Maria\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Outdated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Outdated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Lˆschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Maria\AppData\Local\Microsoft\Windows\Temporary Internet Files\{03AB2F4D-7F5C-43BE-80DC-478D4DEBDEC6}.xps
c:\users\Maria\AppData\Local\Microsoft\Windows\Temporary Internet Files\{17DE2D61-B6EB-4BD8-AF60-E1F5BC946872}.xps
c:\users\Maria\AppData\Local\Microsoft\Windows\Temporary Internet Files\{280D34B4-5623-45B1-9E29-6EA9E8A85859}.xps
c:\users\Maria\AppData\Local\Microsoft\Windows\Temporary Internet Files\{381CE58F-C9AA-4A07-80F2-5208F808CD23}.xps
c:\users\Maria\AppData\Local\Microsoft\Windows\Temporary Internet Files\{3ADB2214-C10D-4EBF-976D-4E61AF19E5DC}.xps
c:\users\Maria\AppData\Local\Microsoft\Windows\Temporary Internet Files\{3D658A42-3B8B-492C-8912-6E2DC97A4D0E}.xps
c:\users\Maria\AppData\Local\Microsoft\Windows\Temporary Internet Files\{47673680-4361-4C00-880D-C3062F4C9D9F}.xps
c:\users\Maria\AppData\Local\Microsoft\Windows\Temporary Internet Files\{5269AE52-ED6A-4581-BF76-C800D2190E88}.xps
c:\users\Maria\AppData\Local\Microsoft\Windows\Temporary Internet Files\{684D1F95-60B5-489E-8285-96E91D29F2DC}.xps
c:\users\Maria\AppData\Local\Microsoft\Windows\Temporary Internet Files\{685956C2-16A9-412F-92DC-F430851AC7F1}.xps
c:\users\Maria\AppData\Local\Microsoft\Windows\Temporary Internet Files\{6C76F35A-734B-4568-B709-5C46AFAF06A5}.xps
c:\users\Maria\AppData\Local\Microsoft\Windows\Temporary Internet Files\{6D9EA0F3-0ABF-410B-9279-837581EB81D4}.xps
c:\users\Maria\AppData\Local\Microsoft\Windows\Temporary Internet Files\{729195D9-77E1-47E9-A9AF-F927C41B65BA}.xps
c:\users\Maria\AppData\Local\Microsoft\Windows\Temporary Internet Files\{78C0CBEF-9296-4B5B-9D53-A4546DFFCA99}.xps
c:\users\Maria\AppData\Local\Microsoft\Windows\Temporary Internet Files\{7D785679-1213-4CDA-9037-5B20B719D167}.xps
c:\users\Maria\AppData\Local\Microsoft\Windows\Temporary Internet Files\{8561FE11-D7DE-4E56-B989-7B1D7DE66870}.xps
c:\users\Maria\AppData\Local\Microsoft\Windows\Temporary Internet Files\{972C560A-279F-44D1-B1C3-22E0A5072AD1}.xps
c:\users\Maria\AppData\Local\Microsoft\Windows\Temporary Internet Files\{99D573D1-0A59-4C26-98A2-6C3EDDFA8C97}.xps
c:\users\Maria\AppData\Local\Microsoft\Windows\Temporary Internet Files\{9F82D9EA-67B1-45D0-B90E-26EA13EACCC6}.xps
c:\users\Maria\AppData\Local\Microsoft\Windows\Temporary Internet Files\{A26FAEA3-244F-4607-A923-83F2B1A270AE}.xps
c:\users\Maria\AppData\Local\Microsoft\Windows\Temporary Internet Files\{A6E24451-C427-439F-90F7-5B44FE2158E4}.xps
c:\users\Maria\AppData\Local\Microsoft\Windows\Temporary Internet Files\{AB7B4322-AD14-45BC-A43E-6B822C36139F}.xps
c:\users\Maria\AppData\Local\Microsoft\Windows\Temporary Internet Files\{AF33C72C-BFBE-433C-B660-8FF1DB943278}.xps
c:\users\Maria\AppData\Local\Microsoft\Windows\Temporary Internet Files\{B0481A1E-9D70-479C-A7A0-B2EBA4F93A95}.xps
c:\users\Maria\AppData\Local\Microsoft\Windows\Temporary Internet Files\{B74D773D-5732-4143-82EA-25065C84AE9D}.xps
c:\users\Maria\AppData\Local\Microsoft\Windows\Temporary Internet Files\{B7F42B5D-1744-4B0D-9DFE-53DDE49DE4A6}.xps
c:\users\Maria\AppData\Local\Microsoft\Windows\Temporary Internet Files\{B8594545-9D32-473F-9664-7945193C9740}.xps
c:\users\Maria\AppData\Local\Microsoft\Windows\Temporary Internet Files\{B91C17D3-9B2D-49CF-959B-C70DDED6C0C8}.xps
c:\users\Maria\AppData\Local\Microsoft\Windows\Temporary Internet Files\{C0575DEC-4CA2-445D-8E60-17D61E7B9033}.xps
c:\users\Maria\AppData\Local\Microsoft\Windows\Temporary Internet Files\{C44F67DC-0765-422E-81E8-96ED49AD9401}.xps
c:\users\Maria\AppData\Local\Microsoft\Windows\Temporary Internet Files\{C5AD7406-B511-4251-9381-08861017F14D}.xps
c:\users\Maria\AppData\Local\Microsoft\Windows\Temporary Internet Files\{CA368B70-0C04-43D6-BCB2-E19D8E57E83F}.xps
c:\users\Maria\AppData\Local\Microsoft\Windows\Temporary Internet Files\{CF642300-EEE7-4ABB-B0C0-B9308C0B226E}.xps
c:\users\Maria\AppData\Local\Microsoft\Windows\Temporary Internet Files\{D571216B-1089-4E27-A24B-35E07D3FC704}.xps
c:\users\Maria\AppData\Local\Microsoft\Windows\Temporary Internet Files\{DC90C3BB-F1C5-4604-B1DD-5BC9E9323DCD}.xps
c:\users\Maria\AppData\Local\Microsoft\Windows\Temporary Internet Files\{DE94ADF8-42D8-424D-9CAA-4364061E9A81}.xps
c:\users\Maria\AppData\Local\Microsoft\Windows\Temporary Internet Files\{DFB35C09-EB38-45A9-A9D7-2C4039E57577}.xps
c:\users\Maria\AppData\Local\Microsoft\Windows\Temporary Internet Files\{F0C8C403-37A9-46B6-98F6-7A7C66E7549D}.xps
c:\users\Maria\AppData\Local\Microsoft\Windows\Temporary Internet Files\{F0DE416B-F7F7-41D2-868E-81A0C318E947}.xps
c:\users\Maria\AppData\Local\Microsoft\Windows\Temporary Internet Files\{F2639862-C768-4385-A6AE-B31511AC6128}.xps
c:\users\Maria\AppData\Local\Microsoft\Windows\Temporary Internet Files\{F4481E84-ADEE-4DE9-9D32-B0EC0C9B51C2}.xps
c:\users\Maria\AppData\Local\Microsoft\Windows\Temporary Internet Files\{F57297BA-FEA7-453E-97E1-1BF6B56B47CA}.xps
c:\users\Maria\AppData\Local\Microsoft\Windows\Temporary Internet Files\{F9C9C474-383A-418C-9DCC-22EF68358270}.xps
c:\users\Maria\AppData\Roaming\Emda
c:\users\Maria\AppData\Roaming\Emda\zaeqe.exe
c:\users\Maria\AppData\Roaming\ie_util.exe
c:\users\Maria\AppData\Roaming\Leesmi
c:\users\Maria\AppData\Roaming\Leesmi\yqapy.exe
c:\users\Maria\AppData\Roaming\skype.ini
c:\users\Maria\AppData\Roaming\Tarok
c:\users\Maria\AppData\Roaming\Tarok\relu.cui
c:\users\Maria\AppData\Roaming\Tovape
c:\users\Maria\AppData\Roaming\Tovape\infi.soc
c:\users\Maria\Documents\~WRL0005.tmp
c:\users\Maria\setup_dm_FOTO_Paradies_CEWE_FOTOBUCH.exe
c:\windows\system32\pt
c:\windows\system32\pt\AuthFWSnapIn.Resources.dll
c:\windows\system32\pt\AuthFWWizFwk.Resources.dll
c:\windows\system32\pt\Narrator.resources.dll
.
.
(((((((((((((((((((((((  Dateien erstellt von 2013-01-23 bis 2013-02-23  ))))))))))))))))))))))))))))))
.
.
2013-02-23 14:04 . 2013-02-23 14:04        --------        d-----w-        c:\users\Default\AppData\Local\temp
2013-02-23 14:04 . 2013-02-23 14:04        --------        d-----w-        c:\users\anna\AppData\Local\temp
2013-02-23 14:04 . 2013-02-23 14:05        --------        d-----w-        c:\users\Maria\AppData\Local\temp
2013-02-23 13:43 . 2013-02-23 13:43        60872        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{EE0A9AA1-D6CE-49E6-9617-CB5E5E0AAA43}\offreg.dll
2013-02-22 13:34 . 2013-02-22 13:34        --------        d-----w-        C:\_OTL
2013-02-22 12:57 . 2013-02-22 12:57        --------        d-----w-        C:\9c349c3a9ccda259d0eab931fd
2013-02-22 11:06 . 2013-02-22 11:06        --------        d-----w-        c:\windows\system32\EventProviders
2013-02-22 08:53 . 2013-02-08 00:45        6954968        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{EE0A9AA1-D6CE-49E6-9617-CB5E5E0AAA43}\mpengine.dll
2013-02-22 08:22 . 2013-02-22 08:22        --------        d-----w-        c:\users\Maria\AppData\Roaming\Efic
2013-02-22 07:38 . 2013-02-22 07:38        40776        ----a-w-        c:\windows\system32\drivers\mbamswissarmy.sys
2013-02-17 18:59 . 2013-02-17 18:59        --------        d-----w-        c:\program files\BootDisk2BootStick
2013-02-17 18:42 . 2013-02-17 18:42        --------        d-----w-        C:\SWSetup
2013-02-17 17:54 . 2013-02-17 17:54        --------        d-----w-        c:\program files\ISO to USB
2013-02-17 17:44 . 2013-02-17 17:46        --------        d-----w-        C:\OTLPE
2013-02-17 17:28 . 2013-02-17 17:28        --------        d---a-w-        C:\eeepcfr
2013-02-17 17:28 . 2013-02-17 17:28        --------        d-----w-        c:\program files\7-Zip
2013-02-17 16:23 . 2013-02-17 16:23        --------        d-----w-        c:\users\Maria\AppData\Roaming\Avira
2013-02-17 16:16 . 2013-02-17 16:16        --------        d-----w-        c:\users\anna\AppData\Roaming\Malwarebytes
2013-02-17 15:08 . 2013-02-17 15:08        --------        d-----w-        c:\users\Maria\AppData\Roaming\Malwarebytes
2013-02-17 15:08 . 2013-02-17 15:08        --------        d-----w-        c:\programdata\Malwarebytes
2013-02-17 15:07 . 2013-02-17 15:07        --------        d-----w-        c:\users\Maria\AppData\Local\Programs
2013-02-14 18:30 . 2012-12-26 04:51        760320        ----a-w-        c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-14 18:27 . 2013-02-22 10:02        --------        d-----w-        c:\users\Maria\AppData\Roaming\Tecu
2013-02-13 10:58 . 2013-02-13 11:01        --------        d-----r-        c:\users\anna\Dropbox
2013-02-13 10:55 . 2013-02-17 14:52        --------        d-----w-        c:\users\anna\AppData\Roaming\Dropbox
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-17 00:28 . 2010-06-29 13:41        232336        ------w-        c:\windows\system32\MpSigStub.exe
2012-12-16 14:25 . 2012-12-23 09:01        295424        ----a-w-        c:\windows\system32\atmfd.dll
2012-12-16 14:25 . 2012-12-23 09:01        34304        ----a-w-        c:\windows\system32\atmlib.dll
2012-12-07 05:04 . 2013-01-10 06:58        308736        ----a-w-        c:\windows\system32\Wpc.dll
2012-12-07 04:57 . 2013-01-10 06:58        2576384        ----a-w-        c:\windows\system32\gameux.dll
2012-12-07 03:21 . 2013-01-10 06:58        45568        ----a-w-        c:\windows\system32\oflc-nz.rs
2012-12-07 03:21 . 2013-01-10 06:58        44544        ----a-w-        c:\windows\system32\pegibbfc.rs
2012-12-07 03:21 . 2013-01-10 06:58        43520        ----a-w-        c:\windows\system32\csrr.rs
2012-12-07 03:21 . 2013-01-10 06:58        30720        ----a-w-        c:\windows\system32\usk.rs
2012-12-07 03:21 . 2013-01-10 06:58        23552        ----a-w-        c:\windows\system32\oflc.rs
2012-12-07 03:21 . 2013-01-10 06:58        20480        ----a-w-        c:\windows\system32\pegi-pt.rs
2012-12-07 03:21 . 2013-01-10 06:58        20480        ----a-w-        c:\windows\system32\pegi.rs
2012-12-07 03:21 . 2013-01-10 06:58        20480        ----a-w-        c:\windows\system32\pegi-fi.rs
2012-12-07 03:21 . 2013-01-10 06:58        46592        ----a-w-        c:\windows\system32\fpb.rs
2012-12-07 03:21 . 2013-01-10 06:58        21504        ----a-w-        c:\windows\system32\grb.rs
2012-12-07 03:21 . 2013-01-10 06:58        55296        ----a-w-        c:\windows\system32\cero.rs
2012-12-07 03:21 . 2013-01-10 06:58        51712        ----a-w-        c:\windows\system32\esrb.rs
2012-12-07 03:21 . 2013-01-10 06:58        40960        ----a-w-        c:\windows\system32\cob-au.rs
2012-12-07 03:21 . 2013-01-10 06:58        15360        ----a-w-        c:\windows\system32\djctq.rs
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Eintr‰ge & legitime Standardeintr‰ge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}"= "c:\program files\DVDVideoSoftTB_DE\prxtbDVD0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}]
2011-05-09 09:49        176936        ----a-w-        c:\program files\DVDVideoSoftTB_DE\prxtbDVD0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}"= "c:\program files\DVDVideoSoftTB_DE\prxtbDVD0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{0027DA2D-C9F2-4B0B-AE05-E2CD1BDB6CFF}"= "c:\program files\DVDVideoSoftTB_DE\prxtbDVD0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-11-12 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-05-27 98304]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-12 281768]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-24 421160]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2012-05-29 115032]
"Sweetpacks Communicator"="c:\program files\SweetIM\Communicator\SweetPacksUpdateManager.exe" [2012-08-15 231768]
.
c:\users\Maria\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE [2011-9-2 227712]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~2\BROWSE~1\23787~1.43\{16CDF~1\browsemngr.dll
.
R2 SystemStoreService;System Store Service;c:\program files\Freemium\SystemStore\SystemStore.exe  -displayname System Store Service -servicename:SystemStoreService [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-02-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-12 20:00]
.
2013-02-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-12 20:00]
.
.
------- Zus‰tzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.at/
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://home.sweetim.com/?crg=3.1010000.10002&barid={D36284D0-04C8-11E2-8745-6C626D5FB596}
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: An OneNote s&enden - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
IE: Free YouTube to MP3 Converter - c:\users\Maria\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/5221-29898-17534-1/4
.
- - - - Entfernte verwaiste Registrierungseintr‰ge - - - -
.
URLSearchHooks-{872b5b88-9db5-4310-bdd0-ac189557e5f5} - (no file)
WebBrowser-{872B5B88-9DB5-4310-BDD0-AC189557E5F5} - (no file)
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
HKCU-Run-Koyxagp - c:\users\Maria\AppData\Roaming\Leesmi\yqapy.exe
HKCU-Run-IExplorer Util - c:\users\Maria\AppData\Roaming\ie_util.exe
SafeBoot-BsScanner
AddRemove-Free Audio CD Burner_is1 - c:\program files\DVDVideoSoft\Free Audio CD Burner\unins000.exe
AddRemove-Free YouTube Download_is1 - c:\program files\DVDVideoSoft\Free YouTube Download\unins000.exe
AddRemove-Uninstall_is1 - c:\program files\Common Files\DVDVideoSoft\unins000.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SystemStoreService]
"ImagePath"="\"c:\program files\Freemium\SystemStore\SystemStore.exe\"  -displayname \"System Store Service\" -servicename:SystemStoreService"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-02-23  15:09:19
ComboFix-quarantined-files.txt  2013-02-23 14:09
.
Vor Suchlauf: 11 Verzeichnis(se), 803.923.636.224 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 805.458.354.176 Bytes frei
.
- - End Of File - - E8C43277D6952387FED6773D6E16509E


Alle Zeitangaben in WEZ +1. Es ist jetzt 09:04 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19