|
Virus in C:\User\NAME\AppData (lässt sich löschen, aber taucht immer wieder auf) Hi! Habe schon seit längerem das Problem, dass auf meinem Laptop im Ordner C:\Users\NAME\AppData immer wieder ein Virus von Avira AntiVir gemeldet wird. Die letzten beiden Meldungen waren z.B.: In der Datei C:\User\NAME\AppData\LocalLow\...\95f8fc4-2af0db09 wurde ein Virus oder unerwünschtes Programm 'EXP/CVE-2012-0507.DD' gefunden. und: In der Datei C:\User\NAME\AppData\Local\bardydeab.exe wurde ein Virus oder unerwünschtes Programm ‘TR/Winwebsec.AJ.14’ gefunden. Ich kann die Dateien zwar löschen, aber nach einiger Zeit kommt dann eine neue Meldung von AntiVir mit einem neuen Virus. Habe schonmal rumgestöbert und gelesen, dass der Virus öfter vorkommt. Habe aber nichts gefunden, wie ich ihn jetzt einfach so löschen könnte ohne genaue Anleitung. Habe auch gelesen, dass der Virus harmlos sein soll, aber mit der Zeit nervt es einfach und weil jetzt auch noch meine Firewall irgendwie gelöscht wurde, wollte ich das jetzt doch mal beheben. Habe jetzt defogger ausgeführt und mir von OTL die folgende OTL.txt Datei erstellen lassen: OTL logfile created on: 24.03.2013 16:14:04 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\aläx\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,85 Gb Available Physical Memory | 71,30% Memory free 7,99 Gb Paging File | 6,63 Gb Available in Paging File | 83,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 284,56 Gb Total Space | 220,98 Gb Free Space | 77,66% Space Free | Partition Type: NTFS Drive D: | 13,23 Gb Total Space | 2,21 Gb Free Space | 16,67% Space Free | Partition Type: NTFS Drive E: | 435,88 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Drive F: | 931,51 Gb Total Space | 562,59 Gb Free Space | 60,40% Space Free | Partition Type: NTFS Computer Name: ALÄX-PC | User Name: aläx | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - File not found -- C:\Programme\WTGService.exe PRC - [2013.03.24 15:30:28 | 000,003,072 | ---- | M] (Microsoft Corporation) -- C:\Users\ALX~1\AppData\Local\Temp\XrDAF61.exe PRC - [2013.03.24 15:23:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\aläx\Desktop\OTL.exe PRC - [2012.12.18 20:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.12.10 17:29:46 | 002,254,768 | ---- | M] (LogMeIn Inc.) -- F:\Spiele\hamachi\hamachi-2-ui.exe PRC - [2011.07.04 15:17:14 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2011.04.28 18:30:19 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2010.09.02 22:25:33 | 000,066,872 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2010.08.02 16:09:32 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2010.07.08 18:05:12 | 000,160,992 | R--- | M] (4G Systems GmbH & Co. KG) -- C:\Windows\starter4g.exe PRC - [2010.07.08 18:05:08 | 000,145,120 | R--- | M] (4G Systems GmbH & Co. KG) -- C:\Windows\service4g.exe PRC - [2008.03.13 03:59:05 | 000,684,032 | R--- | M] () -- C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerQuick.exe ========== Modules (No Company Name) ========== MOD - [2008.03.13 03:59:05 | 000,684,032 | R--- | M] () -- C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerQuick.exe ========== Services (SafeList) ========== SRV:64bit: - [2009.07.22 02:33:32 | 000,240,128 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\stacsv64.exe -- (STacSV) SRV:64bit: - [2009.07.08 13:49:02 | 000,030,520 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv) SRV:64bit: - [2009.07.02 19:16:06 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2009.03.02 22:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe -- (AESTFilters) SRV - File not found [Auto | Running] -- C:\Programme\WTGService.exe -- (WTGService) SRV - [2012.12.18 20:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.12.10 17:29:46 | 002,465,712 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- F:\Spiele\hamachi\hamachi-2.exe -- (Hamachi2Svc) SRV - [2012.07.17 14:14:44 | 002,292,480 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2011.07.04 15:17:14 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.04.28 18:30:19 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2010.09.02 22:25:33 | 000,066,872 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2010.07.08 18:05:08 | 000,145,120 | R--- | M] (4G Systems GmbH & Co. KG) [Auto | Running] -- C:\Windows\service4g.exe -- (XS Stick Service) SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.07.22 02:33:32 | 000,240,128 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\STacSV64.exe -- (STacSV) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009.05.22 19:02:20 | 000,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService) SRV - [2009.03.02 22:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe -- (AESTFilters) SRV - [2009.02.22 11:00:00 | 000,129,584 | ---- | M] (EasyBits Sofware AS) [Auto | Running] -- C:\Windows\SysWOW64\ezsvc7.dll -- (ezSharedSvc) SRV - [2007.05.31 16:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm) SRV - [2007.05.31 16:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.02.22 11:34:36 | 000,028,160 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mcaudrv_x64.sys -- (mcaudrv_simple) DRV:64bit: - [2012.01.11 07:11:20 | 000,034,304 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mcvidrv_x64.sys -- (ManyCam) DRV:64bit: - [2011.10.19 16:04:54 | 000,117,888 | ---- | M] (Mobile Connector) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\cmnsusbser.sys -- (cmnsusbser) DRV:64bit: - [2011.07.04 15:17:15 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2011.07.04 15:17:15 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.20 10:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2010.06.14 09:32:54 | 000,016,448 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TFsExDisk.sys -- (TFsExDisk) DRV:64bit: - [2010.04.27 03:25:14 | 000,161,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_mdm.sys -- (ss_mdm) DRV:64bit: - [2010.04.27 03:25:14 | 000,127,488 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_bus.sys -- (ss_bus) DRV:64bit: - [2010.04.27 03:25:14 | 000,018,944 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_mdfl.sys -- (ss_mdfl) DRV:64bit: - [2009.10.16 01:33:06 | 000,050,176 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2009.09.22 02:47:14 | 001,484,800 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2009.07.22 02:33:32 | 000,487,936 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA) DRV:64bit: - [2009.07.21 04:39:22 | 000,140,712 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR) DRV:64bit: - [2009.07.15 00:16:34 | 000,273,456 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.08 13:49:08 | 000,030,008 | ---- | M] (Hewlett-Packard) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt) DRV:64bit: - [2009.07.08 13:48:22 | 000,033,848 | ---- | M] (Hewlett-Packard) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer) DRV:64bit: - [2009.07.02 19:51:30 | 006,036,480 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag) DRV:64bit: - [2009.06.29 19:17:00 | 000,070,656 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\enecir.sys -- (enecir) DRV:64bit: - [2009.06.10 22:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92) DRV:64bit: - [2009.06.10 22:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac) DRV:64bit: - [2009.06.10 22:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA) DRV:64bit: - [2009.06.10 22:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem) DRV:64bit: - [2009.06.10 21:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2009.06.10 21:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7) DRV:64bit: - [2009.06.10 21:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.06.05 11:20:26 | 000,114,192 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService) DRV:64bit: - [2009.05.23 07:52:30 | 000,215,040 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2009.05.18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2009.05.05 06:30:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) DRV:64bit: - [2009.04.29 07:48:32 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr) DRV:64bit: - [2009.03.18 16:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi) DRV:64bit: - [2009.03.09 06:49:08 | 000,036,408 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter) DRV:64bit: - [2009.02.03 16:37:50 | 000,075,384 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sfdrv01.sys -- (sfdrv01) DRV:64bit: - [2007.02.08 18:47:24 | 000,107,384 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sfvfs02.sys -- (sfvfs02) DRV:64bit: - [2006.06.14 15:58:10 | 000,014,192 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sfhlp02.sys -- (sfhlp02) DRV - [2010.06.14 08:32:54 | 000,016,448 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys -- (TFsExDisk) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2006.07.24 15:05:00 | 000,005,632 | ---- | M] () [File_System | System | Stopped] -- C:\Windows\SysWow64\drivers\StarOpen.sys -- (StarOpen) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_DE&c=94&bd=Pavilion&pf=cnnb IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_DE&c=94&bd=Pavilion&pf=cnnb IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {2C7072CC-3B6A-4D18-856D-F60EF665414F} IE:64bit: - HKLM\..\SearchScopes\{1366F70F-D4B1-41A2-9C50-344E76EADE50}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933 IE:64bit: - HKLM\..\SearchScopes\{2C7072CC-3B6A-4D18-856D-F60EF665414F}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcnnbie7-de-de IE:64bit: - HKLM\..\SearchScopes\{3CA7DAB2-1C99-4C76-88C3-55972FB79B59}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_DE&c=94&bd=Pavilion&pf=cnnb IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_DE&c=94&bd=Pavilion&pf=cnnb IE - HKLM\..\SearchScopes,DefaultScope = {2C7072CC-3B6A-4D18-856D-F60EF665414F} IE - HKLM\..\SearchScopes\{1366F70F-D4B1-41A2-9C50-344E76EADE50}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933 IE - HKLM\..\SearchScopes\{2C7072CC-3B6A-4D18-856D-F60EF665414F}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcnnbie7-de-de IE - HKLM\..\SearchScopes\{3CA7DAB2-1C99-4C76-88C3-55972FB79B59}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_DE&c=94&bd=Pavilion&pf=cnnb IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&AF=109980&babsrc=SP_ss&mntrId=1c81958b000000000000904ce520160f IE - HKCU\..\SearchScopes\{1366F70F-D4B1-41A2-9C50-344E76EADE50}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933 IE - HKCU\..\SearchScopes\{2C7072CC-3B6A-4D18-856D-F60EF665414F}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcnnbie7-de-de IE - HKCU\..\SearchScopes\{3CA7DAB2-1C99-4C76-88C3-55972FB79B59}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008 IE - HKCU\..\SearchScopes\{47522523-F1B8-4B63-9EC9-15807E0E8449}: "URL" = hxxp://search.gmx.com/web?q={searchTerms}&origin=tb_splugin_ie IE - HKCU\..\SearchScopes\{5585AEC1-CE42-4BAE-A3BC-9DF54F6B9FD3}: "URL" = hxxp://go.gmx.net/tb/ie_searchplugin/?su={searchTerms} IE - HKCU\..\SearchScopes\{8973871B-05D6-44D3-BA13-14C8C276662C}: "URL" = hxxp://go.web.de/tb/ie_searchplugin/?su={searchTerms} IE - HKCU\..\SearchScopes\{AC129BF9-68BF-4bc4-A1DC-ECB62712FF99}: "URL" = hxxp://search.kikin.com/search/?q={searchTerms} IE - HKCU\..\SearchScopes\{B1A44835-B2AC-49D9-8D8F-7629C6832589}: "URL" = hxxp://go.1und1.de/tb/ie_searchplugin/?su={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)" FF - prefs.js..browser.search.order.1: "Search the web (Babylon)" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.kicker.de" FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: {AA994882-F391-4d2e-806F-8908DA4814ED}:2.11.14 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.10 FF - prefs.js..extensions.enabledItems: gencrawler@some.com:2.0 FF - prefs.js..keyword.URL: "hxxp://search.babylon.com/?AF=109980&babsrc=adbartrp&mntrId=1c81958b000000000000904ce520160f&q=" FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.03.19 02:59:31 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.03.19 02:59:29 | 000,000,000 | ---D | M] [2010.02.05 21:17:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\aläx\AppData\Roaming\mozilla\Extensions [2010.08.11 16:39:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\aläx\AppData\Roaming\mozilla\Firefox\Profiles\a4aqqrd9.default\extensions [2010.08.11 16:39:59 | 000,000,000 | ---D | M] (DVDVideoSoftTB Toolbar) -- C:\Users\aläx\AppData\Roaming\mozilla\Firefox\Profiles\a4aqqrd9.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} [2010.08.05 22:09:43 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\aläx\AppData\Roaming\mozilla\Firefox\Profiles\a4aqqrd9.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2013.03.19 03:08:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\aläx\AppData\Roaming\mozilla\Firefox\Profiles\p766a8oh.default\extensions [2013.03.19 03:08:28 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\aläx\AppData\Roaming\mozilla\Firefox\Profiles\p766a8oh.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} [2011.06.17 13:02:13 | 000,000,000 | ---D | M] (kikin plugin) -- C:\Users\aläx\AppData\Roaming\mozilla\Firefox\Profiles\p766a8oh.default\extensions\{AA994882-F391-4d2e-806F-8908DA4814ED} [2010.08.11 16:35:50 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\aläx\AppData\Roaming\mozilla\Firefox\Profiles\p766a8oh.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2013.03.19 03:08:24 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\aläx\AppData\Roaming\mozilla\Firefox\Profiles\p766a8oh.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2013.03.19 03:04:16 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\aläx\AppData\Roaming\mozilla\firefox\profiles\p766a8oh.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011.06.17 13:02:15 | 000,001,218 | ---- | M] () -- C:\Users\aläx\AppData\Roaming\mozilla\firefox\profiles\p766a8oh.default\searchplugins\kikin-search.xml [2013.03.19 03:02:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.02.29 14:31:51 | 000,000,000 | ---D | M] (Babylon) -- C:\Program Files (x86)\mozilla firefox\extensions\ffxtlbr@babylon.com [2013.03.07 15:30:04 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.06.28 16:42:00 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll [2013.03.07 16:45:15 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.02.29 14:31:38 | 000,002,310 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml [2013.03.07 16:45:15 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2013.03.07 16:45:15 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2013.03.07 16:45:15 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2013.03.07 16:45:15 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2013.03.07 16:45:15 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll File not found O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (kikin Plugin) - {E601996F-E400-41CA-804B-CD6373A7EEE2} - C:\Program Files (x86)\kikin\ie_kikin.dll (kikin) O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll File not found O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll File not found O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe () O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray64.exe (IDT, Inc.) O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [HPCam_Menu] c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [NPSStartup] File not found O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [starter4g] C:\Windows\starter4g.exe (4G Systems GmbH & Co. KG) O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKCU..\Run: [Windows Time] rundll32.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: WallpaperStyle = 2 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0 O8:64bit: - Extra context menu item: Download with &Media Finder - C:\Program Files (x86)\Media Finder\hook.html File not found O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\aläx\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm () O8:64bit: - Extra context menu item: Free YouTube to iPod Converter - C:\Users\aläx\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetoipodconverter.htm () O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\aläx\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~4\OFFICE11\EXCEL.EXE/3000 File not found O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Download with &Media Finder - C:\Program Files (x86)\Media Finder\hook.html File not found O8 - Extra context menu item: Free YouTube Download - C:\Users\aläx\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm () O8 - Extra context menu item: Free YouTube to iPod Converter - C:\Users\aläx\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetoipodconverter.htm () O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\aläx\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~4\OFFICE11\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000 File not found O9 - Extra 'Tools' menuitem : My kikin - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - C:\Program Files (x86)\kikin\ie_kikin.dll (kikin) O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~4\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{82E069DA-CFB1-49BC-AD6F-AE91BAE0ED11}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation) O18:64bit: - Protocol\Filter\text/xml - No CLSID value found O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2000.01.23 19:39:44 | 000,000,050 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ] O33 - MountPoints2\{2ef9167b-f7dd-11e0-b908-00269ea1636e}\Shell - "" = AutoRun O33 - MountPoints2\{2ef9167b-f7dd-11e0-b908-00269ea1636e}\Shell\AutoRun\command - "" = F:\autorun.exe O33 - MountPoints2\{9bb123b5-197d-11df-a543-00269ea1636e}\Shell - "" = AutoRun O33 - MountPoints2\{9bb123b5-197d-11df-a543-00269ea1636e}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a O33 - MountPoints2\{d08f58dd-d889-11de-852c-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{d08f58dd-d889-11de-852c-806e6f6e6963}\Shell\AutoRun\command - "" = E:\S3\AUTORUN.EXE -- [2000.02.02 23:51:54 | 000,062,976 | R--- | M] () O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.03.24 15:23:46 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\aläx\Desktop\OTL.exe [2013.03.19 20:32:36 | 000,000,000 | ---D | C] -- C:\Users\aläx\AppData\Local\Macromedia [2013.03.19 02:45:58 | 000,000,000 | ---D | C] -- C:\Program Files\Java [2013.03.15 19:45:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java [2013.03.04 05:49:48 | 000,000,000 | ---D | C] -- C:\Windows\Minidump [2013.02.22 23:19:45 | 000,000,000 | ---D | C] -- C:\Users\aläx\AppData\Roaming\{13215AB9-2B2E-4F6E-ADF1-1D7048C31288} [2013.02.22 23:18:54 | 000,000,000 | ---D | C] -- C:\Users\aläx\AppData\Roaming\{8B7C62AE-92BD-48AE-AA5B-FA375BC97E3E} [2011.10.19 16:04:55 | 001,015,859 | ---- | C] (Microsoft Corporation) -- C:\Program Files\mfc42.dll [2011.10.19 16:04:55 | 000,478,888 | ---- | C] (WebToGo Mobiles Internet GmbH) -- C:\Program Files\XSManager_SMSMMS.exe [2011.10.19 16:04:55 | 000,401,462 | ---- | C] (Microsoft Corporation) -- C:\Program Files\msvcp60.dll [2011.10.19 16:04:55 | 000,396,968 | ---- | C] (TODO: <Company name>) -- C:\Program Files\WTGToasterWin.dll [2011.10.19 16:04:55 | 000,331,432 | ---- | C] (XSManager GmbH) -- C:\Program Files\4GSystems_SMSMMSIta.dll [2011.10.19 16:04:55 | 000,331,432 | ---- | C] (WebToGo Mobiles Internet GmbH) -- C:\Program Files\4GSystems_SMSMMSSpa.dll [2011.10.19 16:04:55 | 000,331,432 | ---- | C] (WebToGo Mobiles Internet GmbH) -- C:\Program Files\4GSystems_SMSMMSFre.dll [2011.10.19 16:04:55 | 000,331,432 | ---- | C] (WebToGo Mobiles Internet GmbH) -- C:\Program Files\4GSystems_SMSMMSEng.dll [2011.10.19 16:04:55 | 000,286,773 | ---- | C] (Microsoft Corporation) -- C:\Program Files\msvcrt.dll [2011.10.19 16:04:55 | 000,057,344 | ---- | C] (WinAbility® Software Corporation) -- C:\Program Files\VistaLib32.dll [2011.10.19 16:04:54 | 001,470,120 | ---- | C] (WebToGo Mobiles Internet GmbH) -- C:\Program Files\XSManager.exe [2011.10.19 16:04:54 | 000,839,336 | ---- | C] (WebToGo Mobiles Internet GmbH) -- C:\Program Files\4GSystems_OneClickAssistantSpa.dll [2011.10.19 16:04:54 | 000,839,336 | ---- | C] (WebToGo Mobiles Internet GmbH) -- C:\Program Files\4GSystems_OneClickAssistantFre.dll [2011.10.19 16:04:54 | 000,839,336 | ---- | C] (WebToGo Mobiles Internet GmbH) -- C:\Program Files\4GSystems_OneClickAssistantEng.dll [2011.10.19 16:04:54 | 000,835,240 | ---- | C] (XSManager) -- C:\Program Files\4GSystems_OneClickAssistantIta.dll [2011.07.31 21:24:01 | 000,334,640 | ---- | C] (PokerStars) -- C:\Program Files (x86)\Tracer.exe [2011.07.31 21:23:53 | 008,963,608 | ---- | C] (PokerStars) -- C:\Program Files (x86)\PokerStars.exe [2011.07.31 21:23:53 | 000,816,472 | ---- | C] (PokerStars.com) -- C:\Program Files (x86)\PokerStarsCommunicate.exe [2011.07.31 21:23:53 | 000,656,728 | ---- | C] ( PokerStars) -- C:\Program Files (x86)\PokerStarsOnlineUpdate.exe [2011.07.31 21:23:53 | 000,581,208 | ---- | C] (PokerStars) -- C:\Program Files (x86)\PokerStarsUpdate.exe [2007.08.13 17:46:00 | 000,102,912 | ---- | C] (Albert L Faber) -- C:\Users\aläx\AppData\Local\CDRip.dll [2007.01.18 21:09:54 | 000,623,616 | ---- | C] (Ivan Bischof ©2003 - 2005) -- C:\Users\aläx\AppData\Local\No23 Recorder.exe [2006.12.11 19:13:14 | 000,013,872 | ---- | C] (Un4seen Developments) -- C:\Users\aläx\AppData\Local\basscd.dll [2006.12.11 19:13:12 | 000,097,336 | ---- | C] (Un4seen Developments) -- C:\Users\aläx\AppData\Local\bass.dll [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.03.24 16:12:11 | 000,004,454 | ---- | M] () -- C:\Users\aläx\Desktop\viruszeugs.rtf [2013.03.24 15:38:06 | 000,023,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.03.24 15:38:06 | 000,023,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.03.24 15:29:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.03.24 15:29:51 | 3218,235,392 | -HS- | M] () -- C:\hiberfil.sys [2013.03.24 15:23:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\aläx\Desktop\OTL.exe [2013.03.24 15:23:32 | 000,000,000 | ---- | M] () -- C:\Users\aläx\defogger_reenable [2013.03.24 15:22:59 | 000,050,477 | ---- | M] () -- C:\Users\aläx\Desktop\Defogger.exe [2013.03.21 22:35:46 | 000,000,330 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForaläx.job [2013.03.19 02:59:33 | 000,001,147 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2013.03.15 19:49:01 | 000,002,019 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk [2013.03.14 15:44:47 | 000,001,498 | ---- | M] () -- C:\Users\aläx\Desktop\DVD Shrink 3.2.lnk [2013.03.04 05:49:33 | 453,885,265 | ---- | M] () -- C:\Windows\MEMORY.DMP [2013.03.01 00:36:29 | 000,000,000 | ---- | M] () -- C:\Users\aläx\Documents\ts3_clientui-win64-1351504843-2013-03-01 00_36_29.123775.dmp [2013.02.25 21:00:39 | 000,000,000 | ---- | M] () -- C:\Users\aläx\Documents\ts3_clientui-win64-1351504843-2013-02-25 21_00_39.025264.dmp [2013.02.22 21:49:30 | 000,000,680 | ---- | M] () -- C:\Users\aläx\Desktop\TeamSpeak 3 Client.lnk [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.03.24 15:43:48 | 000,004,454 | ---- | C] () -- C:\Users\aläx\Desktop\viruszeugs.rtf [2013.03.24 15:23:32 | 000,000,000 | ---- | C] () -- C:\Users\aläx\defogger_reenable [2013.03.24 15:22:58 | 000,050,477 | ---- | C] () -- C:\Users\aläx\Desktop\Defogger.exe [2013.03.21 17:03:50 | 000,000,330 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForaläx.job [2013.03.19 02:59:33 | 000,001,147 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2013.03.15 19:49:01 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk [2013.03.15 19:49:01 | 000,002,019 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk [2013.03.14 15:44:47 | 000,001,498 | ---- | C] () -- C:\Users\aläx\Desktop\DVD Shrink 3.2.lnk [2013.03.04 05:49:33 | 453,885,265 | ---- | C] () -- C:\Windows\MEMORY.DMP [2013.03.01 00:36:29 | 000,000,000 | ---- | C] () -- C:\Users\aläx\Documents\ts3_clientui-win64-1351504843-2013-03-01 00_36_29.123775.dmp [2013.02.25 21:00:39 | 000,000,000 | ---- | C] () -- C:\Users\aläx\Documents\ts3_clientui-win64-1351504843-2013-02-25 21_00_39.025264.dmp [2013.02.22 21:49:30 | 000,000,680 | ---- | C] () -- C:\Users\aläx\Desktop\TeamSpeak 3 Client.lnk [2013.02.06 13:53:15 | 000,021,584 | ---- | C] () -- C:\Program Files (x86)\_update2xblack.dat [2013.02.06 13:51:35 | 000,008,933 | ---- | C] () -- C:\Program Files (x86)\_update2nova.dat [2013.02.06 13:51:35 | 000,000,626 | ---- | C] () -- C:\Program Files (x86)\_update2nova.red.dat [2012.12.27 19:18:57 | 000,021,840 | ---- | C] () -- C:\Windows\SysWow64\SIntfNT.dll [2012.12.27 19:18:57 | 000,017,212 | ---- | C] () -- C:\Windows\SysWow64\SIntf32.dll [2012.12.27 19:18:57 | 000,012,067 | ---- | C] () -- C:\Windows\SysWow64\SIntf16.dll [2012.12.27 18:24:42 | 000,000,204 | ---- | C] () -- C:\Windows\SIERRA.INI [2012.11.17 18:28:53 | 000,017,408 | ---- | C] () -- C:\Users\aläx\AppData\Local\WebpageIcons.db [2012.10.16 22:37:15 | 000,003,420 | ---- | C] () -- C:\Users\aläx\AppData\Local\recently-used.xbel [2012.07.31 19:58:52 | 004,503,728 | ---- | C] () -- C:\ProgramData\ras_0oed.pad [2012.07.15 21:51:54 | 004,503,728 | ---- | C] () -- C:\ProgramData\to_r0tsef.pad [2012.07.02 18:54:31 | 004,503,728 | ---- | C] () -- C:\ProgramData\l_u0_0.pad [2012.06.23 19:08:35 | 000,061,440 | ---- | C] () -- C:\ProgramData\lwvbmfpg.exe [2012.06.23 19:07:50 | 000,000,052 | ---- | C] () -- C:\ProgramData\kecdlwzfsrwccet [2012.06.23 02:27:05 | 000,304,128 | ---- | C] () -- C:\Users\aläx\AppData\Local\bardydeab.exe [2011.10.19 16:04:55 | 004,129,044 | ---- | C] () -- C:\Program Files\webtogodb.wdb [2011.10.19 16:04:55 | 001,023,656 | ---- | C] () -- C:\Program Files\Setup.exe [2011.10.19 16:04:55 | 000,495,272 | ---- | C] () -- C:\Program Files\4GSystems_UpgraderSpa.dll [2011.10.19 16:04:55 | 000,495,272 | ---- | C] () -- C:\Program Files\4GSystems_UpgraderIta.dll [2011.10.19 16:04:55 | 000,495,272 | ---- | C] () -- C:\Program Files\4GSystems_UpgraderGer.dll [2011.10.19 16:04:55 | 000,495,272 | ---- | C] () -- C:\Program Files\4GSystems_UpgraderFre.dll [2011.10.19 16:04:55 | 000,495,272 | ---- | C] () -- C:\Program Files\4GSystems_UpgraderEng.dll [2011.10.19 16:04:55 | 000,476,511 | ---- | C] () -- C:\Program Files\Help_eng.chm [2011.10.19 16:04:55 | 000,427,495 | ---- | C] () -- C:\Program Files\Help_ger.chm [2011.10.19 16:04:55 | 000,413,648 | ---- | C] () -- C:\Program Files\OSU.exe [2011.10.19 16:04:55 | 000,386,713 | ---- | C] () -- C:\Program Files\Help_ita.chm [2011.10.19 16:04:55 | 000,366,391 | ---- | C] () -- C:\Program Files\Help_fre.chm [2011.10.19 16:04:55 | 000,360,127 | ---- | C] () -- C:\Program Files\Help_spa.chm [2011.10.19 16:04:55 | 000,331,432 | ---- | C] () -- C:\Program Files\4GSystems_SMSMMSGer.dll [2011.10.19 16:04:55 | 000,329,168 | ---- | C] () -- C:\Program Files\WTGService.exe [2011.10.19 16:04:55 | 000,243,152 | ---- | C] () -- C:\Program Files\WTGVistaUtil.exe [2011.10.19 16:04:55 | 000,118,436 | ---- | C] () -- C:\Program Files\WTGPhoneCaps.dat [2011.10.19 16:04:55 | 000,094,278 | ---- | C] () -- C:\Program Files\WtgZip.dll [2011.10.19 16:04:55 | 000,065,192 | ---- | C] () -- C:\Program Files\WTGMMSPCClient.dll [2011.10.19 16:04:55 | 000,030,160 | ---- | C] () -- C:\Program Files\InstallWTGService.exe [2011.10.19 16:04:55 | 000,024,584 | ---- | C] () -- C:\Program Files\WTGMMSProfiles.dat [2011.10.19 16:04:55 | 000,024,576 | ---- | C] () -- C:\Program Files\WTGDebugs.dll [2011.10.19 16:04:55 | 000,000,992 | ---- | C] () -- C:\Program Files\providers.xml [2011.10.19 16:04:55 | 000,000,567 | ---- | C] () -- C:\Program Files\KD.xml [2011.10.19 16:04:55 | 000,000,518 | ---- | C] () -- C:\Program Files\mmsc.xml [2011.10.19 16:04:55 | 000,000,193 | ---- | C] () -- C:\Program Files\config.ini [2011.10.19 16:04:54 | 000,962,216 | ---- | C] () -- C:\Program Files\Uninstaller.exe [2011.10.19 16:04:54 | 000,835,240 | ---- | C] () -- C:\Program Files\4GSystems_OneClickAssistantGer.dll [2011.10.19 16:04:54 | 000,831,144 | ---- | C] () -- C:\Program Files\UninstallerSpa.dll [2011.10.19 16:04:54 | 000,831,144 | ---- | C] () -- C:\Program Files\UninstallerGer.dll [2011.10.19 16:04:54 | 000,831,144 | ---- | C] () -- C:\Program Files\UninstallerFre.dll [2011.10.19 16:04:54 | 000,745,128 | ---- | C] () -- C:\Program Files\UninstallerIta.dll [2011.10.19 16:04:54 | 000,376,832 | ---- | C] () -- C:\Program Files\WtgCore.dll [2011.10.19 16:04:54 | 000,204,800 | ---- | C] () -- C:\Program Files\WtgUtil.dll [2011.10.19 16:04:54 | 000,183,976 | ---- | C] () -- C:\Program Files\WTGSMSPCClient.dll [2011.10.19 16:04:54 | 000,143,360 | ---- | C] () -- C:\Program Files\WtgDetection.dll [2011.10.19 16:04:54 | 000,139,264 | ---- | C] () -- C:\Program Files\WtgBluetooth.dll [2011.10.19 16:04:54 | 000,110,592 | ---- | C] () -- C:\Program Files\WtgDatabase.dll [2011.10.19 16:04:54 | 000,065,536 | ---- | C] () -- C:\Program Files\WtgDialup.dll [2011.10.19 16:04:54 | 000,045,056 | ---- | C] () -- C:\Program Files\WtgDriverInstall.dll [2011.10.19 16:04:54 | 000,024,576 | ---- | C] () -- C:\Program Files\WtgDriverInstallX.dll [2011.10.19 16:04:54 | 000,020,136 | ---- | C] () -- C:\Program Files\4GSystems_WTGSMSPCClientSpa.dll [2011.10.19 16:04:54 | 000,020,136 | ---- | C] () -- C:\Program Files\4GSystems_WTGSMSPCClientIta.dll [2011.10.19 16:04:54 | 000,020,136 | ---- | C] () -- C:\Program Files\4GSystems_WTGSMSPCClientGer.dll [2011.10.19 16:04:54 | 000,020,136 | ---- | C] () -- C:\Program Files\4GSystems_WTGSMSPCClientFre.dll [2011.10.19 16:04:54 | 000,020,136 | ---- | C] () -- C:\Program Files\4GSystems_WTGSMSPCClientEng.dll [2011.10.19 15:31:32 | 000,258,048 | R--- | C] () -- C:\Windows\SysWow64\sptlib01.dll [2011.10.19 15:31:32 | 000,253,952 | R--- | C] () -- C:\Windows\SysWow64\sptlib02.dll [2011.10.19 15:31:32 | 000,049,152 | R--- | C] () -- C:\Windows\SysWow64\AVerIO.dll [2011.10.19 15:31:32 | 000,003,456 | R--- | C] () -- C:\Windows\SysWow64\AVerIO.sys [2011.07.31 21:24:46 | 000,087,582 | ---- | C] () -- C:\Program Files (x86)\_update2g.dat [2011.07.31 21:24:46 | 000,038,476 | ---- | C] () -- C:\Program Files (x86)\_update2gcd.dat [2011.07.31 21:24:46 | 000,005,019 | ---- | C] () -- C:\Program Files (x86)\_update2oldblack.dat [2011.07.31 21:24:46 | 000,003,452 | ---- | C] () -- C:\Program Files (x86)\_update2marine.dat [2011.07.31 21:24:46 | 000,003,356 | ---- | C] () -- C:\Program Files (x86)\_update2renaissance.dat [2011.07.31 21:24:46 | 000,003,265 | ---- | C] () -- C:\Program Files (x86)\_update2azure.dat [2011.07.31 21:24:46 | 000,001,655 | ---- | C] () -- C:\Program Files (x86)\_update2shiny.dat [2011.07.31 21:24:46 | 000,001,579 | ---- | C] () -- C:\Program Files (x86)\_update2black.dat [2011.07.31 21:24:46 | 000,001,122 | ---- | C] () -- C:\Program Files (x86)\_update2simple.dat [2011.07.31 21:24:46 | 000,000,947 | ---- | C] () -- C:\Program Files (x86)\_update2renaissance.green.dat [2011.07.31 21:24:46 | 000,000,486 | ---- | C] () -- C:\Program Files (x86)\_update2s.dat [2011.07.31 21:24:46 | 000,000,163 | ---- | C] () -- C:\Program Files (x86)\_update2rare.dat [2011.07.31 21:24:46 | 000,000,075 | ---- | C] () -- C:\Program Files (x86)\_update2default.dat [2011.07.31 21:24:01 | 000,000,905 | ---- | C] () -- C:\Program Files (x86)\Uninstall PokerStars.lnk [2011.07.31 21:24:01 | 000,000,475 | ---- | C] () -- C:\Program Files (x86)\update.ini [2011.07.31 21:24:01 | 000,000,219 | ---- | C] () -- C:\Program Files (x86)\trace.ini [2011.07.31 21:24:01 | 000,000,199 | ---- | C] () -- C:\Program Files (x86)\tinfo.dat [2011.07.31 21:24:01 | 000,000,195 | ---- | C] () -- C:\Program Files (x86)\user.ini [2011.07.31 21:23:53 | 000,585,728 | ---- | C] () -- C:\Program Files (x86)\PokerStarsUninstall.exe [2011.07.31 21:23:53 | 000,046,360 | ---- | C] () -- C:\Program Files (x86)\Stub.exe [2011.07.31 21:23:53 | 000,001,442 | ---- | C] () -- C:\Program Files (x86)\PokerStars.ini [2011.07.31 21:23:47 | 000,000,707 | ---- | C] () -- C:\Program Files (x86)\fw.ini [2011.07.21 17:22:14 | 000,000,600 | ---- | C] () -- C:\Users\aläx\AppData\Roaming\winscp.rnd [2011.05.11 21:50:20 | 000,103,736 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2010.03.08 21:49:18 | 000,001,466 | ---- | C] () -- C:\Users\aläx\AppData\Local\RecConfig.xml [2010.02.17 22:05:59 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt [2007.08.13 17:46:00 | 000,155,136 | ---- | C] () -- C:\Users\aläx\AppData\Local\lame_enc.dll [2006.10.26 01:06:48 | 000,064,000 | ---- | C] () -- C:\Users\aläx\AppData\Local\vorbisenc.dll [2006.10.26 01:06:48 | 000,019,456 | ---- | C] () -- C:\Users\aläx\AppData\Local\vorbisfile.dll [2006.10.26 01:06:46 | 000,143,872 | ---- | C] () -- C:\Users\aläx\AppData\Local\vorbis.dll [2006.10.26 01:06:36 | 000,015,872 | ---- | C] () -- C:\Users\aläx\AppData\Local\ogg.dll [2005.08.23 22:34:06 | 000,029,184 | ---- | C] () -- C:\Users\aläx\AppData\Local\no23xwrapper.dll ========== ZeroAccess Check ========== [2011.11.17 07:41:18 | 000,002,048 | -HS- | M] () -- C:\Windows\Installer\{a58d89ea-274e-7379-3f6b-421fcb5ec1a7}\@ [2011.11.17 07:41:18 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\{a58d89ea-274e-7379-3f6b-421fcb5ec1a7}\L [2012.10.28 14:48:07 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\{a58d89ea-274e-7379-3f6b-421fcb5ec1a7}\U [2012.10.24 17:28:00 | 000,000,928 | ---- | M] () -- C:\Windows\Installer\{a58d89ea-274e-7379-3f6b-421fcb5ec1a7}\U\00000001.@ [2012.10.28 14:48:07 | 000,014,848 | ---- | M] () -- C:\Windows\Installer\{a58d89ea-274e-7379-3f6b-421fcb5ec1a7}\U\80000000.@ [2012.09.28 16:58:00 | 000,025,088 | ---- | M] () -- C:\Windows\Installer\{a58d89ea-274e-7379-3f6b-421fcb5ec1a7}\U\800000cb.@ [2012.06.02 12:01:02 | 000,002,048 | -HS- | M] () -- C:\Users\aläx\AppData\Local\{a58d89ea-274e-7379-3f6b-421fcb5ec1a7}\@ [2011.11.17 07:41:18 | 000,000,000 | -HSD | M] -- C:\Users\aläx\AppData\Local\{a58d89ea-274e-7379-3f6b-421fcb5ec1a7}\L [2011.11.17 07:41:18 | 000,000,000 | -HSD | M] -- C:\Users\aläx\AppData\Local\{a58d89ea-274e-7379-3f6b-421fcb5ec1a7}\U [2012.06.02 01:44:43 | 000,000,544 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-3976204669-1912250674-580245324-1001\$I3EQZVK.@ [2012.06.02 01:44:43 | 000,000,544 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-3976204669-1912250674-580245324-1001\$I7Y6XCJ.@ [2012.06.02 01:41:06 | 000,000,544 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-3976204669-1912250674-580245324-1001\$IU0NDEA.@ [2012.06.02 01:44:43 | 000,000,544 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-3976204669-1912250674-580245324-1001\$IWY4OFA.@ [2012.06.06 20:29:50 | 000,000,116 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-3976204669-1912250674-580245324-1001\$RWCOLQB.com\assets\oobe\l.png [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "ThreadingModel" = Both "" = C:\Users\aläx\AppData\Local\{a58d89ea-274e-7379-3f6b-421fcb5ec1a7}\n. [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.01.04 11:44:25 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.01.04 09:59:38 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = \\.\globalroot\systemroot\Installer\{a58d89ea-274e-7379-3f6b-421fcb5ec1a7}\n. "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013.02.06 19:55:33 | 000,000,000 | ---D | M] -- C:\Users\aläx\AppData\Roaming\1&1 Mail & Media GmbH [2013.01.08 17:13:13 | 000,000,000 | ---D | M] -- C:\Users\aläx\AppData\Roaming\APP_NAME_NON_STRING [2010.09.19 17:00:54 | 000,000,000 | ---D | M] -- C:\Users\aläx\AppData\Roaming\Ashampoo [2012.02.29 14:31:35 | 000,000,000 | ---D | M] -- C:\Users\aläx\AppData\Roaming\Babylon [2012.10.28 22:50:16 | 000,000,000 | ---D | M] -- C:\Users\aläx\AppData\Roaming\calibre [2011.09.17 19:44:20 | 000,000,000 | ---D | M] -- C:\Users\aläx\AppData\Roaming\Canneverbe Limited [2011.04.04 11:44:51 | 000,000,000 | ---D | M] -- C:\Users\aläx\AppData\Roaming\DAEMON Tools Lite [2012.11.04 10:25:14 | 000,000,000 | ---D | M] -- C:\Users\aläx\AppData\Roaming\Dropbox [2012.09.25 15:50:01 | 000,000,000 | ---D | M] -- C:\Users\aläx\AppData\Roaming\DVDVideoSoft [2012.09.25 15:49:57 | 000,000,000 | ---D | M] -- C:\Users\aläx\AppData\Roaming\DVDVideoSoftIEHelpers [2010.10.31 13:09:54 | 000,000,000 | ---D | M] -- C:\Users\aläx\AppData\Roaming\Foxit Software [2010.06.27 11:23:02 | 000,000,000 | ---D | M] -- C:\Users\aläx\AppData\Roaming\fretsonfire [2012.06.22 14:53:24 | 000,000,000 | ---D | M] -- C:\Users\aläx\AppData\Roaming\ICQ [2011.06.17 13:02:13 | 000,000,000 | ---D | M] -- C:\Users\aläx\AppData\Roaming\kikin [2010.08.31 23:23:13 | 000,000,000 | ---D | M] -- C:\Users\aläx\AppData\Roaming\Leadertech [2011.05.04 19:56:33 | 000,000,000 | ---D | M] -- C:\Users\aläx\AppData\Roaming\Line 6 [2012.01.08 04:09:45 | 000,000,000 | ---D | M] -- C:\Users\aläx\AppData\Roaming\Media Finder [2012.09.27 18:03:35 | 000,000,000 | ---D | M] -- C:\Users\aläx\AppData\Roaming\MediaMonkey [2011.11.27 16:38:04 | 000,000,000 | ---D | M] -- C:\Users\aläx\AppData\Roaming\mp3DirectCut [2013.03.12 22:01:46 | 000,000,000 | ---D | M] -- C:\Users\aläx\AppData\Roaming\Mp3tag [2012.07.08 13:27:40 | 000,000,000 | ---D | M] -- C:\Users\aläx\AppData\Roaming\Oghue [2010.02.21 21:26:31 | 000,000,000 | ---D | M] -- C:\Users\aläx\AppData\Roaming\OpenOffice.org [2012.11.29 23:04:31 | 000,000,000 | ---D | M] -- C:\Users\aläx\AppData\Roaming\Origin [2012.04.22 14:30:16 | 000,000,000 | ---D | M] -- C:\Users\aläx\AppData\Roaming\PacificPoker [2013.01.08 17:14:02 | 000,000,000 | ---D | M] -- C:\Users\aläx\AppData\Roaming\PDF Architect [2013.01.08 17:31:24 | 000,000,000 | ---D | M] -- C:\Users\aläx\AppData\Roaming\pdfforge [2011.10.19 16:08:14 | 000,000,000 | ---D | M] -- C:\Users\aläx\AppData\Roaming\Program Files [2010.11.24 20:06:26 | 000,000,000 | ---D | M] -- C:\Users\aläx\AppData\Roaming\Samsung [2011.04.12 14:51:10 | 000,000,000 | ---D | M] -- C:\Users\aläx\AppData\Roaming\Scribus [2013.01.10 21:03:52 | 000,000,000 | ---D | M] -- C:\Users\aläx\AppData\Roaming\Softland [2013.02.22 21:36:34 | 000,000,000 | ---D | M] -- C:\Users\aläx\AppData\Roaming\TS3Client [2012.01.02 02:25:54 | 000,000,000 | ---D | M] -- C:\Users\aläx\AppData\Roaming\ts3overlay [2012.11.13 15:57:39 | 000,000,000 | ---D | M] -- C:\Users\aläx\AppData\Roaming\Windows Live Writer [2010.02.03 17:56:41 | 000,000,000 | ---D | M] -- C:\Users\aläx\AppData\Roaming\_MDLogs [2013.02.22 23:19:45 | 000,000,000 | ---D | M] -- C:\Users\aläx\AppData\Roaming\{13215AB9-2B2E-4F6E-ADF1-1D7048C31288} [2013.02.22 23:18:54 | 000,000,000 | ---D | M] -- C:\Users\aläx\AppData\Roaming\{8B7C62AE-92BD-48AE-AA5B-FA375BC97E3E} ========== Purity Check ========== < End of report > Im Hilfethread stand noch etwas von einer Extra.txt Datei. Da habe ich aber irgendwie keine bekommen. :/ Hier noch die gmer.txt Datei: GMER 2.1.19155 - hxxp://www.gmer.net Rootkit scan 2013-03-24 17:58:44 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 Hitachi_HTS725032A9A364 rev.PC3OC70E 298,09GB Running: gmer_2.1.19155.exe; Driver: C:\Users\ALX~1\AppData\Local\Temp\kxldrpog.sys ---- User code sections - GMER 2.1 ---- .text F:\Spiele\hamachi\hamachi-2-ui.exe[2052] C:\Windows\SysWOW64\ntdll.dll!NtEnumerateValueKey 000000007737fa20 8 bytes {JMP 0x3} .text F:\Spiele\hamachi\hamachi-2-ui.exe[2052] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile 000000007737fc18 8 bytes {JMP 0x3} .text F:\Spiele\hamachi\hamachi-2-ui.exe[2052] C:\Windows\SysWOW64\ntdll.dll!NtQueryDirectoryFile 000000007737fd78 8 bytes {JMP 0x3} .text F:\Spiele\hamachi\hamachi-2-ui.exe[2052] C:\Windows\SysWOW64\ntdll.dll!NtVdmControl 0000000077381ec8 8 bytes {JMP 0x3} .text F:\Spiele\hamachi\hamachi-2-ui.exe[2052] C:\Windows\syswow64\USER32.dll!TranslateMessage 0000000074b57809 8 bytes {JMP 0x3} .text F:\Spiele\hamachi\hamachi-2-ui.exe[2052] C:\Windows\syswow64\ADVAPI32.dll!CryptEncrypt 00000000761e779b 8 bytes {JMP 0x3} .text F:\Spiele\hamachi\hamachi-2-ui.exe[2052] C:\Windows\syswow64\WS2_32.dll!send 0000000076826f01 8 bytes {JMP 0x3} .text F:\Spiele\hamachi\hamachi-2-ui.exe[2052] C:\Windows\syswow64\CRYPT32.dll!PFXImportCertStore 00000000768f0ec0 8 bytes {JMP 0x3} .text F:\Spiele\hamachi\hamachi-2-ui.exe[2052] C:\Windows\syswow64\WININET.dll!InternetQueryOptionA 000000007698702d 8 bytes {JMP 0x3} .text F:\Spiele\hamachi\hamachi-2-ui.exe[2052] C:\Windows\syswow64\WININET.dll!InternetCloseHandle 000000007698c664 8 bytes {JMP 0x3} .text F:\Spiele\hamachi\hamachi-2-ui.exe[2052] C:\Windows\syswow64\WININET.dll!HttpQueryInfoA 000000007698e13a 8 bytes {JMP 0x3} .text F:\Spiele\hamachi\hamachi-2-ui.exe[2052] C:\Windows\syswow64\WININET.dll!InternetReadFile 000000007698f8d8 8 bytes {JMP 0x3} .text F:\Spiele\hamachi\hamachi-2-ui.exe[2052] C:\Windows\syswow64\WININET.dll!HttpAddRequestHeadersA 0000000076992a3c 8 bytes {JMP 0x3} .text F:\Spiele\hamachi\hamachi-2-ui.exe[2052] C:\Windows\syswow64\WININET.dll!InternetQueryDataAvailable 0000000076993184 8 bytes {JMP 0x3} .text F:\Spiele\hamachi\hamachi-2-ui.exe[2052] C:\Windows\syswow64\WININET.dll!HttpOpenRequestA 00000000769b5761 8 bytes {JMP 0x3} .text F:\Spiele\hamachi\hamachi-2-ui.exe[2052] C:\Windows\syswow64\WININET.dll!HttpSendRequestW 00000000769b632d 8 bytes {JMP 0x3} .text F:\Spiele\hamachi\hamachi-2-ui.exe[2052] C:\Windows\syswow64\WININET.dll!InternetReadFileExA 00000000769bfa49 8 bytes {JMP 0x3} .text F:\Spiele\hamachi\hamachi-2-ui.exe[2052] C:\Windows\syswow64\WININET.dll!InternetWriteFile 00000000769cf6c6 8 bytes {JMP 0x3} .text F:\Spiele\hamachi\hamachi-2-ui.exe[2052] C:\Windows\syswow64\WININET.dll!HttpSendRequestA 00000000769e525a 8 bytes {JMP 0x3} .text F:\Spiele\hamachi\hamachi-2-ui.exe[2052] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077331465 2 bytes [33, 77] .text F:\Spiele\hamachi\hamachi-2-ui.exe[2052] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000773314bb 2 bytes [33, 77] .text ... * 2 .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[2068] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077331465 2 bytes [33, 77] .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[2068] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000773314bb 2 bytes [33, 77] .text ... * 2 .text C:\Windows\SysWOW64\PnkBstrA.exe[2288] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 322 0000000071e41a22 2 bytes [E4, 71] .text C:\Windows\SysWOW64\PnkBstrA.exe[2288] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 496 0000000071e41ad0 2 bytes [E4, 71] .text C:\Windows\SysWOW64\PnkBstrA.exe[2288] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 552 0000000071e41b08 2 bytes [E4, 71] .text C:\Windows\SysWOW64\PnkBstrA.exe[2288] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 730 0000000071e41bba 2 bytes [E4, 71] .text C:\Windows\SysWOW64\PnkBstrA.exe[2288] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 762 0000000071e41bda 2 bytes [E4, 71] .text C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerQuick.exe[2468] C:\Windows\SysWOW64\ntdll.dll!NtEnumerateValueKey 000000007737fa20 8 bytes {JMP 0x3} .text C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerQuick.exe[2468] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile 000000007737fc18 8 bytes {JMP 0x3} .text C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerQuick.exe[2468] C:\Windows\SysWOW64\ntdll.dll!NtQueryDirectoryFile 000000007737fd78 8 bytes {JMP 0x3} .text C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerQuick.exe[2468] C:\Windows\SysWOW64\ntdll.dll!NtVdmControl 0000000077381ec8 8 bytes {JMP 0x3} .text C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerQuick.exe[2468] C:\Windows\syswow64\ADVAPI32.dll!CryptEncrypt 00000000761e779b 8 bytes {JMP 0x3} .text C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerQuick.exe[2468] C:\Windows\syswow64\USER32.dll!TranslateMessage 0000000074b57809 8 bytes {JMP 0x3} .text C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerQuick.exe[2468] C:\Windows\syswow64\CRYPT32.dll!PFXImportCertStore 00000000768f0ec0 8 bytes {JMP 0x3} .text C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerQuick.exe[2468] C:\Windows\syswow64\WININET.dll!InternetQueryOptionA 000000007698702d 8 bytes {JMP 0x3} .text C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerQuick.exe[2468] C:\Windows\syswow64\WININET.dll!InternetCloseHandle 000000007698c664 8 bytes {JMP 0x3} .text C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerQuick.exe[2468] C:\Windows\syswow64\WININET.dll!HttpQueryInfoA 000000007698e13a 8 bytes {JMP 0x3} .text C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerQuick.exe[2468] C:\Windows\syswow64\WININET.dll!InternetReadFile 000000007698f8d8 8 bytes {JMP 0x3} .text C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerQuick.exe[2468] C:\Windows\syswow64\WININET.dll!HttpAddRequestHeadersA 0000000076992a3c 8 bytes {JMP 0x3} .text C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerQuick.exe[2468] C:\Windows\syswow64\WININET.dll!InternetQueryDataAvailable 0000000076993184 8 bytes {JMP 0x3} .text C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerQuick.exe[2468] C:\Windows\syswow64\WININET.dll!HttpOpenRequestA 00000000769b5761 8 bytes {JMP 0x3} .text C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerQuick.exe[2468] C:\Windows\syswow64\WININET.dll!HttpSendRequestW 00000000769b632d 8 bytes {JMP 0x3} .text C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerQuick.exe[2468] C:\Windows\syswow64\WININET.dll!InternetReadFileExA 00000000769bfa49 8 bytes {JMP 0x3} .text C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerQuick.exe[2468] C:\Windows\syswow64\WININET.dll!InternetWriteFile 00000000769cf6c6 8 bytes {JMP 0x3} .text C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerQuick.exe[2468] C:\Windows\syswow64\WININET.dll!HttpSendRequestA 00000000769e525a 8 bytes {JMP 0x3} .text C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerQuick.exe[2468] C:\Windows\syswow64\WS2_32.dll!send 0000000076826f01 8 bytes {JMP 0x3} .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[2536] C:\Windows\SysWOW64\ntdll.dll!NtEnumerateValueKey 000000007737fa20 8 bytes {JMP 0x3} .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[2536] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile 000000007737fc18 8 bytes {JMP 0x3} .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[2536] C:\Windows\SysWOW64\ntdll.dll!NtQueryDirectoryFile 000000007737fd78 8 bytes {JMP 0x3} .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[2536] C:\Windows\SysWOW64\ntdll.dll!NtVdmControl 0000000077381ec8 8 bytes {JMP 0x3} .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[2536] C:\Windows\syswow64\ADVAPI32.dll!CryptEncrypt 00000000761e779b 8 bytes {JMP 0x3} .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[2536] C:\Windows\syswow64\USER32.dll!TranslateMessage 0000000074b57809 8 bytes {JMP 0x3} .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[2536] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077331465 2 bytes [33, 77] .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[2536] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000773314bb 2 bytes [33, 77] .text ... * 2 .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[2536] C:\Windows\syswow64\WININET.dll!InternetQueryOptionA 000000007698702d 8 bytes {JMP 0x3} .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[2536] C:\Windows\syswow64\WININET.dll!InternetCloseHandle 000000007698c664 8 bytes {JMP 0x3} .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[2536] C:\Windows\syswow64\WININET.dll!HttpQueryInfoA 000000007698e13a 8 bytes {JMP 0x3} .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[2536] C:\Windows\syswow64\WININET.dll!InternetReadFile 000000007698f8d8 8 bytes {JMP 0x3} .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[2536] C:\Windows\syswow64\WININET.dll!HttpAddRequestHeadersA 0000000076992a3c 8 bytes {JMP 0x3} .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[2536] C:\Windows\syswow64\WININET.dll!InternetQueryDataAvailable 0000000076993184 8 bytes {JMP 0x3} .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[2536] C:\Windows\syswow64\WININET.dll!HttpOpenRequestA 00000000769b5761 8 bytes {JMP 0x3} .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[2536] C:\Windows\syswow64\WININET.dll!HttpSendRequestW 00000000769b632d 8 bytes {JMP 0x3} .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[2536] C:\Windows\syswow64\WININET.dll!InternetReadFileExA 00000000769bfa49 8 bytes {JMP 0x3} .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[2536] C:\Windows\syswow64\WININET.dll!InternetWriteFile 00000000769cf6c6 8 bytes {JMP 0x3} .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[2536] C:\Windows\syswow64\WININET.dll!HttpSendRequestA 00000000769e525a 8 bytes {JMP 0x3} .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[2536] C:\Windows\syswow64\CRYPT32.dll!PFXImportCertStore 00000000768f0ec0 8 bytes {JMP 0x3} .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[2536] C:\Windows\syswow64\WS2_32.dll!send 0000000076826f01 8 bytes {JMP 0x3} .text C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe[2552] C:\Windows\SysWOW64\ntdll.dll!NtEnumerateValueKey 000000007737fa20 8 bytes {JMP 0x3} .text C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe[2552] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile 000000007737fc18 8 bytes {JMP 0x3} .text C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe[2552] C:\Windows\SysWOW64\ntdll.dll!NtQueryDirectoryFile 000000007737fd78 8 bytes {JMP 0x3} .text C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe[2552] C:\Windows\SysWOW64\ntdll.dll!NtVdmControl 0000000077381ec8 8 bytes {JMP 0x3} .text C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe[2552] C:\Windows\syswow64\USER32.dll!TranslateMessage 0000000074b57809 8 bytes {JMP 0x3} .text C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe[2552] C:\Windows\syswow64\ADVAPI32.dll!CryptEncrypt 00000000761e779b 8 bytes {JMP 0x3} .text C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe[2552] C:\Windows\syswow64\CRYPT32.dll!PFXImportCertStore 00000000768f0ec0 8 bytes {JMP 0x3} .text C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe[2552] C:\Windows\syswow64\WS2_32.dll!send 0000000076826f01 8 bytes {JMP 0x3} .text C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe[2552] C:\Windows\syswow64\WININET.dll!InternetQueryOptionA 000000007698702d 8 bytes {JMP 0x3} .text C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe[2552] C:\Windows\syswow64\WININET.dll!InternetCloseHandle 000000007698c664 8 bytes {JMP 0x3} .text C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe[2552] C:\Windows\syswow64\WININET.dll!HttpQueryInfoA 000000007698e13a 8 bytes {JMP 0x3} .text C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe[2552] C:\Windows\syswow64\WININET.dll!InternetReadFile 000000007698f8d8 8 bytes {JMP 0x3} .text C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe[2552] C:\Windows\syswow64\WININET.dll!HttpAddRequestHeadersA 0000000076992a3c 8 bytes {JMP 0x3} .text C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe[2552] C:\Windows\syswow64\WININET.dll!InternetQueryDataAvailable 0000000076993184 8 bytes {JMP 0x3} .text C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe[2552] C:\Windows\syswow64\WININET.dll!HttpOpenRequestA 00000000769b5761 8 bytes {JMP 0x3} .text C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe[2552] C:\Windows\syswow64\WININET.dll!HttpSendRequestW 00000000769b632d 8 bytes {JMP 0x3} .text C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe[2552] C:\Windows\syswow64\WININET.dll!InternetReadFileExA 00000000769bfa49 8 bytes {JMP 0x3} .text C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe[2552] C:\Windows\syswow64\WININET.dll!InternetWriteFile 00000000769cf6c6 8 bytes {JMP 0x3} .text C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe[2552] C:\Windows\syswow64\WININET.dll!HttpSendRequestA 00000000769e525a 8 bytes {JMP 0x3} .text C:\Windows\starter4g.exe[2584] C:\Windows\SysWOW64\ntdll.dll!NtEnumerateValueKey 000000007737fa20 8 bytes {JMP 0x3} .text C:\Windows\starter4g.exe[2584] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile 000000007737fc18 8 bytes {JMP 0x3} .text C:\Windows\starter4g.exe[2584] C:\Windows\SysWOW64\ntdll.dll!NtQueryDirectoryFile 000000007737fd78 8 bytes {JMP 0x3} .text C:\Windows\starter4g.exe[2584] C:\Windows\SysWOW64\ntdll.dll!NtVdmControl 0000000077381ec8 8 bytes {JMP 0x3} .text C:\Windows\starter4g.exe[2584] C:\Windows\syswow64\USER32.dll!TranslateMessage 0000000074b57809 8 bytes {JMP 0x3} .text C:\Windows\starter4g.exe[2584] C:\Windows\syswow64\ADVAPI32.dll!CryptEncrypt 00000000761e779b 8 bytes {JMP 0x3} .text C:\Windows\starter4g.exe[2584] C:\Windows\syswow64\CRYPT32.dll!PFXImportCertStore 00000000768f0ec0 8 bytes {JMP 0x3} .text C:\Windows\starter4g.exe[2584] C:\Windows\syswow64\WS2_32.dll!send 0000000076826f01 8 bytes {JMP 0x3} .text C:\Windows\starter4g.exe[2584] C:\Windows\syswow64\WININET.dll!InternetQueryOptionA 000000007698702d 8 bytes {JMP 0x3} .text C:\Windows\starter4g.exe[2584] C:\Windows\syswow64\WININET.dll!InternetCloseHandle 000000007698c664 8 bytes {JMP 0x3} .text C:\Windows\starter4g.exe[2584] C:\Windows\syswow64\WININET.dll!HttpQueryInfoA 000000007698e13a 8 bytes {JMP 0x3} .text C:\Windows\starter4g.exe[2584] C:\Windows\syswow64\WININET.dll!InternetReadFile 000000007698f8d8 8 bytes {JMP 0x3} .text C:\Windows\starter4g.exe[2584] C:\Windows\syswow64\WININET.dll!HttpAddRequestHeadersA 0000000076992a3c 8 bytes {JMP 0x3} .text C:\Windows\starter4g.exe[2584] C:\Windows\syswow64\WININET.dll!InternetQueryDataAvailable 0000000076993184 8 bytes {JMP 0x3} .text C:\Windows\starter4g.exe[2584] C:\Windows\syswow64\WININET.dll!HttpOpenRequestA 00000000769b5761 8 bytes {JMP 0x3} .text C:\Windows\starter4g.exe[2584] C:\Windows\syswow64\WININET.dll!HttpSendRequestW 00000000769b632d 8 bytes {JMP 0x3} .text C:\Windows\starter4g.exe[2584] C:\Windows\syswow64\WININET.dll!InternetReadFileExA 00000000769bfa49 8 bytes {JMP 0x3} .text C:\Windows\starter4g.exe[2584] C:\Windows\syswow64\WININET.dll!InternetWriteFile 00000000769cf6c6 8 bytes {JMP 0x3} .text C:\Windows\starter4g.exe[2584] C:\Windows\syswow64\WININET.dll!HttpSendRequestA 00000000769e525a 8 bytes {JMP 0x3} .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2592] C:\Windows\SysWOW64\ntdll.dll!NtEnumerateValueKey 000000007737fa20 8 bytes {JMP 0x3} .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2592] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile 000000007737fc18 8 bytes {JMP 0x3} .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2592] C:\Windows\SysWOW64\ntdll.dll!NtQueryDirectoryFile 000000007737fd78 8 bytes {JMP 0x3} .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2592] C:\Windows\SysWOW64\ntdll.dll!NtVdmControl 0000000077381ec8 8 bytes {JMP 0x3} .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2592] C:\Windows\syswow64\ADVAPI32.dll!CryptEncrypt 00000000761e779b 8 bytes {JMP 0x3} .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2592] C:\Windows\syswow64\USER32.dll!TranslateMessage 0000000074b57809 8 bytes {JMP 0x3} .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2592] C:\Windows\syswow64\WININET.dll!InternetQueryOptionA 000000007698702d 8 bytes {JMP 0x3} .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2592] C:\Windows\syswow64\WININET.dll!InternetCloseHandle 000000007698c664 8 bytes {JMP 0x3} .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2592] C:\Windows\syswow64\WININET.dll!HttpQueryInfoA 000000007698e13a 8 bytes {JMP 0x3} .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2592] C:\Windows\syswow64\WININET.dll!InternetReadFile 000000007698f8d8 8 bytes {JMP 0x3} .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2592] C:\Windows\syswow64\WININET.dll!HttpAddRequestHeadersA 0000000076992a3c 8 bytes {JMP 0x3} .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2592] C:\Windows\syswow64\WININET.dll!InternetQueryDataAvailable 0000000076993184 8 bytes {JMP 0x3} .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2592] C:\Windows\syswow64\WININET.dll!HttpOpenRequestA 00000000769b5761 8 bytes {JMP 0x3} .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2592] C:\Windows\syswow64\WININET.dll!HttpSendRequestW 00000000769b632d 8 bytes {JMP 0x3} .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2592] C:\Windows\syswow64\WININET.dll!InternetReadFileExA 00000000769bfa49 8 bytes {JMP 0x3} .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2592] C:\Windows\syswow64\WININET.dll!InternetWriteFile 00000000769cf6c6 8 bytes {JMP 0x3} .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2592] C:\Windows\syswow64\WININET.dll!HttpSendRequestA 00000000769e525a 8 bytes {JMP 0x3} .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2592] C:\Windows\syswow64\CRYPT32.dll!PFXImportCertStore 00000000768f0ec0 8 bytes {JMP 0x3} .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2592] C:\Windows\syswow64\WS2_32.dll!send 0000000076826f01 8 bytes {JMP 0x3} .text C:\Users\ALX~1\AppData\Local\Temp\XrDAF61.exe[2872] C:\Windows\SysWOW64\ntdll.dll!NtEnumerateValueKey 000000007737fa20 8 bytes {JMP 0x3} .text C:\Users\ALX~1\AppData\Local\Temp\XrDAF61.exe[2872] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile 000000007737fc18 8 bytes {JMP 0x3} .text C:\Users\ALX~1\AppData\Local\Temp\XrDAF61.exe[2872] C:\Windows\SysWOW64\ntdll.dll!NtQueryDirectoryFile 000000007737fd78 8 bytes {JMP 0x3} .text C:\Users\ALX~1\AppData\Local\Temp\XrDAF61.exe[2872] C:\Windows\SysWOW64\ntdll.dll!NtVdmControl 0000000077381ec8 8 bytes {JMP 0x3} .text C:\Users\ALX~1\AppData\Local\Temp\XrDAF61.exe[2872] C:\Windows\syswow64\USER32.dll!TranslateMessage 0000000074b57809 8 bytes {JMP 0x3} .text C:\Users\ALX~1\AppData\Local\Temp\XrDAF61.exe[2872] C:\Windows\syswow64\ADVAPI32.dll!CryptEncrypt 00000000761e779b 8 bytes {JMP 0x3} .text C:\Users\ALX~1\AppData\Local\Temp\XrDAF61.exe[2872] C:\Windows\syswow64\CRYPT32.dll!PFXImportCertStore 00000000768f0ec0 8 bytes {JMP 0x3} .text C:\Users\ALX~1\AppData\Local\Temp\XrDAF61.exe[2872] C:\Windows\syswow64\WS2_32.dll!send 0000000076826f01 8 bytes {JMP 0x3} .text C:\Users\ALX~1\AppData\Local\Temp\XrDAF61.exe[2872] C:\Windows\syswow64\WININET.dll!InternetQueryOptionA 000000007698702d 8 bytes {JMP 0x3} .text C:\Users\ALX~1\AppData\Local\Temp\XrDAF61.exe[2872] C:\Windows\syswow64\WININET.dll!InternetCloseHandle 000000007698c664 8 bytes {JMP 0x3} .text C:\Users\ALX~1\AppData\Local\Temp\XrDAF61.exe[2872] C:\Windows\syswow64\WININET.dll!HttpQueryInfoA 000000007698e13a 8 bytes {JMP 0x3} .text C:\Users\ALX~1\AppData\Local\Temp\XrDAF61.exe[2872] C:\Windows\syswow64\WININET.dll!InternetReadFile 000000007698f8d8 8 bytes {JMP 0x3} .text C:\Users\ALX~1\AppData\Local\Temp\XrDAF61.exe[2872] C:\Windows\syswow64\WININET.dll!HttpAddRequestHeadersA 0000000076992a3c 8 bytes {JMP 0x3} .text C:\Users\ALX~1\AppData\Local\Temp\XrDAF61.exe[2872] C:\Windows\syswow64\WININET.dll!InternetQueryDataAvailable 0000000076993184 8 bytes {JMP 0x3} .text C:\Users\ALX~1\AppData\Local\Temp\XrDAF61.exe[2872] C:\Windows\syswow64\WININET.dll!HttpOpenRequestA 00000000769b5761 8 bytes {JMP 0x3} .text C:\Users\ALX~1\AppData\Local\Temp\XrDAF61.exe[2872] C:\Windows\syswow64\WININET.dll!HttpSendRequestW 00000000769b632d 8 bytes {JMP 0x3} .text C:\Users\ALX~1\AppData\Local\Temp\XrDAF61.exe[2872] C:\Windows\syswow64\WININET.dll!InternetReadFileExA 00000000769bfa49 8 bytes {JMP 0x3} .text C:\Users\ALX~1\AppData\Local\Temp\XrDAF61.exe[2872] C:\Windows\syswow64\WININET.dll!InternetWriteFile 00000000769cf6c6 8 bytes {JMP 0x3} .text C:\Users\ALX~1\AppData\Local\Temp\XrDAF61.exe[2872] C:\Windows\syswow64\WININET.dll!HttpSendRequestA 00000000769e525a 8 bytes {JMP 0x3} .text C:\Users\ALX~1\AppData\Local\Temp\XrDAF61.exe[2872] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077331465 2 bytes [33, 77] .text C:\Users\ALX~1\AppData\Local\Temp\XrDAF61.exe[2872] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000773314bb 2 bytes [33, 77] .text ... * 2 ---- Threads - GMER 2.1 ---- Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [6760:7088] 000007fefba62a7c ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{82E069DA-CFB1-49BC-AD6F-AE91BAE0ED11}@LeaseObtainedTime 1364139493 Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{82E069DA-CFB1-49BC-AD6F-AE91BAE0ED11}@T1 1365046693 Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{82E069DA-CFB1-49BC-AD6F-AE91BAE0ED11}@T2 1365727093 Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{82E069DA-CFB1-49BC-AD6F-AE91BAE0ED11}@LeaseTerminatesTime 1365953893 ---- Disk sectors - GMER 2.1 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- EOF - GMER 2.1 ---- So, ich hoffe das waren jetzt alle nötigen Informationen. Würde mich sehr freuen, wenn jemand helfen kann! Grüße, Alex |
:hallo: Ich habe dein Thema in Arbeit und melde mich so schnell als möglich mit weiteren Anweisungen. Bitte beachte, dass alle meine Antworten zuerst von einem Ausbilder freigegeben werden müssen, bevor ich diese hier posten darf. Dies garantiert, dass Du Hilfe von einem ausgebildeten Helfer bekommst. Ich bedanke mich für deine Geduld :) |
Alles klar, freut mich, vielen Dank schonmal für deine Mühe! :) |
Hallo und :hallo: Ich bin Christoph und möchte dir bei deinem Problem helfen. Eine Bereinigung ist mitunter mit viel Arbeit für Dich verbunden.
Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der schnellere und immer der sicherste Weg. Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass dein PC clean ist. Vista und Win7 User Alle Tools mit Rechtsklick "als Administrator ausführen" starten. Schritt 1 Scan mit Combofix
|
Hallo, benötigst Du noch weiterhin Hilfe ? Sollte ich innerhalb der nächsten 24 Stunden keine Antwort von dir erhalten, werde ich dein Thema aus meinen Abos nehmen und bekomme dadurch keine Nachricht über neue Antworten. Das Verschwinden der Symptome bedeutet nicht, dass dein System schon sauber ist! |
Danke erstmal für das Angebot! Ja ich brauch noch Hilfe, bin aber zur Zeit nicht daheim und kann nichts am Laptop machen, sorry! Komme erst wieder am Sonntag zurück und würde dann gleich den Scan mit Combofix durchführen! Ich hoffe dass das für dich okay ist. |
Hi OK, melde dich dann bitte, wenn du das Log hast. |
Hi So, hier ist jetzt das Log von Combofix: Code: ComboFix 13-03-31.01 - aläx 31.03.2013 21:44:00.1.2 - x64 |
Da hast du dir ja was nettes angelacht ;) Schritt 1 Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Schritt 2 Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Schritt 3 Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). Schritt 4 Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
Bitte poste in deiner naechsten Antwort
|
Hört sich ja toll an :rolleyes: AdwCleaner: Code: # AdwCleaner v2.115 - Datei am 31/03/2013 um 22:42:43 erstelltJRT: Code: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~aswMBR: (habe aus Versehen das erste mal zu früh abgespeichert) Code: aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST SoftwareTDSSKiller: Code: 23:30:26.0244 3836 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42 |
Sieht doch schonmal etwas besser aus. Schritt 1
Code: activex
|
Bitte nimm mal das Skript, hatte da was vergessen: Schritt 1
Code: activex
|
Extras.txt hat er mir wie schon am Anfang keine ausgespuckt. Hier die OTL.txt: (ist zu groß, darum post ich das jetzt auf 2 mal. Wenn ich es stattdessen einfach als Anhang senden soll, gib mir bitte Bescheid) Code: OTL logfile created on: 01.04.2013 21:29:40 - Run 3 |
So, hier jetzt der zweite Teil: Code: ========== Purity Check ========== |
Das sieht schon besser aus. Wir entfernen jetzt noch ein paar Reste und dann will ich noch was nachschauen: Schritt 1 Fixen mit OTL
Code: :OTL
Schritt 2 Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers Schritt 3 Starte bitte die OTL.exe. Wähle unter Extra Registrierung: Benutze Safe List und klicke auf den Scan Button. Poste die OTL.txt und die Extras.txt hier in deinen Thread. Bitte poste in deiner nächsten Antwort
|
OTL Fixlog: Code: ========== OTL ==========MBAR-Log: Code: Malwarebytes Anti-Rootkit BETA 1.01.0.1022OTL.txt: Code: OTL logfile created on: 02.04.2013 00:41:46 - Run 4 |
Hier noch die Extras.txt: Code: OTL Extras logfile created on: 02.04.2013 00:41:46 - Run 4 |
Hi die Logs sind sauber. Windows ist aber mit dem Laufwerk F: nicht ganz einverstanden. Zitat:
Ansonsten sollten wir nochmal alles kontrollieren: Schritt 1 Downloade Dir bitte  Malwarebytes Anti-Malware
Schritt 2 ESET Online Scanner
Schritt 3 Downloade Dir bitte  SecurityCheck und:
Bitte poste in deiner nächsten Antwort
|
Jetz geht gar nichts mehr. :/ Laptop fährt anscheinend zwar hoch aber der Bildschirm bleibt schwarz. |
Was heißt es geht garnichts mehr? Was hast du gemacht? Nach welchem Schritt ist das passiert? Hast du irgendetwas installiert/ausgeführt, was nicht in den Anleitungen stand? Kommt das Windows-Logo? Kommst du bis zum Anmeldebildschirm? Oder bis zum Desktop? Bitte genauer beschreiben. |
Nein, kein Windows Logo, kein Anmeldebildschirm, gar nichts. Der Bildschirm bleibt einfach schwarz, es hört sich aber so an, als würde der Laptop hochfahren (Anmeldesound kommt aber nicht). Nö, nur bisschen Film geschaut und im Inet gesurft. Nach dem letzten OTL Scan; habe zwischenzeitlich aber an und ausgeschaltet, da ging er noch. |
Wo hast du den Film geschaut und auf was für Seiten warst du? Probiere mal einen externen Bildschirm anzuschließen, vielleicht ist ja der Monitor defekt. |
Vlc Player. So standard zeugs wie youtube, ebay, ... Ne Monitor isses nich, schon versucht.Kann eigentlich auch nich sein, das WLAN lässt sich über einen touch Regler bei der Tastatur steuern und das ging auch nicht |
Passiert irgendetwas wenn du direkt beim Starten mehrfach F8 (oder die Taste, die bei deinem Modell für die Startoptionen zuständig ist) drückst? Entferne bitte einmal alle angeschlossenen Geräte. Trenne den Laptop von der Stromversorgung. Halte jetzt die Netztaste für min. 15 Dekunden gedrückt. Berichte. Drücke beim Booten bitte mehrmals F10. Kommst du so in einen Auswahlmodus? |
Wenn ich den Netzschalter so lange drücke geht er an uns danach gleich wieder aus. Hab ich alles versucht, passiert nix |
Bitte beantworte noch meine anderen Fragen. Passiert etwas, wenn du alle externen Geräte (auch die Maus etc.) aussteckst und ihn dann normal startest? |
Ich habe doch geschrieben, dass ich alles ausprobiert habe. Da passiert nichts. |
Probiere mal bitte das, was HP hier beschreibt: Verwenden des Hardware-Resets zum Beheben von Hardware- und Softwareproblemen | HP®-Support Ansonsten habe ich meine Kollegen hier intern um Rat gebeten, vielleicht wissen die was... Ich bitte noch um etwas Geduld. |
Okay |
Hi ich vermute ehrlichgesagt einen Hardwaredefekt. Das kann ich leider von hier aus nicht beheben und würde dich deshalb bitten, eine professionelle PC- (und Laptop-)Werkstatt deines Vertrauens aufzusuchen und den Laptop durchecken zu lassen. Die können dir dann auch die Festplatte ausbauen, damit du deine Daten sichern kannst. Tut mir leid dass ich dir nicht mehr wirklich weiterhelfen kann. Gruß |
| Alle Zeitangaben in WEZ +1. Es ist jetzt 04:20 Uhr. |
Copyright ©2000-2025, Trojaner-Board
WARNUNG an die MITLESER: 
Textbox. 