Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
GVU Virus eingefangen

GVU Virus eingefangen


Plagegeister aller Art und deren Bekämpfung: GVU Virus eingefangen

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 19.06.2012, 14:32   #1
profan07
 
GVU Virus eingefangen - Standard

GVU Virus eingefangen


Hallo liebes Trojaner-Board Team,
Ich habe mir beim surfen einen GVU Trojaner eingefangen. Nach meiner Suche im Netzt wäre die beste Lösung gewesen den Computer neu aufzusetzen, hätte ich ja gemacht, sitze aber gerade an meiner Diplomarbeit und möchte meine Möhre(Rechner) noch bis zur Abgabe rüber retten. Habe also den Kapersky WindowsUnlocker ausgeführt und war glücklich dass ich wieder Zugriff auf meinen Computer hatte. Danach unüberlegter Weise Malwarebytes laufen gelassen und Funde gelöscht.
Erst später bin ich auf eure Seite aufmerksam geworden und nun weiß ich, ich hätte nichts löschen sollen.
Habe dann Malwarebytes nochmal und ESET laufenlassen.
Wieder mit Befunden.
Ach ja, habe auch Unhide.exe ausgeführt
ESET log
Code:
ATTFilter
 
C:\Documents and Settings\xxxxx\Local Settings\Temp\is1373634743\MyBabylonTB.exe    Win32/Toolbar.Babylon Anwendung
H:\Programme\SGPSA\BHO.dll    Variante von Win32/BHO.OCS Trojaner
J:\download\codec8.1.exe    Variante von Win32/Packed.GHFProtector.A Anwendung
J:\download\free-wma-mp3-converter.exe    möglicherweise Variante von Win32/PSW.Agent.BUPXGWL Trojaner
MalwareBytes log
Code:
ATTFilter
C:\Documents and Settings\xxxxx\Local Settings\Temp\is1373634743\MyBabylonTB.exe    Win32/Toolbar.Babylon Anwendung
H:\Programme\SGPSA\BHO.dll    Variante von Win32/BHO.OCS Trojaner
J:\download\codec8.1.exe    Variante von Win32/Packed.GHFProtector.A Anwendung
J:\download\free-wma-mp3-converter.exe    möglicherweise Variante von Win32/PSW.Agent.BUPXGWL Trojaner
Unhide log
Code:
ATTFilter
Unhide by Lawrence Abrams (Grinler)
hxxp://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Unhide.exe can be found at this link:
  hxxp://www.bleepingcomputer.com/forums/topic405109.html
 
Program started at: 06/18/2012 12:39:26 AM
Windows Version: Windows XP
 
Please be patient while your files are made visible again.
 
Processing the A:\ drive
Finished processing the A:\ drive. 0 files processed.
 
Processing the C:\ drive
Finished processing the C:\ drive. 88146 files processed.
 
Processing the E:\ drive
Finished processing the E:\ drive. 32745 files processed.
 
Processing the F:\ drive
Finished processing the F:\ drive. 25685 files processed.
 
Processing the G:\ drive
Finished processing the G:\ drive. 10402 files processed.
 
Processing the H:\ drive
Finished processing the H:\ drive. 92449 files processed.
 
Processing the I:\ drive
Finished processing the I:\ drive. 33137 files processed.
 
Processing the J:\ drive
Finished processing the J:\ drive. 18220 files processed.
 
Processing the K:\ drive
Finished processing the K:\ drive. 13695 files processed.
 
Restoring the Start Menu.
 * 211 Shortcuts and Desktop items were restored.
 
 
Searching for Windows Registry changes made by FakeHDD rogues.
 - Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
 - Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
  * NoDesktop policy was found and deleted!
 - Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
  * DisableTaskMgr policy was found and deleted!
 - Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop
  * HidNoChangingWallPaperden policy was found and deleted!
 - Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
  * HideIcons was set to 1! It was set back to 0!
  * Start_ShowRecentDocs was set to 0! It was set back to 2!
  * Start_ShowNetConn was set to 0! It was set back to 1!
  * Start_ShowNetPlaces was set to 0! It was set back to 1!
 
Restarting Explorer.exe in order to apply changes.
 
Program finished at: 06/18/2012 12:56:23 AM
Execution time: 0 hours(s), 16 minute(s), and 57 seconds(s)
Ach ja, Betiebssytem ist XP Pro
In der Hoffnung auf Hilfe
profan07

Hatte in der Anleitung leider Punkt 2 bis 4 übersehen
Hier die fehlenden logs
----------
OTL logfile
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 20.06.2012 09:20:30 - Run 1
OTL by OldTimer - Version 3.2.49.0     Folder = C:\Documents and Settings\xxxxx\Desktop\TroBord
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000407 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,28 Gb Available Physical Memory | 63,94% Memory free
3,85 Gb Paging File | 3,19 Gb Available in Paging File | 82,78% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 19,53 Gb Total Space | 3,37 Gb Free Space | 17,23% Space Free | Partition Type: NTFS
Drive E: | 39,06 Gb Total Space | 23,43 Gb Free Space | 59,99% Space Free | Partition Type: NTFS
Drive F: | 39,06 Gb Total Space | 0,26 Gb Free Space | 0,67% Space Free | Partition Type: NTFS
Drive G: | 51,39 Gb Total Space | 19,36 Gb Free Space | 37,67% Space Free | Partition Type: NTFS
Drive H: | 19,99 Gb Total Space | 2,62 Gb Free Space | 13,13% Space Free | Partition Type: NTFS
Drive I: | 85,93 Gb Total Space | 75,30 Gb Free Space | 87,62% Space Free | Partition Type: NTFS
Drive J: | 78,13 Gb Total Space | 37,79 Gb Free Space | 48,37% Space Free | Partition Type: NTFS
Drive K: | 48,83 Gb Total Space | 0,28 Gb Free Space | 0,57% Space Free | Partition Type: NTFS
 
Computer Name: KURVE | User Name: xxxxx | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.06.18 23:54:12 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\xxxxx\Desktop\TroBord\OTL.exe
PRC - [2012.05.30 13:56:52 | 003,048,136 | ---- | M] (Skype Technologies S.A.) -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2012.05.24 20:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Documents and Settings\xxxxx\Application Data\Dropbox\bin\Dropbox.exe
PRC - [2012.05.03 23:43:55 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.04.04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.03.15 15:28:02 | 000,021,416 | ---- | M] () -- E:\Programme\Kies\External\FirmwareUpdate\KiesPDLR.exe
PRC - [2012.03.11 23:13:21 | 001,983,232 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
PRC - [2012.03.11 23:13:00 | 006,749,512 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
PRC - [2012.02.07 12:26:19 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- E:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2012.01.18 06:21:52 | 000,737,184 | ---- | M] (Enigma Software Group USA, LLC.) -- C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe
PRC - [2011.10.03 05:06:18 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- E:\Program Files\Java\bin\jqs.exe
PRC - [2011.06.10 22:54:55 | 000,641,464 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
PRC - [2010.03.04 22:38:00 | 000,071,096 | ---- | M] () -- E:\Programme\CDBurnerXP\NMSAccessU.exe
PRC - [2009.09.08 23:12:51 | 000,116,104 | ---- | M] () -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe
PRC - [2007.05.11 02:59:23 | 000,349,808 | ---- | M] (Adobe Systems Incorporated) -- E:\Programme\Acrobat\Acrobat.exe
PRC - [2007.04.16 15:28:22 | 000,577,536 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE
PRC - [2004.08.04 14:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.03.15 15:28:10 | 000,115,137 | ---- | M] () -- C:\Documents and Settings\xxxxx\Local Settings\Temp\6573b3c6-4299-4ce1-bc75-7f3a9cd9d739\CliSecureRT.dll
MOD - [2012.03.15 15:28:02 | 000,021,416 | ---- | M] () -- E:\Programme\Kies\External\FirmwareUpdate\KiesPDLR.exe
MOD - [2011.02.14 17:59:40 | 000,270,336 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.DLL
MOD - [2011.02.14 17:59:37 | 000,014,848 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.DLL
MOD - [2011.01.30 17:45:16 | 000,301,056 | ---- | M] () -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.DEU
MOD - [2010.03.04 22:38:00 | 000,071,096 | ---- | M] () -- E:\Programme\CDBurnerXP\NMSAccessU.exe
MOD - [2009.09.08 23:12:51 | 000,116,104 | ---- | M] () -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe
MOD - [2009.08.28 17:08:26 | 000,016,384 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll
MOD - [2008.10.15 01:03:07 | 003,559,424 | ---- | M] () -- e:\Programme\Acrobat\ExLang32.DEU
MOD - [2008.01.11 21:49:23 | 000,098,304 | ---- | M] () -- E:\Programme\Acrobat\plug_ins\EScript.DEU
MOD - [2007.09.20 18:34:58 | 000,129,024 | ---- | M] () -- E:\Programme\RarExt.dll
MOD - [2007.05.11 02:55:44 | 000,053,248 | ---- | M] () -- E:\Programme\Acrobat\plug_ins\Weblink.DEU
MOD - [2007.05.11 02:55:43 | 000,012,288 | ---- | M] () -- E:\Programme\Acrobat\plug_ins\XPS2PDF.DEU
MOD - [2007.05.11 02:55:16 | 000,176,128 | ---- | M] () -- E:\Programme\Acrobat\plug_ins\TouchUp.DEU
MOD - [2007.05.11 02:55:15 | 000,143,360 | ---- | M] () -- E:\Programme\Acrobat\plug_ins\WebPDF.DEU
MOD - [2007.05.11 02:54:28 | 000,036,864 | ---- | M] () -- E:\Programme\Acrobat\plug_ins\Spelling.DEU
MOD - [2007.05.11 02:54:26 | 000,015,360 | ---- | M] () -- E:\Programme\Acrobat\plug_ins\TablePicker.DEU
MOD - [2007.05.11 02:54:20 | 000,026,112 | ---- | M] () -- E:\Programme\Acrobat\plug_ins\SendMail.DEU
MOD - [2007.05.11 02:54:02 | 000,053,248 | ---- | M] () -- E:\Programme\Acrobat\plug_ins\Search.DEU
MOD - [2007.05.11 02:53:59 | 000,098,304 | ---- | M] () -- E:\Programme\Acrobat\plug_ins\Scan.DEU
MOD - [2007.05.11 02:53:51 | 000,974,848 | ---- | M] () -- E:\Programme\Acrobat\plug_ins\PPKLite.DEU
MOD - [2007.05.11 02:53:39 | 000,019,456 | ---- | M] () -- E:\Programme\Acrobat\plug_ins\SaveAsXML.DEU
MOD - [2007.05.11 02:53:32 | 000,028,672 | ---- | M] () -- E:\Programme\Acrobat\plug_ins\SaveAsRTF.DEU
MOD - [2007.05.11 02:53:22 | 000,013,312 | ---- | M] () -- E:\Programme\Acrobat\plug_ins\ReadOutLoud.DEU
MOD - [2007.05.11 02:53:12 | 000,045,056 | ---- | M] () -- E:\Programme\Acrobat\plug_ins\PaperCapture.DEU
MOD - [2007.05.11 02:52:57 | 000,159,744 | ---- | M] () -- E:\Programme\Acrobat\plug_ins\Multimedia.DEU
MOD - [2007.05.11 02:52:54 | 000,086,016 | ---- | M] () -- E:\Programme\Acrobat\plug_ins\MakeAccessible.DEU
MOD - [2007.05.11 02:52:53 | 000,245,760 | ---- | M] () -- E:\Programme\Acrobat\plug_ins\JDFProdDef.DEU
MOD - [2007.05.11 02:52:26 | 000,102,400 | ---- | M] () -- E:\Programme\Acrobat\plug_ins\ImageConversion.DEU
MOD - [2007.05.11 02:52:21 | 000,061,440 | ---- | M] () -- E:\Programme\Acrobat\plug_ins\HTML2PDF.DEU
MOD - [2007.05.11 02:52:05 | 000,229,376 | ---- | M] () -- E:\Programme\Acrobat\plug_ins\Editor.DEU
MOD - [2007.05.11 02:52:01 | 000,006,656 | ---- | M] () -- E:\Programme\Acrobat\plug_ins\EWH32.DEU
MOD - [2007.05.11 02:51:41 | 000,221,184 | ---- | M] () -- E:\Programme\Acrobat\plug_ins\DigSig.DEU
MOD - [2007.05.11 02:51:40 | 000,015,872 | ---- | M] () -- E:\Programme\Acrobat\plug_ins\DistillerPI.DEU
MOD - [2007.05.11 02:51:37 | 001,224,704 | ---- | M] () -- E:\Programme\Acrobat\plug_ins\Annots.DEU
MOD - [2007.05.11 02:51:23 | 000,192,512 | ---- | M] () -- E:\Programme\Acrobat\plug_ins\Checkers.DEU
MOD - [2007.05.11 02:50:50 | 000,053,248 | ---- | M] () -- E:\Programme\Acrobat\plug_ins\Catalog.DEU
MOD - [2007.05.11 02:50:29 | 000,811,008 | ---- | M] () -- E:\Programme\Acrobat\plug_ins\AcroForm.DEU
MOD - [2007.05.11 02:50:19 | 000,009,728 | ---- | M] () -- E:\Programme\Acrobat\plug_ins\ADBC.DEU
MOD - [2007.05.11 02:50:04 | 000,077,824 | ---- | M] () -- E:\Programme\Acrobat\plug_ins\Accessibility.DEU
MOD - [2007.05.11 01:31:33 | 000,921,600 | ---- | M] () -- E:\Programme\Acrobat\AdistRes.DEU
MOD - [2007.03.22 12:38:44 | 002,748,416 | R--- | M] () -- E:\Programme\Acrobat\libmysqld.dll
MOD - [2006.10.23 01:34:44 | 000,005,120 | ---- | M] () -- E:\Programme\Acrobat\plug_ins\updater.DEU
MOD - [2006.10.23 01:33:38 | 000,012,288 | ---- | M] () -- E:\Programme\Acrobat\plug_ins\Search5.DEU
MOD - [2006.10.23 01:33:02 | 000,008,192 | ---- | M] () -- E:\Programme\Acrobat\plug_ins\Reflow.deu
MOD - [2006.10.23 01:32:30 | 000,011,264 | ---- | M] () -- E:\Programme\Acrobat\plug_ins\pddom.DEU
MOD - [2006.10.23 01:31:30 | 000,013,312 | ---- | M] () -- E:\Programme\Acrobat\plug_ins\Hls.deu
MOD - [2006.10.23 01:30:32 | 000,028,672 | ---- | M] () -- E:\Programme\Acrobat\plug_ins\eBook.DEU
MOD - [2006.08.31 09:28:18 | 000,008,704 | R--- | M] () -- E:\Programme\Acrobat\plug_ins\InDesignPI.DEU
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - File not found [Auto | Stopped] -- E:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - File not found [Auto | Stopped] -- E:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.30 13:56:52 | 003,048,136 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012.05.03 23:43:55 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2012.05.03 08:31:10 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- E:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.03.11 23:13:21 | 001,983,232 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV - [2012.01.18 06:21:52 | 000,737,184 | ---- | M] (Enigma Software Group USA, LLC.) [Auto | Running] -- C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe -- (SpyHunter 4 Service)
SRV - [2011.11.17 18:39:02 | 003,993,576 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\WINDOWS\system32\GameMon.des -- (npggsvc)
SRV - [2011.10.03 05:06:18 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- E:\Program Files\Java\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2011.06.10 22:54:55 | 000,641,464 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe -- (vpnagent)
SRV - [2010.03.04 22:38:00 | 000,071,096 | ---- | M] () [Auto | Running] -- E:\Programme\CDBurnerXP\NMSAccessU.exe -- (NMSAccess)
SRV - [2009.09.08 23:12:51 | 000,116,104 | ---- | M] () [Auto | Running] -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- D:\INSTALL\GMSIPCI.SYS -- (GMSIPCI)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - File not found [Kernel | System | Stopped] -- E:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2012.04.04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012.03.11 23:13:46 | 000,097,760 | ---- | M] (COMODO) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\inspect.sys -- (Inspect)
DRV - [2012.03.11 23:13:45 | 000,031,704 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cmdhlp.sys -- (cmdHlp)
DRV - [2012.03.11 23:13:44 | 000,494,968 | ---- | M] (COMODO) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\cmdGuard.sys -- (cmdGuard)
DRV - [2011.12.08 06:22:26 | 000,136,808 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadmdm.sys -- (ssadmdm)
DRV - [2011.12.08 06:22:26 | 000,121,064 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM)
DRV - [2011.12.08 06:22:26 | 000,030,312 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadadb.sys -- (androidusb)
DRV - [2011.12.08 06:22:26 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter)
DRV - [2011.06.10 22:42:41 | 000,019,192 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vpnva.sys -- (vpnva)
DRV - [2011.05.06 15:57:10 | 000,013,904 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
DRV - [2011.03.08 14:40:58 | 000,020,032 | ---- | M] (Devguru Co., Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\dgderdrv.sys -- (dgderdrv)
DRV - [2010.03.01 11:05:19 | 000,124,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2010.02.16 15:24:01 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009.11.12 14:48:56 | 000,005,504 | ---- | M] () [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009.08.19 02:05:56 | 000,100,368 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2009.08.13 18:27:00 | 004,485,632 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2009.05.11 11:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2008.09.24 10:40:22 | 004,122,368 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2004.08.03 22:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [1999.10.21 16:10:52 | 000,095,336 | ---- | M] (EPPSCAN WDM Driver) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\EPPSCAN.sys -- (EPPSCSIx)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
IE - HKU\S-1-5-21-1844237615-823518204-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-1844237615-823518204-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1844237615-823518204-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_257.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: E:\Programme\Mozilla Plugins\npitunes.dll File not found
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: E:\Programme\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: E:\Program Files\Java\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.1.13: E:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.1.13: E:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.1.13: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.1.13: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.1.13: E:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.0: E:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\jqs@sun.com: E:\Program Files\Java\lib\deploy\jqs\ff [2011.05.26 18:48:40 | 000,000,000 | ---D | M]
 
 
O1 HOSTS File: ([2011.11.19 16:43:43 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Complitly) - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Documents and Settings\xxxxx\Application Data\Complitly\Complitly.dll (SimplyGen)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - E:\Programme\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - E:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - E:\Program Files\Java\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - E:\Program Files\Java\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (IEButton Class) - {F81D52BF-F2F1-4F49-BF5F-05664E803039} - E:\Program Files\UnH Solutions\Flash Saving Plugin\FlashSButton.dll (UnH Solutions)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - E:\Programme\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-1844237615-823518204-682003330-1003\..\Toolbar\ShellBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - E:\Programme\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-1844237615-823518204-682003330-1003\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - E:\Programme\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [avgnt] "E:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min File not found
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TkBellExe] E:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [u9OL0J5DO04DjkD] C:\Documents and Settings\xxxxx\Application Data\hjnwr46js6ju.exe File not found
O4 - HKU\S-1-5-21-1844237615-823518204-682003330-1003..\Run: [KiesPDLR] E:\Programme\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - HKU\S-1-5-21-1844237615-823518204-682003330-1003..\Run: [Registry Reviver] E:\Programme\Registry Reviver\RegistryReviver.exe File not found
O4 - HKU\S-1-5-21-1844237615-823518204-682003330-1003..\Run: [u9OL0J5DO04DjkD] C:\Documents and Settings\xxxxx\Application Data\hjnwr46js6ju.exe File not found
O4 - HKU\.DEFAULT..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\xxxxx\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\xxxxx\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\xxxxx\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1844237615-823518204-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00  [binary data]
O8 - Extra context menu item: An vorhandenes PDF anfügen - E:\Programme\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - E:\Programme\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - E:\Programme\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - E:\Programme\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - E:\Programme\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Free YouTube Download - C:\Documents and Settings\xxxxx\Application Data\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Documents and Settings\xxxxx\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: In Adobe PDF konvertieren - E:\Programme\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - F:\Programme\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Save Flash - E:\Program Files\UnH Solutions\Flash Saving Plugin\FlashSButton.dll (UnH Solutions)
O8 - Extra context menu item: Save YouTube Video - E:\Program Files\UnH Solutions\Flash Saving Plugin\FlashSButton.dll (UnH Solutions)
O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - E:\Programme\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - E:\Programme\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: Flash Decompiler SWF Capture tool - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - E:\Program Files\Eltima Software\Flash Decompiler Trillix\saveflash\iebt.dll (Eltima)
O9 - Extra 'Tools' menuitem : Flash Decompiler SWF Capture tool menu - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - E:\Program Files\Eltima Software\Flash Decompiler Trillix\saveflash\iebt.dll (Eltima)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - E:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - E:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\Programme\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1656CD7F-B110-4856-A785-9A8DA61E0CC8}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - E:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (C:\WINDOWS\system32\guard32.dll) - C:\WINDOWS\system32\guard32.dll (COMODO)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-1844237615-823518204-682003330-1003 Winlogon: UserInit - (C:\Documents and Settings\xxxxx\Application Data\hjnwr46js6ju.exe) -  File not found
O20 - HKU\S-1-5-21-1844237615-823518204-682003330-1003 Winlogon: UserInit - (C:\WINDOWS\System32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011.02.14 17:19:59 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008.01.25 22:40:39 | 000,000,000 | ---- | M] () - H:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.06.20 09:18:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\xxxxx\Desktop\TroBord
[2012.06.18 23:36:58 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.06.18 00:56:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ClickPotato
[2012.06.18 00:56:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ATI Stream SDK v2
[2012.06.18 00:30:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\xxxxx\Desktop\New Folder
[2012.06.16 22:40:07 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0
[2012.06.16 20:05:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2012.06.13 23:49:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\GretagMacbeth
[2012.06.13 23:48:59 | 000,026,045 | ---- | C] (GretagMacbeth) -- C:\WINDOWS\System32\drivers\i1.sys
[2012.06.08 00:06:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WinSTAT für Excel
[2012.06.08 00:05:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\xxxxx\Local Settings\Application Data\Downloaded Installations
[2012.06.07 23:58:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\xxxxx\Local Settings\Application Data\Deployment
[2012.06.06 22:28:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\xxxxx\Application Data\Design Science
[2012.06.06 00:36:46 | 000,000,000 | ---D | C] -- C:\Program Files\Dropbox
[2012.05.29 22:54:04 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2012.05.29 22:54:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype
[2012.05.29 00:37:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\xxxxx\Start Menu\Programs\Adobe
[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.06.20 09:19:50 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\xxxxx\defogger_reenable
[2012.06.20 09:17:31 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.06.20 09:11:47 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1844237615-823518204-682003330-1003.job
[2012.06.20 09:11:38 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1844237615-823518204-682003330-1003.job
[2012.06.20 09:09:06 | 000,002,048 | ---- | M] () -- C:\WINDOWS\bootstat.dat
[2012.06.16 15:26:19 | 000,000,427 | ---- | M] () -- C:\WINDOWS\i1Share.ini
[2012.06.13 00:51:47 | 000,165,376 | ---- | M] () -- C:\Documents and Settings\xxxxx\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.06.08 11:23:04 | 000,000,400 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2012.06.07 23:32:24 | 000,472,232 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012.06.07 23:32:24 | 000,075,326 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012.06.07 11:40:39 | 000,181,832 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012.06.06 00:37:06 | 000,001,024 | ---- | M] () -- C:\Documents and Settings\xxxxx\Start Menu\Programs\Startup\Dropbox.lnk
[2012.06.06 00:36:37 | 000,001,008 | ---- | M] () -- C:\Documents and Settings\xxxxx\Desktop\Dropbox.lnk
[2012.06.04 15:48:26 | 000,000,026 | ---- | M] () -- C:\Documents and Settings\xxxxx\Desktop\speicher_frei.vbs
[2012.06.03 15:12:22 | 000,002,177 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2012.05.26 12:32:55 | 000,000,081 | ---- | M] () -- C:\Documents and Settings\xxxxx\Application Data\Microsoft\Internet Explorer\Quick Launch\Desktop anzeigen.scf
[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.06.20 09:19:50 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\xxxxx\defogger_reenable
[2012.06.18 00:56:18 | 000,001,510 | ---- | C] () -- C:\Documents and Settings\xxxxx\Application Data\Microsoft\Internet Explorer\Quick Launch\Opera.lnk
[2012.06.18 00:56:18 | 000,001,498 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Opera.lnk
[2012.06.18 00:56:18 | 000,001,367 | ---- | C] () -- C:\Documents and Settings\xxxxx\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk
[2012.06.18 00:56:18 | 000,000,847 | ---- | C] () -- C:\Documents and Settings\xxxxx\Application Data\Microsoft\Internet Explorer\Quick Launch\SMART_HDD.lnk
[2012.06.18 00:56:18 | 000,000,804 | ---- | C] () -- C:\Documents and Settings\xxxxx\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2012.06.18 00:56:18 | 000,000,779 | ---- | C] () -- C:\Documents and Settings\xxxxx\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012.06.18 00:56:18 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\xxxxx\Application Data\Microsoft\Internet Explorer\Quick Launch\CDBurnerXP.lnk
[2012.06.18 00:56:18 | 000,000,609 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Messenger.lnk
[2012.06.18 00:56:18 | 000,000,572 | ---- | C] () -- C:\Documents and Settings\xxxxx\Application Data\Microsoft\Internet Explorer\Quick Launch\Samsung Kies.lnk
[2012.06.18 00:56:18 | 000,000,499 | ---- | C] () -- C:\Documents and Settings\xxxxx\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to explorer.exe.lnk
[2012.06.18 00:56:18 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\xxxxx\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2012.06.18 00:56:17 | 000,002,553 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office Word Viewer 2003.lnk
[2012.06.18 00:56:17 | 000,001,986 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\MSN.lnk
[2012.06.18 00:56:16 | 000,001,830 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Apple Software Update.lnk
[2012.06.18 00:56:16 | 000,001,628 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Photoshop CS2.lnk
[2012.06.18 00:56:16 | 000,001,560 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe LiveCycle Designer 8.0.lnk
[2012.06.18 00:56:16 | 000,000,675 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Audacity 1.3 Beta (Unicode).lnk
[2012.06.18 00:56:16 | 000,000,628 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\CDBurnerXP.lnk
[2012.06.18 00:56:15 | 000,002,371 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Acrobat Distiller 8.lnk
[2012.06.18 00:56:15 | 000,002,055 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Acrobat 8 Professional.lnk
[2012.06.18 00:56:15 | 000,001,744 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Help Center.lnk
[2012.06.18 00:56:15 | 000,001,726 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Bridge.lnk
[2012.06.18 00:56:15 | 000,001,623 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe ImageReady CS2.lnk
[2012.06.16 01:42:27 | 000,189,566 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1844237615-823518204-682003330-1003-0.dat
[2012.06.13 23:48:17 | 000,000,427 | ---- | C] () -- C:\WINDOWS\i1Share.ini
[2012.06.08 04:41:40 | 000,189,566 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2012.06.04 15:42:38 | 000,000,026 | ---- | C] () -- C:\Documents and Settings\xxxxx\Desktop\speicher_frei.vbs
[2012.05.26 12:32:55 | 000,000,081 | ---- | C] () -- C:\Documents and Settings\xxxxx\Application Data\Microsoft\Internet Explorer\Quick Launch\Desktop anzeigen.scf
[2012.05.11 16:54:38 | 000,000,499 | ---- | C] () -- C:\WINDOWS\Shortcut (2) to explorer.exe.lnk
[2012.04.26 09:21:44 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011.12.10 21:32:36 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2011.12.10 21:32:35 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2011.12.10 21:32:31 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2011.09.27 21:34:51 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2011.06.22 09:58:16 | 000,064,110 | ---- | C] () -- C:\WINDOWS\System32\UpdateList.dat
[2011.05.13 23:08:15 | 000,005,504 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2011.05.11 13:54:59 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\Snape50.bin
[2011.05.11 13:54:59 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\Snape40.bin
[2011.04.27 20:28:43 | 000,000,383 | ---- | C] () -- C:\WINDOWS\psnetwork.ini
[2011.04.05 22:09:48 | 000,059,904 | ---- | C] () -- C:\WINDOWS\System32\OVDecode.dll
[2011.03.10 18:15:40 | 000,000,056 | ---- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2011.03.08 14:41:06 | 000,030,568 | ---- | C] () -- C:\WINDOWS\MusiccityDownload.exe
[2011.03.08 14:41:04 | 000,974,848 | ---- | C] () -- C:\WINDOWS\System32\cis-2.4.dll
[2011.03.08 14:41:04 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\issacapi_bs-2.3.dll
[2011.03.08 14:41:04 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\issacapi_pe-2.3.dll
[2011.03.08 14:41:04 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\issacapi_se-2.3.dll
[2011.03.02 20:00:20 | 001,386,040 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011.02.16 14:46:17 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2011.02.16 14:46:16 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2011.02.16 14:39:54 | 000,000,499 | ---- | C] () -- C:\WINDOWS\Shortcut to explorer.exe.lnk
[2011.02.16 01:26:24 | 000,000,008 | ---- | C] () -- C:\WINDOWS\System32\PROTOCOL.INI
[2011.02.15 18:59:41 | 000,165,376 | ---- | C] () -- C:\Documents and Settings\xxxxx\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.02.15 01:55:39 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2011.02.14 18:03:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2011.02.14 17:58:46 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011.02.14 17:57:22 | 000,181,832 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011.02.14 17:54:05 | 000,593,920 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2011.02.14 17:53:57 | 000,887,724 | R--- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2011.02.14 17:53:57 | 000,197,654 | R--- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2011.02.14 17:53:57 | 000,000,003 | R--- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2011.02.14 17:22:16 | 000,002,048 | ---- | C] () -- C:\WINDOWS\bootstat.dat
[2011.02.14 17:16:43 | 000,022,704 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
 
========== LOP Check ==========
 
[2011.02.22 15:23:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Opera
[2012.05.07 09:50:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AutoUpdate
[2011.05.13 23:08:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Canneverbe Limited
[2011.02.24 14:00:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2011.02.24 14:03:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJMyPrinter
[2012.04.02 08:48:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJPLM
[2012.05.16 00:00:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cisco
[2011.05.26 18:52:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\elsterformular
[2012.04.26 14:29:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PMB Files
[2011.04.04 16:18:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Samsung
[2012.06.08 04:14:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011.02.16 14:33:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011.09.21 23:58:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\xxxxx\Application Data\Audacity
[2012.05.07 10:18:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\xxxxx\Application Data\BL-Soft
[2011.05.13 23:08:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\xxxxx\Application Data\Canneverbe Limited
[2012.02.26 20:23:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\xxxxx\Application Data\Complitly
[2012.06.06 22:28:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\xxxxx\Application Data\Design Science
[2012.06.20 09:12:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\xxxxx\Application Data\Dropbox
[2012.04.12 12:35:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\xxxxx\Application Data\DVDVideoSoft
[2012.04.12 12:31:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\xxxxx\Application Data\DVDVideoSoftIEHelpers
[2012.03.19 11:30:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\xxxxx\Application Data\elsterformular
[2011.02.14 23:45:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\xxxxx\Application Data\GetRightToGo
[2011.09.21 22:43:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\xxxxx\Application Data\Iggels
[2012.03.07 18:22:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\xxxxx\Application Data\MyPhoneExplorer
[2012.04.12 12:31:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\xxxxx\Application Data\OpenCandy
[2012.03.14 01:48:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\xxxxx\Application Data\OpenOffice.org
[2011.06.16 12:00:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\xxxxx\Application Data\Opera
[2011.04.27 20:23:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\xxxxx\Application Data\PPMate
[2011.11.19 16:43:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\xxxxx\Application Data\ppStream
[2011.02.23 13:49:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\xxxxx\Application Data\Reviversoft
[2011.04.04 16:18:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\xxxxx\Application Data\Samsung
[2011.09.13 11:40:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\xxxxx\Application Data\Systweak
[2012.03.02 17:02:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\xxxxx\Application Data\Temp
[2011.12.10 21:33:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\xxxxx\Application Data\Video DVD Maker FREE
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DED17083
 
< End of report >
--- --- ---


und die beiden Anderen gezippt:

 

Themen zu GVU Virus eingefangen
about, alternate, audacity, branding, canon, cdburnerxp, computer, desktop, device driver, disabletaskmgr, download, enigma, explorer.exe, gen, gvu virus, gvu virus eingefangen, launch, locker, löschen, lösung, malwarebytes, microsoft, microsoft office word, neu, plug-in, programme, rechner, registry, saving, seite, software, suche, surfen, temp, this, trojaner-board, version=1.0, virus, win32/psw.agent.bupxgwl, win32/toolbar.babylon, windowsunlocker, zugriff


« Windows Sperrung bei Internetverbindung. Soll 100 Eurozahlen | Schoolhouses & Corps + ? »


Ähnliche Themen: GVU Virus eingefangen


  1. virus eingefangen
    Log-Analyse und Auswertung - 18.10.2014 (15)
  2. virus eingefangen
    Log-Analyse und Auswertung - 12.10.2014 (1)
  3. Virus eingefangen
    Log-Analyse und Auswertung - 26.02.2014 (3)
  4. Virus eingefangen ?
    Plagegeister aller Art und deren Bekämpfung - 28.01.2014 (1)
  5. GVU Virus eingefangen
    Plagegeister aller Art und deren Bekämpfung - 20.02.2013 (5)
  6. Virus eingefangen..
    Plagegeister aller Art und deren Bekämpfung - 07.02.2013 (1)
  7. BKA-Virus 1.13 eingefangen!
    Log-Analyse und Auswertung - 03.09.2012 (3)
  8. S.M.A.R.T. HDD Virus eingefangen
    Log-Analyse und Auswertung - 12.04.2012 (3)
  9. 50 € Virus eingefangen
    Plagegeister aller Art und deren Bekämpfung - 07.02.2012 (29)
  10. BKA-Virus eingefangen
    Plagegeister aller Art und deren Bekämpfung - 14.01.2012 (33)
  11. Virus eingefangen? HJT Log
    Log-Analyse und Auswertung - 26.02.2010 (3)
  12. Virus eingefangen
    Plagegeister aller Art und deren Bekämpfung - 22.09.2008 (9)
  13. Virus eingefangen - Virus.Win32.AutoRun.ah
    Plagegeister aller Art und deren Bekämpfung - 01.08.2007 (14)
  14. Virus eingefangen?
    Log-Analyse und Auswertung - 07.11.2006 (1)
  15. Virus eingefangen
    Log-Analyse und Auswertung - 20.05.2006 (10)
  16. Virus eingefangen
    Log-Analyse und Auswertung - 25.12.2005 (6)
  17. virus eingefangen!???
    Plagegeister aller Art und deren Bekämpfung - 26.05.2004 (15)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema GVU Virus eingefangen - Hallo liebes Trojaner-Board Team, Ich habe mir beim surfen einen GVU Trojaner eingefangen. Nach meiner Suche im Netzt wäre die beste Lösung gewesen den Computer neu aufzusetzen, hätte ich ja - GVU Virus eingefangen...
Archiv
Du betrachtest: GVU Virus eingefangen auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19