| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: GVU Trojaner (andere Version als 2.04) mit Webcam Fenster in der WarnungWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
02.07.2012, 13:36
| #1 |
 |  GVU Trojaner (andere Version als 2.04) mit Webcam Fenster in der Warnung Hallo Leute, Gestern brachte mir ein Kumpel seinen Laptop vorbei, er hat sich den GVU Trojaner eingefangen. Wie genau der Trojaner auf den Rechner kam war ihm schleierhaft, aber ich denke das abgelaufene Antivirenprogramm hat dazu beigetragen... Ich habe ihm geraten den PC komplett zu formatieren und alles neu zu installieren, aber von der Idee war er nicht sehr begeistert. Ich habe mich also an den "Für alle Hilfesuchenden" Thread gehalten und die Programme durchlaufen lassen. Von anderen Tools habe ich erstmal die Finger gelassen (habe bei anderen Fällen z.B. die C't Desinfec't CD genutzt oder diverse Reinigungs-CD's der AV-Hersteller, aber das war meist ineffektiv) und auch die Anleitung des BSI habe ich nicht verwendet, da die Warnmeldung etwas anders aussieht als bei der Version 2.04 des GVU Trojaners. Zum "Erscheinungsbild" des Trojaners: Die Warnmeldung erscheint nur, wenn eine Internetverbindung besteht, habe also die WLAN Verbindung deaktiviert. Wenn die Warnmeldung erscheint kann man zwar per STRG+Alt+Entf das Menü aufrufen, aber den Taskmanager kann man nicht mehr starten (er öffnet zwar, verschwindet dann aber sofort). Desweiteren befindet sich oben rechts in der Ecke der Warnmeldung ein "Livestream" der Webcam, die im Laptop eingebaut ist. Defogger wurde ohne Fehlermeldungen ausgeführt. Die Antivirensoftware (Trend Micro) wurde schon vom Besitzer entfernt, da sie nicht mehr aktuell war (der Plan sah vor diese zu entfernen und durch eine andere zu ersetzen, aber ich habe daran lieber nichts mehr verändert). Gmer habe ich nicht durchlaufen lassen, da es ein 64bit OS ist. Hier die Logfiles: Extras.txt Code:
ATTFilter OTL Extras logfile created on: 7/2/2012 1:31:08 PM - Run 1
OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\Jonas\Desktop
64bit- Professional (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3.97 Gb Total Physical Memory | 2.48 Gb Available Physical Memory | 62.49% Memory free
7.93 Gb Paging File | 6.38 Gb Available in Paging File | 80.46% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 116.44 Gb Total Space | 21.30 Gb Free Space | 18.29% Space Free | Partition Type: NTFS
Drive D: | 332.72 Gb Total Space | 332.43 Gb Free Space | 99.91% Space Free | Partition Type: NTFS
Drive E: | 237.97 Mb Total Space | 203.71 Mb Free Space | 85.60% Space Free | Partition Type: FAT32
Computer Name: JONAS-PC | User Name: Jonas | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AutoUpdateDisableNotify" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0B6FA762-3CB1-4177-8E23-8FF037FC57A1}" = lport=137 | protocol=17 | dir=in | app=system |
"{0BEAB224-666B-46FF-99EF-37A7BA62D13F}" = lport=2869 | protocol=6 | dir=in | app=system |
"{10131A76-FFB2-400B-AB25-50F115D16019}" = rport=139 | protocol=6 | dir=out | app=system |
"{190D497E-883E-4427-8170-F3CBF6E6881B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2911C209-BFE0-4F8F-A91D-8BF15278089D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{33761E2B-AC91-4739-880B-FB2CBD9D0D64}" = rport=138 | protocol=17 | dir=out | app=system |
"{3BBC8DFF-6B01-43FB-A875-10CB582133A8}" = rport=445 | protocol=6 | dir=out | app=system |
"{3D8A20FE-CFB3-4B78-A691-76886B2F5DCA}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5354C26A-88BF-4FF5-824E-9B960E149F8D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{56F94724-9713-495F-9227-E02ED5572D68}" = rport=137 | protocol=17 | dir=out | app=system |
"{6FED358B-749B-45DC-8290-8F835BC5C93E}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{78E49E23-2A52-4775-9C0A-B7ACFA030E48}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{7B6B45FF-5F7A-4AFF-A294-ED2AB3BE1F31}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{803F9D04-B2DE-473C-B07F-94A1ADC25DF0}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8833BE8A-4989-4D33-B2F2-4A74FAF71B9C}" = lport=138 | protocol=17 | dir=in | app=system |
"{8A85F1F4-8A5A-4E97-AF30-51FFD708FD08}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{A85E531C-7981-44ED-AA20-9969B2C1FD9F}" = rport=10243 | protocol=6 | dir=out | app=system |
"{AE8F33F0-17FF-4276-8E9E-8C25EFAD252B}" = lport=445 | protocol=6 | dir=in | app=system |
"{B47D747A-426F-4D02-9281-3CA3458E729A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C0DAB8D4-C2D2-4B66-9300-C6B4F080B123}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{C4B5C9E4-9D40-46B1-934F-09E25EFD9B5C}" = lport=10243 | protocol=6 | dir=in | app=system |
"{CD959B54-BA14-44F7-BEE8-6ED837FB74BE}" = lport=139 | protocol=6 | dir=in | app=system |
"{E7F4569C-3327-4E27-BA30-73F1525DE074}" = lport=2869 | protocol=6 | dir=in | app=system |
"{F37F5B4F-BF08-41AA-A4C4-89BBC98B0A46}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1CC37B70-99B3-42BE-B4E6-B18E44762916}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{271FBD07-E284-48A5-82FE-25383A608121}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{30C479CC-D077-4539-BE7F-2B40291FF195}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{359BD1BD-A8B6-41AE-A5C2-60A561E7E1C7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{3DD37BF5-A414-4BB6-A445-808391522105}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{3F3E9133-0176-4B3B-A949-54D0A8747785}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{4CB5B4C8-46BF-46FC-B1F3-F931BD88B403}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{521C41FE-EE9F-4BBF-B48F-CC6CF37D17D0}" = protocol=6 | dir=out | app=system |
"{5C9B19FD-E628-4E61-BE35-3CB594B14550}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{5FABDEBF-6BFD-4348-AAB9-2B938BAEABF7}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd9.exe |
"{670D029F-9D42-447E-9639-5F647828555B}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{698A0700-B825-4EC4-BA2A-FB3613FC2AB4}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{724FB737-12FC-413A-9AE6-437E7150AF3B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{79049096-24F0-492F-B492-7B4903E21564}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
"{7A1C54AF-290E-4E07-AF18-B04BD75C5F0F}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{943F951E-2D7E-4F58-841C-3F19DED18941}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A7880C71-DAB7-4472-9765-3EC6F66D31A7}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd cinema\powerdvdcinema.exe |
"{AEAFB576-BC1C-4BB0-919C-5B4FAA9CF6FF}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{B9271A92-184F-4D1A-BBC4-D8012DA71668}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D004E78F-F107-4527-A94A-CFD415762F40}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{DC9EB7AA-AA2C-4B13-A30A-13052AA4DE0E}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{DEAFE730-2F55-46AB-846E-36123DA3C190}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{E50C732E-8A0B-477C-86B6-6E3EFBE1CC61}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F8C41CF9-ECC0-4D87-B431-8DA4DEE5A838}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{FF559DB6-DBB0-4A9F-B763-6A4C97044024}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{7F177383-A511-43A1-9BB8-570E4ECF7FB8}C:\program files (x86)\icq7.2\icq.exe" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe |
"TCP Query User{AF65EA5D-918C-4596-B5FA-0B860DA15FAD}C:\users\jonas\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\jonas\appdata\roaming\spotify\spotify.exe |
"UDP Query User{193952AD-ECC5-431E-8504-C939AABE5DC9}C:\program files (x86)\icq7.2\icq.exe" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe |
"UDP Query User{89A92AF4-D2F6-4E1D-B50B-06204A4E0F01}C:\users\jonas\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\jonas\appdata\roaming\spotify\spotify.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{13F4A7F3-EABC-4261-AF6B-1317777F0755}" = Fast Boot
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{48B0F24F-B828-4B1A-A22E-C65454B32A7A}" = Windows Live Family Safety
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{90120000-0028-0404-1000-0000000FF1CE}" = Microsoft Office IME (Chinese (Traditional)) 2007
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0404-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Chinese (Traditional)) 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{90120000-002A-0408-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Greek) 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-002A-040C-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (French) 2007
"{90120000-002A-040D-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Hebrew) 2007
"{90120000-002A-0410-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Italian) 2007
"{90120000-002A-0413-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Dutch) 2007
"{90120000-002A-0816-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Portuguese (Portugal)) 2007
"{90120000-002A-0C0A-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Spanish) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{91EFE3A1-585E-4F66-B5F6-F118F56C4C47}" = ASUS Power4Gear Hybrid
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software
"{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}" = SRS Premium Sound Control Panel
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"3932CA781A7894D20116FDF60F878301800EA8AB" = Windows Driver Package - Broadcom Bluetooth (09/11/2009 6.2.0.9407)
"3BA80AB4C7E9F8497C115C844953A3D4BEB84D21" = Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800)
"ASUS WebStorage" = ASUS WebStorage
"B24074592222CFC1B8ABF520F9089E49FB1763D7" = Windows Driver Package - Broadcom Bluetooth (05/27/2009 6.1.7100.0)
"Elantech" = ETDWare PS/2-x64 7.0.5.9_WHQL
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"USB 2.0 UVC 0.3M WebCam" = USB 2.0 UVC 0.3M WebCam
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{020D8396-D6D9-4B53-A9A1-83C47E2E27AA}" = Windows Live Call
"{06585B02-F20D-4AB2-9A64-86EF2AE0F8F0}" = ASUS AI Recovery
"{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}" = Wireless Console 3
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{3B05F2FB-745B-4012-ADF2-439F36B2E70B}" = ATKOSD2
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
"{5335DADB-34BA-4AE8-A519-648D78498846}" = Skype™ 5.3
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5B65EF64-1DFA-414A-8C94-7BB726158E21}" = ControlDeck
"{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail
"{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS SmartLogon
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7C05592D-424B-46CB-B505-E0013E8E75C9}" = ATK Hotkey
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110209593}" = Chicken Invaders 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115233673}" = Dream Day Wedding Married in Manhattan
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-1173957}" = Piggly FREE
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-117396510}" = Smileyville FREE
"{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8D1E61D1-1395-4E97-997F-D002DB3A5074}" = OpenOffice.org 3.2
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0015-0404-0000-0000000FF1CE}" = Microsoft Office Access MUI (Chinese (Traditional)) 2007
"{90120000-0015-0404-0000-0000000FF1CE}_PROHYBRIDR_{7B317D54-6465-4DD1-9F08-41C3CD537B4E}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-0408-0000-0000000FF1CE}" = Microsoft Office Access MUI (Greek) 2007
"{90120000-0015-0408-0000-0000000FF1CE}_PROHYBRIDR_{F86B508B-F1A2-4841-B906-CDDA3A548A2A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-040C-0000-0000000FF1CE}" = Microsoft Office Access MUI (French) 2007
"{90120000-0015-040C-0000-0000000FF1CE}_PROHYBRIDR_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-040D-0000-0000000FF1CE}" = Microsoft Office Access MUI (Hebrew) 2007
"{90120000-0015-040D-0000-0000000FF1CE}_PROHYBRIDR_{F328D99F-F535-4753-B2D4-3CD9603715F6}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-0410-0000-0000000FF1CE}" = Microsoft Office Access MUI (Italian) 2007
"{90120000-0015-0410-0000-0000000FF1CE}_PROHYBRIDR_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-0413-0000-0000000FF1CE}" = Microsoft Office Access MUI (Dutch) 2007
"{90120000-0015-0413-0000-0000000FF1CE}_PROHYBRIDR_{26257879-B20D-4D30-A429-B387A4890929}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-0816-0000-0000000FF1CE}" = Microsoft Office Access MUI (Portuguese (Portugal)) 2007
"{90120000-0015-0816-0000-0000000FF1CE}_PROHYBRIDR_{F812A9CD-23C6-4BBC-B168-ED2C68B0F003}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-0C0A-0000-0000000FF1CE}" = Microsoft Office Access MUI (Spanish) 2007
"{90120000-0015-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{D79E9128-A250-4155-BE90-2BE81DE0406A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0404-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Chinese (Traditional)) 2007
"{90120000-0016-0404-0000-0000000FF1CE}_PROHYBRIDR_{7B317D54-6465-4DD1-9F08-41C3CD537B4E}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0408-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Greek) 2007
"{90120000-0016-0408-0000-0000000FF1CE}_PROHYBRIDR_{F86B508B-F1A2-4841-B906-CDDA3A548A2A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-040C-0000-0000000FF1CE}" = Microsoft Office Excel MUI (French) 2007
"{90120000-0016-040C-0000-0000000FF1CE}_PROHYBRIDR_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-040D-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Hebrew) 2007
"{90120000-0016-040D-0000-0000000FF1CE}_PROHYBRIDR_{F328D99F-F535-4753-B2D4-3CD9603715F6}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0410-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Italian) 2007
"{90120000-0016-0410-0000-0000000FF1CE}_PROHYBRIDR_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0413-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Dutch) 2007
"{90120000-0016-0413-0000-0000000FF1CE}_PROHYBRIDR_{26257879-B20D-4D30-A429-B387A4890929}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0816-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Portuguese (Portugal)) 2007
"{90120000-0016-0816-0000-0000000FF1CE}_PROHYBRIDR_{F812A9CD-23C6-4BBC-B168-ED2C68B0F003}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0C0A-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Spanish) 2007
"{90120000-0016-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{D79E9128-A250-4155-BE90-2BE81DE0406A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0404-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Chinese (Traditional)) 2007
"{90120000-0018-0404-0000-0000000FF1CE}_PROHYBRIDR_{7B317D54-6465-4DD1-9F08-41C3CD537B4E}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0408-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Greek) 2007
"{90120000-0018-0408-0000-0000000FF1CE}_PROHYBRIDR_{F86B508B-F1A2-4841-B906-CDDA3A548A2A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (French) 2007
"{90120000-0018-040C-0000-0000000FF1CE}_PROHYBRIDR_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-040D-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Hebrew) 2007
"{90120000-0018-040D-0000-0000000FF1CE}_PROHYBRIDR_{F328D99F-F535-4753-B2D4-3CD9603715F6}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0410-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Italian) 2007
"{90120000-0018-0410-0000-0000000FF1CE}_PROHYBRIDR_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0413-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Dutch) 2007
"{90120000-0018-0413-0000-0000000FF1CE}_PROHYBRIDR_{26257879-B20D-4D30-A429-B387A4890929}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0816-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Portuguese (Portugal)) 2007
"{90120000-0018-0816-0000-0000000FF1CE}_PROHYBRIDR_{F812A9CD-23C6-4BBC-B168-ED2C68B0F003}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0C0A-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Spanish) 2007
"{90120000-0018-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{D79E9128-A250-4155-BE90-2BE81DE0406A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0404-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Chinese (Traditional)) 2007
"{90120000-0019-0404-0000-0000000FF1CE}_PROHYBRIDR_{7B317D54-6465-4DD1-9F08-41C3CD537B4E}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0408-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Greek) 2007
"{90120000-0019-0408-0000-0000000FF1CE}_PROHYBRIDR_{F86B508B-F1A2-4841-B906-CDDA3A548A2A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-040C-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (French) 2007
"{90120000-0019-040C-0000-0000000FF1CE}_PROHYBRIDR_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-040D-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Hebrew) 2007
"{90120000-0019-040D-0000-0000000FF1CE}_PROHYBRIDR_{F328D99F-F535-4753-B2D4-3CD9603715F6}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0410-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Italian) 2007
"{90120000-0019-0410-0000-0000000FF1CE}_PROHYBRIDR_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0413-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Dutch) 2007
"{90120000-0019-0413-0000-0000000FF1CE}_PROHYBRIDR_{26257879-B20D-4D30-A429-B387A4890929}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0816-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Portuguese (Portugal)) 2007
"{90120000-0019-0816-0000-0000000FF1CE}_PROHYBRIDR_{F812A9CD-23C6-4BBC-B168-ED2C68B0F003}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0C0A-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Spanish) 2007
"{90120000-0019-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{D79E9128-A250-4155-BE90-2BE81DE0406A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0404-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Chinese (Traditional)) 2007
"{90120000-001A-0404-0000-0000000FF1CE}_PROHYBRIDR_{7B317D54-6465-4DD1-9F08-41C3CD537B4E}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0408-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Greek) 2007
"{90120000-001A-0408-0000-0000000FF1CE}_PROHYBRIDR_{F86B508B-F1A2-4841-B906-CDDA3A548A2A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-040C-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (French) 2007
"{90120000-001A-040C-0000-0000000FF1CE}_PROHYBRIDR_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-040D-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Hebrew) 2007
"{90120000-001A-040D-0000-0000000FF1CE}_PROHYBRIDR_{F328D99F-F535-4753-B2D4-3CD9603715F6}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0410-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Italian) 2007
"{90120000-001A-0410-0000-0000000FF1CE}_PROHYBRIDR_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0413-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Dutch) 2007
"{90120000-001A-0413-0000-0000000FF1CE}_PROHYBRIDR_{26257879-B20D-4D30-A429-B387A4890929}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0816-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Portuguese (Portugal)) 2007
"{90120000-001A-0816-0000-0000000FF1CE}_PROHYBRIDR_{F812A9CD-23C6-4BBC-B168-ED2C68B0F003}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0C0A-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Spanish) 2007
"{90120000-001A-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{D79E9128-A250-4155-BE90-2BE81DE0406A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0404-0000-0000000FF1CE}" = Microsoft Office Word MUI (Chinese (Traditional)) 2007
"{90120000-001B-0404-0000-0000000FF1CE}_PROHYBRIDR_{7B317D54-6465-4DD1-9F08-41C3CD537B4E}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0408-0000-0000000FF1CE}" = Microsoft Office Word MUI (Greek) 2007
"{90120000-001B-0408-0000-0000000FF1CE}_PROHYBRIDR_{F86B508B-F1A2-4841-B906-CDDA3A548A2A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-040C-0000-0000000FF1CE}" = Microsoft Office Word MUI (French) 2007
"{90120000-001B-040C-0000-0000000FF1CE}_PROHYBRIDR_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-040D-0000-0000000FF1CE}" = Microsoft Office Word MUI (Hebrew) 2007
"{90120000-001B-040D-0000-0000000FF1CE}_PROHYBRIDR_{F328D99F-F535-4753-B2D4-3CD9603715F6}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0410-0000-0000000FF1CE}" = Microsoft Office Word MUI (Italian) 2007
"{90120000-001B-0410-0000-0000000FF1CE}_PROHYBRIDR_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0413-0000-0000000FF1CE}" = Microsoft Office Word MUI (Dutch) 2007
"{90120000-001B-0413-0000-0000000FF1CE}_PROHYBRIDR_{26257879-B20D-4D30-A429-B387A4890929}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0816-0000-0000000FF1CE}" = Microsoft Office Word MUI (Portuguese (Portugal)) 2007
"{90120000-001B-0816-0000-0000000FF1CE}_PROHYBRIDR_{F812A9CD-23C6-4BBC-B168-ED2C68B0F003}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0C0A-0000-0000000FF1CE}" = Microsoft Office Word MUI (Spanish) 2007
"{90120000-001B-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{D79E9128-A250-4155-BE90-2BE81DE0406A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0401-0000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2007
"{90120000-001F-0401-0000-0000000FF1CE}_PROHYBRIDR_{3E8EA473-ECCE-405F-A9CA-59446AEADD3A}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0403-0000-0000000FF1CE}" = Microsoft Office Proof (Catalan) 2007
"{90120000-001F-0403-0000-0000000FF1CE}_PROHYBRIDR_{BEADB115-DB47-4BD0-A9EC-AE585AFAB2D8}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0404-0000-0000000FF1CE}" = Microsoft Office Proof (Chinese (Traditional)) 2007
"{90120000-001F-0404-0000-0000000FF1CE}_PROHYBRIDR_{E4E8AF9E-0F8C-40E8-950A-CA40B7138049}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PROHYBRIDR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0408-0000-0000000FF1CE}" = Microsoft Office Proof (Greek) 2007
"{90120000-001F-0408-0000-0000000FF1CE}_PROHYBRIDR_{DB0C1C5A-7998-4B95-8BD5-ACACD18B0B53}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040D-0000-0000000FF1CE}" = Microsoft Office Proof (Hebrew) 2007
"{90120000-001F-040D-0000-0000000FF1CE}_PROHYBRIDR_{51590837-F141-43A8-B0EC-AEF16F1CBE78}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_PROHYBRIDR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2007
"{90120000-001F-0413-0000-0000000FF1CE}_PROHYBRIDR_{2C95E7EE-FEA7-4B3A-A6E5-DF90A88B816A}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0416-0000-0000000FF1CE}" = Microsoft Office Proof (Portuguese (Brazil)) 2007
"{90120000-001F-0416-0000-0000000FF1CE}_PROHYBRIDR_{8A524694-0CA4-476A-9301-B1E9D70FC952}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0419-0000-0000000FF1CE}" = Microsoft Office Proof (Russian) 2007
"{90120000-001F-0419-0000-0000000FF1CE}_PROHYBRIDR_{EFE123B8-9F0A-4C50-A67B-0BADF3CB00DC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-042D-0000-0000000FF1CE}" = Microsoft Office Proof (Basque) 2007
"{90120000-001F-042D-0000-0000000FF1CE}_PROHYBRIDR_{017A6981-5E03-4A97-830A-35FE0927BB7F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0456-0000-0000000FF1CE}" = Microsoft Office Proof (Galician) 2007
"{90120000-001F-0456-0000-0000000FF1CE}_PROHYBRIDR_{A3A03B41-14EA-4E50-97D8-FCF429AE0CCB}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0816-0000-0000000FF1CE}" = Microsoft Office Proof (Portuguese (Portugal)) 2007
"{90120000-001F-0816-0000-0000000FF1CE}_PROHYBRIDR_{C8246FCF-12F8-4212-BC89-6ED049BA2FB8}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0028-0404-0000-0000000FF1CE}" = Microsoft Office IME (Chinese (Traditional)) 2007
"{90120000-0028-0404-0000-0000000FF1CE}_PROHYBRIDR_{55F3B092-C18B-4E04-9E53-F794641B39F4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0028-0404-1000-0000000FF1CE}_PROHYBRIDR_{490B52AE-965C-460C-9E0F-EE65C96F7AA1}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_PROHYBRIDR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0404-1000-0000000FF1CE}_PROHYBRIDR_{B1249A88-9E86-41F6-8942-848B01D2C316}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_PROHYBRIDR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0408-1000-0000000FF1CE}_PROHYBRIDR_{58D10C7E-20DE-47F0-BAFA-37A870A625F9}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_PROHYBRIDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-040C-1000-0000000FF1CE}_PROHYBRIDR_{8283FD64-6A3B-4104-9E12-7CA25EF29A1A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-040D-1000-0000000FF1CE}_PROHYBRIDR_{CA35966E-C879-49CB-A61C-B2EF26AE54B7}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0410-1000-0000000FF1CE}_PROHYBRIDR_{C0C7E58F-D0A1-4102-855B-0B7AA2E8F1C1}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0413-1000-0000000FF1CE}_PROHYBRIDR_{1D12BC91-360E-424C-97C4-813651313660}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0816-1000-0000000FF1CE}_PROHYBRIDR_{5E03E01D-304F-474D-B85F-06B2C9AE0583}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0C0A-1000-0000000FF1CE}_PROHYBRIDR_{430AE3E6-E982-4958-90FC-1C062BC74E22}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0404-0000-0000000FF1CE}" = Microsoft Office Proofing (Chinese (Traditional)) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-002C-0408-0000-0000000FF1CE}" = Microsoft Office Proofing (Greek) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-002C-040C-0000-0000000FF1CE}" = Microsoft Office Proofing (French) 2007
"{90120000-002C-040D-0000-0000000FF1CE}" = Microsoft Office Proofing (Hebrew) 2007
"{90120000-002C-0410-0000-0000000FF1CE}" = Microsoft Office Proofing (Italian) 2007
"{90120000-002C-0413-0000-0000000FF1CE}" = Microsoft Office Proofing (Dutch) 2007
"{90120000-002C-0816-0000-0000000FF1CE}" = Microsoft Office Proofing (Portuguese (Portugal)) 2007
"{90120000-002C-0C0A-0000-0000000FF1CE}" = Microsoft Office Proofing (Spanish) 2007
"{90120000-006E-0404-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Chinese (Traditional)) 2007
"{90120000-006E-0404-0000-0000000FF1CE}_PROHYBRIDR_{B1249A88-9E86-41F6-8942-848B01D2C316}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_PROHYBRIDR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0408-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Greek) 2007
"{90120000-006E-0408-0000-0000000FF1CE}_PROHYBRIDR_{58D10C7E-20DE-47F0-BAFA-37A870A625F9}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-040C-0000-0000000FF1CE}" = Microsoft Office Shared MUI (French) 2007
"{90120000-006E-040C-0000-0000000FF1CE}_PROHYBRIDR_{8283FD64-6A3B-4104-9E12-7CA25EF29A1A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-040D-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Hebrew) 2007
"{90120000-006E-040D-0000-0000000FF1CE}_PROHYBRIDR_{CA35966E-C879-49CB-A61C-B2EF26AE54B7}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0410-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Italian) 2007
"{90120000-006E-0410-0000-0000000FF1CE}_PROHYBRIDR_{C0C7E58F-D0A1-4102-855B-0B7AA2E8F1C1}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0413-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Dutch) 2007
"{90120000-006E-0413-0000-0000000FF1CE}_PROHYBRIDR_{1D12BC91-360E-424C-97C4-813651313660}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0816-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Portuguese (Portugal)) 2007
"{90120000-006E-0816-0000-0000000FF1CE}_PROHYBRIDR_{5E03E01D-304F-474D-B85F-06B2C9AE0583}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0C0A-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Spanish) 2007
"{90120000-006E-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{430AE3E6-E982-4958-90FC-1C062BC74E22}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROHYBRIDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_PROHYBRIDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{95120000-0120-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9D48531D-2135-49FC-BC29-ACCDA5396A76}" = ASUS MultiFrame
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.1 MUI
"{B4089055-D468-45A4-A6BA-5A138DD715FC}" = Bing Bar
"{B5A5627C-0173-4DB2-ADA8-740479370F67}" = Express Gate
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C9991C9B-0783-452E-8954-AB93E2AB3B80}_is1" = Game Park Console
"{D1E5870E-E3E5-4475-98A6-ADD614524ADF}" = ATK Media
"{D3D54F3E-C5C3-443D-978F-87A72E5616E8}" = ATK Generic Function Service
"{D9D754A1-EAC5-406C-A28B-C49B1E846711}" = Windows Live Essentials
"{DE10AB76-4756-4913-BE25-55D1C1051F9A}" = WinFlash
"{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0DF4513-3C4C-4EB8-8012-2C5F70AF3988}" = ASUS FancyStart
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4BF5F6B-F695-4762-AEB2-D095A4C34D89}" = Alcor Micro USB Card Reader
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"{F73A5B18-EB75-4B2C-B32D-9457576E2417}" = Windows Live Photo Gallery
"{FA2092C5-7979-412D-A962-6485274AE1EE}" = ASUS Data Security Manager
"{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}" = Windows Live Sync
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"ASUS AP Bank_is1" = ASUS AP Bank
"Asus_ULSeries_ScreenSaver" = Asus_ULSeries_ScreenSaver
"Google Chrome" = Google Chrome
"ICQToolbar" = ICQ Toolbar
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"InstallShield_{F4BF5F6B-F695-4762-AEB2-D095A4C34D89}" = Alcor Micro USB Card Reader
"Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"PROHYBRIDR" = 2007 Microsoft Office system
"tunebite_is1" = tunebite 2.2.0.5
"WinLiveSuite_Wave3" = Windows Live Essentials
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Spotify" = Spotify
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 2/7/2012 1:17:36 PM | Computer Name = Jonas-PC | Source = System Restore | ID = 8193
Description =
Error - 2/9/2012 7:04:38 AM | Computer Name = Jonas-PC | Source = System Restore | ID = 8193
Description =
Error - 2/16/2012 6:54:23 AM | Computer Name = Jonas-PC | Source = System Restore | ID = 8193
Description =
Error - 2/17/2012 3:48:50 PM | Computer Name = Jonas-PC | Source = System Restore | ID = 8193
Description =
Error - 2/23/2012 7:21:24 AM | Computer Name = Jonas-PC | Source = System Restore | ID = 8193
Description =
Error - 2/26/2012 12:27:08 PM | Computer Name = Jonas-PC | Source = System Restore | ID = 8193
Description =
Error - 3/2/2012 3:11:35 AM | Computer Name = Jonas-PC | Source = System Restore | ID = 8193
Description =
Error - 3/6/2012 1:28:29 PM | Computer Name = Jonas-PC | Source = System Restore | ID = 8193
Description =
Error - 3/8/2012 12:38:42 PM | Computer Name = Jonas-PC | Source = System Restore | ID = 8193
Description =
Error - 3/8/2012 12:38:43 PM | Computer Name = Jonas-PC | Source = System Restore | ID = 8193
Description =
[ System Events ]
Error - 11/4/2011 11:42:09 AM | Computer Name = Jonas-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst ShellHWDetection erreicht.
Error - 11/4/2011 12:30:09 PM | Computer Name = Jonas-PC | Source = BROWSER | ID = 8032
Description =
Error - 11/5/2011 7:42:28 AM | Computer Name = Jonas-PC | Source = DCOM | ID = 10010
Description =
Error - 11/5/2011 7:42:32 AM | Computer Name = Jonas-PC | Source = DCOM | ID = 10010
Description =
Error - 12/6/2011 9:06:28 AM | Computer Name = Jonas-PC | Source = NetBT | ID = 4321
Description = Der Name "JONAS-PC :0" konnte nicht auf der Schnittstelle mit
IP-Adresse 192.168.178.22 registriert werden. Der Computer mit IP-Adresse 192.168.178.36
hat nicht zugelassen, dass dieser Computer diesen Namen verwendet.
Error - 12/26/2011 7:29:40 AM | Computer Name = Jonas-PC | Source = DCOM | ID = 10010
Description =
Error - 3/8/2012 12:58:48 PM | Computer Name = Jonas-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x800f0902 fehlgeschlagen: Sicherheitsupdate für Windows 7 für x64-basierte
Systeme (KB2645640)
Error - 3/8/2012 4:12:08 PM | Computer Name = Jonas-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x80070643 fehlgeschlagen: Windows Internet Explorer 9 für Windows 7 für
x64-basierte Systeme
Error - 6/7/2012 2:02:04 AM | Computer Name = Jonas-PC | Source = DCOM | ID = 10010
Description =
Error - 6/10/2012 10:54:28 AM | Computer Name = Jonas-PC | Source = bowser | ID = 8003
Description =
< End of report >
Code:
ATTFilter OTL logfile created on: 7/2/2012 1:31:08 PM - Run 1 OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\Jonas\Desktop 64bit- Professional (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3.97 Gb Total Physical Memory | 2.48 Gb Available Physical Memory | 62.49% Memory free 7.93 Gb Paging File | 6.38 Gb Available in Paging File | 80.46% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 116.44 Gb Total Space | 21.30 Gb Free Space | 18.29% Space Free | Partition Type: NTFS Drive D: | 332.72 Gb Total Space | 332.43 Gb Free Space | 99.91% Space Free | Partition Type: NTFS Drive E: | 237.97 Mb Total Space | 203.71 Mb Free Space | 85.60% Space Free | Partition Type: FAT32 Computer Name: JONAS-PC | User Name: Jonas | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/07/02 13:23:52 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Jonas\Desktop\OTL.exe PRC - [2012/05/25 20:19:08 | 000,932,528 | ---- | M] () -- C:\Users\Jonas\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe PRC - [2011/10/21 16:23:42 | 000,391,760 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\BingBar.exe PRC - [2011/10/21 16:23:42 | 000,259,664 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\BingApp.exe PRC - [2011/10/21 16:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE PRC - [2011/10/13 18:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE PRC - [2010/06/02 16:58:20 | 000,246,520 | ---- | M] () -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe PRC - [2010/05/20 23:59:30 | 011,312,128 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin PRC - [2010/05/20 23:59:28 | 011,318,784 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe PRC - [2010/05/13 15:04:38 | 003,058,304 | ---- | M] (ASUS) -- C:\Windows\AsScrPro.exe PRC - [2010/05/13 14:33:49 | 000,277,104 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe PRC - [2009/11/02 23:21:26 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe PRC - [2009/10/09 19:27:44 | 006,937,216 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe PRC - [2009/09/25 18:24:36 | 000,174,720 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe PRC - [2009/09/24 22:50:02 | 000,053,888 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe PRC - [2009/09/16 02:34:34 | 001,593,344 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe PRC - [2009/08/20 05:31:48 | 000,170,624 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe PRC - [2009/07/06 23:22:04 | 000,087,336 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe PRC - [2009/06/19 19:29:42 | 000,105,016 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe PRC - [2009/06/19 19:29:26 | 002,488,888 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe PRC - [2009/06/16 02:30:42 | 000,084,536 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe PRC - [2009/05/19 00:58:38 | 000,305,720 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe PRC - [2008/12/23 02:15:34 | 000,174,648 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe PRC - [2008/08/14 06:00:08 | 000,113,208 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe PRC - [2008/03/31 11:55:48 | 000,225,280 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe PRC - [2007/11/30 20:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe PRC - [2007/08/08 09:08:40 | 000,094,208 | ---- | M] () -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe ========== Modules (No Company Name) ========== MOD - [2012/06/30 04:45:38 | 000,215,200 | ---- | M] () -- C:\Users\Jonas\AppData\Local\Temp\0_0u_l.exe MOD - [2012/05/25 20:19:08 | 000,932,528 | ---- | M] () -- C:\Users\Jonas\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe MOD - [2010/05/04 15:36:28 | 000,970,752 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll MOD - [2009/11/02 23:23:36 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll MOD - [2009/11/02 23:20:10 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll MOD - [2009/09/24 22:50:02 | 000,053,888 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe MOD - [2009/09/16 02:34:34 | 001,593,344 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe MOD - [2007/11/30 20:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe ========== Win32 Services (SafeList) ========== SRV:64bit: - [2009/10/03 03:39:44 | 000,873,248 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins) SRV:64bit: - [2009/09/17 20:36:34 | 000,359,552 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Windows\SysNative\FBAgent.exe -- (AFBAgent) SRV:64bit: - [2009/07/14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV:64bit: - [2009/07/14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV:64bit: - [2007/08/08 09:08:40 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv) SRV - [2012/06/17 11:47:36 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2011/10/21 16:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc) SRV - [2011/10/13 18:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate) SRV - [2010/06/02 16:58:20 | 000,246,520 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service) SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009/06/16 02:30:42 | 000,084,536 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService) SRV - [2009/06/10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2008/03/31 11:55:48 | 000,225,280 | ---- | M] (ASUSTek Computer Inc.) [On_Demand | Running] -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe -- (ADSMService) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012/03/01 08:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011/03/11 08:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011/03/11 08:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010/08/25 20:36:04 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2010/05/13 15:04:29 | 000,035,384 | ---- | M] (ASUSTek Computer Inc) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\AsDsm.sys -- (AsDsm) DRV:64bit: - [2009/10/15 11:23:19 | 000,117,760 | ---- | M] (ELAN Microelectronic Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD) DRV:64bit: - [2009/10/05 03:33:59 | 001,542,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2009/10/02 02:47:37 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio) DRV:64bit: - [2009/09/04 07:39:07 | 000,062,464 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C) NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller (NDIS 6.20) DRV:64bit: - [2009/08/28 13:15:31 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt) DRV:64bit: - [2009/08/28 13:15:25 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid) DRV:64bit: - [2009/08/06 23:24:13 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2009/07/20 11:29:39 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr) DRV:64bit: - [2009/07/17 10:52:01 | 001,799,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC) DRV:64bit: - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/07/10 00:45:11 | 000,139,264 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel(R) DRV:64bit: - [2009/06/10 22:35:57 | 000,056,832 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SiSG664.sys -- (SiSGbeLH) DRV:64bit: - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009/05/13 03:07:19 | 000,015,928 | ---- | M] (ASUS) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ATK64AMD.sys -- (MTsensor) DRV:64bit: - [2009/04/07 09:33:07 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap) DRV:64bit: - [2008/12/09 02:35:52 | 000,061,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr) DRV:64bit: - [2008/05/24 02:27:28 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr) DRV:64bit: - [2007/07/24 20:11:32 | 000,014,904 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64) DRV:64bit: - [2006/01/24 20:23:04 | 000,026,112 | ---- | M] (RapidSolution Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tbhsd.sys -- (tbhsd) DRV - [2009/07/14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/ IE - HKCU\..\URLSearchHook: - No CLSID value found IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.selectedEngine: "ICQ Search" FF - prefs.js..browser.startup.homepage: "hxxp://www.spiegel.de/" FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.6 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.3.0.7280 FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.4.7&q=" FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/06/17 11:47:36 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/04/22 16:45:59 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/06/17 11:47:36 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/04/22 16:45:59 | 000,000,000 | ---D | M] [2010/10/09 19:28:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jonas\AppData\Roaming\mozilla\Extensions [2012/07/01 20:29:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jonas\AppData\Roaming\mozilla\Firefox\Profiles\ay8h666p.default\extensions [2012/07/01 20:31:33 | 000,000,950 | ---- | M] () -- C:\Users\Jonas\AppData\Roaming\Mozilla\Firefox\Profiles\ay8h666p.default\searchplugins\icqplugin-1.xml [2012/04/19 19:16:40 | 000,000,950 | ---- | M] () -- C:\Users\Jonas\AppData\Roaming\Mozilla\Firefox\Profiles\ay8h666p.default\searchplugins\icqplugin-2.xml [2012/04/22 16:52:03 | 000,000,950 | ---- | M] () -- C:\Users\Jonas\AppData\Roaming\Mozilla\Firefox\Profiles\ay8h666p.default\searchplugins\icqplugin-3.xml [2012/05/25 19:58:57 | 000,000,950 | ---- | M] () -- C:\Users\Jonas\AppData\Roaming\Mozilla\Firefox\Profiles\ay8h666p.default\searchplugins\icqplugin-4.xml [2012/06/10 14:08:53 | 000,000,950 | ---- | M] () -- C:\Users\Jonas\AppData\Roaming\Mozilla\Firefox\Profiles\ay8h666p.default\searchplugins\icqplugin-5.xml [2012/06/17 11:47:46 | 000,000,950 | ---- | M] () -- C:\Users\Jonas\AppData\Roaming\Mozilla\Firefox\Profiles\ay8h666p.default\searchplugins\icqplugin-6.xml [2012/03/19 20:09:28 | 000,000,168 | ---- | M] () -- C:\Users\Jonas\AppData\Roaming\Mozilla\Firefox\Profiles\ay8h666p.default\searchplugins\icqplugin.gif [2012/03/19 20:09:28 | 000,000,618 | ---- | M] () -- C:\Users\Jonas\AppData\Roaming\Mozilla\Firefox\Profiles\ay8h666p.default\searchplugins\icqplugin.src [2012/04/12 16:43:40 | 000,001,056 | ---- | M] () -- C:\Users\Jonas\AppData\Roaming\Mozilla\Firefox\Profiles\ay8h666p.default\searchplugins\icqplugin.xml [2012/04/22 16:46:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2011/04/14 19:44:02 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2012/06/17 11:47:36 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2010/10/28 17:50:26 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2012/04/22 16:45:54 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012/04/22 16:45:54 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012/04/22 16:45:54 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012/04/22 16:45:54 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012/04/22 16:45:54 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012/04/22 16:45:54 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009/06/10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation) O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll (Google Inc.) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (AlcorMicro Co., Ltd.) O4:64bit: - HKLM..\Run: [ASUS WebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe () O4:64bit: - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Setwallpaper] c:\programdata\SetWallpaper.cmd File not found O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe (ASUS) O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe (ASUS) O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe (ASUS) O4 - HKLM..\Run: [RemoteControl9] C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKCU..\Run: [Spotify] C:\Users\Jonas\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd) O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\Jonas\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe () O4 - Startup: C:\Users\Jonas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E25D2F35-7A45-450C-84C8-735231E8E30A}: DhcpNameServer = 192.168.1.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012/07/02 13:29:35 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Jonas\Desktop\OTL.exe [2012/06/14 12:24:22 | 000,000,000 | ---D | C] -- C:\Users\Jonas\Desktop\Vertriebspolitik-Dateien ========== Files - Modified Within 30 Days ========== [2012/07/02 13:32:35 | 000,010,032 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/07/02 13:32:35 | 000,010,032 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/07/02 13:30:51 | 007,149,824 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012/07/02 13:30:51 | 000,694,664 | ---- | M] () -- C:\Windows\SysNative\perfh00C.dat [2012/07/02 13:30:51 | 000,693,688 | ---- | M] () -- C:\Windows\SysNative\perfh00A.dat [2012/07/02 13:30:51 | 000,691,426 | ---- | M] () -- C:\Windows\SysNative\perfh013.dat [2012/07/02 13:30:51 | 000,689,342 | ---- | M] () -- C:\Windows\SysNative\perfh010.dat [2012/07/02 13:30:51 | 000,679,576 | ---- | M] () -- C:\Windows\SysNative\prfh0816.dat [2012/07/02 13:30:51 | 000,654,400 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012/07/02 13:30:51 | 000,616,242 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012/07/02 13:30:51 | 000,552,004 | ---- | M] () -- C:\Windows\SysNative\perfh008.dat [2012/07/02 13:30:51 | 000,385,554 | ---- | M] () -- C:\Windows\SysNative\prfh0404.dat [2012/07/02 13:30:51 | 000,353,756 | ---- | M] () -- C:\Windows\SysNative\perfh00D.dat [2012/07/02 13:30:51 | 000,137,296 | ---- | M] () -- C:\Windows\SysNative\perfc00A.dat [2012/07/02 13:30:51 | 000,133,986 | ---- | M] () -- C:\Windows\SysNative\prfc0816.dat [2012/07/02 13:30:51 | 000,133,174 | ---- | M] () -- C:\Windows\SysNative\perfc013.dat [2012/07/02 13:30:51 | 000,130,374 | ---- | M] () -- C:\Windows\SysNative\perfc00C.dat [2012/07/02 13:30:51 | 000,130,240 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012/07/02 13:30:51 | 000,127,378 | ---- | M] () -- C:\Windows\SysNative\perfc010.dat [2012/07/02 13:30:51 | 000,106,622 | ---- | M] () -- C:\Windows\SysNative\prfc0404.dat [2012/07/02 13:30:51 | 000,106,622 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012/07/02 13:30:51 | 000,089,670 | ---- | M] () -- C:\Windows\SysNative\perfc008.dat [2012/07/02 13:30:51 | 000,069,328 | ---- | M] () -- C:\Windows\SysNative\perfc00D.dat [2012/07/02 13:30:04 | 000,000,000 | ---- | M] () -- C:\Users\Jonas\defogger_reenable [2012/07/02 13:25:28 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012/07/02 13:25:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/07/02 13:24:30 | 3193,864,192 | -HS- | M] () -- C:\hiberfil.sys [2012/07/02 13:23:52 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Jonas\Desktop\OTL.exe [2012/07/02 13:23:44 | 000,050,477 | ---- | M] () -- C:\Users\Jonas\Desktop\Defogger.exe [2012/07/02 00:31:57 | 004,503,728 | ---- | M] () -- C:\ProgramData\l_u0_0.pad [2012/07/02 00:14:14 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012/07/02 00:13:17 | 000,045,056 | ---- | M] () -- C:\Windows\SysNative\acovcnt.exe [2012/06/30 04:45:39 | 000,001,879 | ---- | M] () -- C:\Users\Jonas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk [2012/06/21 09:33:27 | 000,023,116 | ---- | M] () -- C:\Users\Jonas\Documents\marketing 23.odt [2012/06/17 13:40:51 | 000,028,272 | ---- | M] () -- C:\Users\Jonas\Documents\Marketing.odt [2012/06/17 13:13:12 | 000,028,982 | ---- | M] () -- C:\Users\Jonas\Documents\Mcdonalds.odt [2012/06/14 22:21:47 | 000,471,936 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012/06/14 12:24:25 | 000,059,105 | ---- | M] () -- C:\Users\Jonas\Desktop\Vertriebspolitik.htm [2012/06/13 14:13:35 | 000,013,356 | ---- | M] () -- C:\Users\Jonas\Desktop\Unbenannt 1.odt [2012/06/11 22:47:34 | 001,120,978 | ---- | M] () -- C:\Users\Jonas\Desktop\IMG_38201.jpg [2012/06/07 08:05:26 | 000,001,856 | ---- | M] () -- C:\Windows\SysNative\AutoRunFilter.ini [2012/06/05 17:51:09 | 000,001,143 | ---- | M] () -- C:\Windows\SysNative\ServiceFilter.ini ========== Files Created - No Company Name ========== [2012/07/02 13:30:04 | 000,000,000 | ---- | C] () -- C:\Users\Jonas\defogger_reenable [2012/07/02 13:29:35 | 000,050,477 | ---- | C] () -- C:\Users\Jonas\Desktop\Defogger.exe [2012/06/30 04:45:39 | 004,503,728 | ---- | C] () -- C:\ProgramData\l_u0_0.pad [2012/06/30 04:45:39 | 000,001,879 | ---- | C] () -- C:\Users\Jonas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk [2012/06/20 20:28:58 | 000,023,116 | ---- | C] () -- C:\Users\Jonas\Documents\marketing 23.odt [2012/06/17 13:13:11 | 000,028,982 | ---- | C] () -- C:\Users\Jonas\Documents\Mcdonalds.odt [2012/06/15 10:13:00 | 000,028,272 | ---- | C] () -- C:\Users\Jonas\Documents\Marketing.odt [2012/06/14 12:24:21 | 000,059,105 | ---- | C] () -- C:\Users\Jonas\Desktop\Vertriebspolitik.htm [2012/06/13 14:13:33 | 000,013,356 | ---- | C] () -- C:\Users\Jonas\Desktop\Unbenannt 1.odt [2012/06/11 22:47:29 | 001,120,978 | ---- | C] () -- C:\Users\Jonas\Desktop\IMG_38201.jpg [2011/04/14 19:45:09 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010/10/13 18:51:34 | 000,000,024 | ---- | C] () -- C:\Windows\ATKPF.ini [2010/08/25 20:34:30 | 000,982,240 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin [2010/08/25 20:34:30 | 000,439,308 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin [2010/08/25 20:34:30 | 000,092,356 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin [2010/08/25 19:52:00 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll [2010/08/25 19:52:00 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll [2010/05/13 14:42:25 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe ========== LOP Check ========== [2010/10/10 14:07:24 | 000,000,000 | ---D | M] -- C:\Users\Jonas\AppData\Roaming\Asus WebStorage [2012/01/13 18:50:31 | 000,000,000 | ---D | M] -- C:\Users\Jonas\AppData\Roaming\ICQ [2010/10/13 18:50:11 | 000,000,000 | ---D | M] -- C:\Users\Jonas\AppData\Roaming\OpenOffice.org [2012/07/02 13:25:43 | 000,000,000 | ---D | M] -- C:\Users\Jonas\AppData\Roaming\Spotify [2010/11/09 20:53:29 | 000,000,000 | ---D | M] -- C:\Users\Jonas\AppData\Roaming\tunebite [2009/07/14 07:08:49 | 000,027,824 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:115CEE00 @Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:AB689DEA < End of report > maverick757 Geändert von maverick757 (02.07.2012 um 13:40 Uhr) Grund: Mehr Info's hinzugefügt |
|
02.07.2012, 17:16
| #2 |
| /// Malware-holic   | GVU Trojaner (andere Version als 2.04) mit Webcam Fenster in der Warnung hi
__________________hier liegt noch einiges im argen... dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user. wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts. • Starte bitte die OTL.exe • Kopiere nun das Folgende in die Textbox. Code:
ATTFilter :OTL
[2012/06/30 04:45:39 | 000,001,879 | ---- | C] () -- C:\Users\Jonas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
:Files
:Commands
[purity]
[EMPTYFLASH]
[emptytemp]
[Reboot]
• Schliesse bitte nun alle Programme. • Klicke nun bitte auf den Fix Button. • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen. • Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren. starte in den normalen modus.
__________________ |
|
02.07.2012, 17:36
| #3 |
| | GVU Trojaner (andere Version als 2.04) mit Webcam Fenster in der Warnung Vielen Dank für die schnelle Hilfe!
__________________Ich hab das Script ausgeführt und nun erscheint beim Systemstart eine Warnmeldung: RunDLL Problem beim Starten von C:\Users\Jonas\AppData\Local\Temp\0_0_u_l.exe Das angegebene Modul konnte nicht gefunden werden. Das wird wohl ein Teil der Schadsoftware sein, oder? Hier der Log: Code:
ATTFilter All processes killed
========== OTL ==========
C:\Users\Jonas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk moved successfully.
========== COMMANDS ==========
[EMPTYFLASH]
User: All Users
User: Default
User: Default User
User: Jonas
->Flash cache emptied: 3109592 bytes
User: Public
Total Flash Files Cleaned = 3.00 mb
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Jonas
->Temp folder emptied: 39864254 bytes
->Temporary Internet Files folder emptied: 136472881 bytes
->Java cache emptied: 61242 bytes
->FireFox cache emptied: 393864394 bytes
->Flash cache emptied: 0 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 303426437 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 36015673 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 868.00 mb
OTL by OldTimer - Version 3.2.53.1 log created on 07022012_182615
Files\Folders moved on Reboot...
C:\Users\Jonas\AppData\Local\Temp\0_0u_l.exe moved successfully.
C:\Users\Jonas\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
PendingFileRenameOperations files...
File C:\Users\Jonas\AppData\Local\Temp\0_0u_l.exe not found!
File C:\Users\Jonas\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!
Registry entries deleted on Reboot...
|
|
03.07.2012, 19:05
| #4 | |
| /// Malware-holic | GVU Trojaner (andere Version als 2.04) mit Webcam Fenster in der WarnungCombofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!Downloade dir bitte Combofix von einem dieser Downloadspiegel Link 1 Link 2 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
03.07.2012, 22:24
| #5 |
| | GVU Trojaner (andere Version als 2.04) mit Webcam Fenster in der Warnung So, Combofix ist ohne Fehler durchgelaufen, hier der Log: Code:
ATTFilter ComboFix 12-07-02.01 - Jonas 03.07.2012 23:04:59.1.2 - x64
Microsoft Windows 7 Professional 6.1.7600.0.1252.49.1031.18.4061.2861 [GMT 2:00]
ausgeführt von:: c:\users\Jonas\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\FullRemove.exe
D:\install.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-06-03 bis 2012-07-03 ))))))))))))))))))))))))))))))
.
.
2012-07-03 21:16 . 2012-07-03 21:16 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-02 16:26 . 2012-07-02 16:26 -------- d-----w- C:\_OTL
2012-06-29 18:24 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6B2520A8-CA8E-4ED5-85FE-1DEC18CB5DE0}\mpengine.dll
2012-06-23 16:38 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-23 16:38 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-23 16:38 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-23 16:38 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-23 16:38 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-23 16:38 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-23 16:38 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-23 16:38 . 2012-06-02 13:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-23 16:38 . 2012-06-02 13:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-14 15:59 . 2012-05-15 01:32 3144192 ----a-w- c:\windows\system32\win32k.sys
2012-06-14 15:59 . 2012-04-26 05:34 76288 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-14 15:59 . 2012-04-26 05:34 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-06-14 15:59 . 2012-04-26 05:28 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-06-14 15:59 . 2012-05-02 05:32 208896 ----a-w- c:\windows\system32\profsvc.dll
2012-06-14 15:59 . 2012-05-04 10:52 5505392 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-06-14 15:59 . 2012-05-04 10:08 3902320 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-06-14 15:59 . 2012-05-04 10:08 3958128 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-06-14 15:59 . 2012-04-28 03:50 204800 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-14 15:59 . 2012-04-07 12:18 3213824 ----a-w- c:\windows\system32\msi.dll
2012-06-14 15:59 . 2012-04-07 11:34 2342400 ----a-w- c:\windows\SysWow64\msi.dll
2012-06-14 15:58 . 2012-04-24 05:59 182272 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-14 15:58 . 2012-04-24 05:59 1460224 ----a-w- c:\windows\system32\crypt32.dll
2012-06-14 15:58 . 2012-04-24 04:47 1156608 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-06-14 15:58 . 2012-04-24 05:59 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-14 15:58 . 2012-04-24 04:47 139264 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-06-14 15:58 . 2012-04-24 04:47 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2012-06-10 12:08 . 2012-06-10 12:08 421200 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll
2012-06-10 12:08 . 2012-06-10 12:08 770384 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-02 16:31 . 2010-12-10 20:04 45056 ----a-w- c:\windows\system32\acovcnt.exe
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 00:08 143360 ----a-w- c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spotify"="c:\users\Jonas\AppData\Roaming\Spotify\Spotify.exe" [2012-05-25 9478320]
"Spotify Web Helper"="c:\users\Jonas\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-05-25 932528]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl9"="c:\program files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" [2009-07-06 87336]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"HControlUser"="c:\program files (x86)\ASUS\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"ATKOSD2"="c:\program files (x86)\ASUS\ATKOSD2\ATKOSD2.exe" [2009-10-09 6937216]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Media\DMedia.exe" [2009-08-20 170624]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
.
c:\users\Jonas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ctfmon.lnk - c:\windows\System32\rundll32.exe [2009-7-14 45568]
OpenOffice.org 3.2.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-10-3 1082144]
FancyStart daemon.lnk - c:\windows\Installer\{F0DF4513-3C4C-4EB8-8012-2C5F70AF3988}\_A1DDD39913A1970387B7B3.exe [2010-5-13 12862]
SRS Premium Sound.lnk - c:\windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe [2010-5-13 156880]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-10-21 196176]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-13 135664]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 35104]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-13 135664]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-17 113120]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [2009-06-10 56832]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [2009-09-17 359552]
S2 ASMMAP64;ASMMAP64;c:\program files\ATKGFNEX\ASMMAP64.sys [2007-07-24 14904]
S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-10-13 249648]
S2 ICQ Service;ICQ Service;c:\program files (x86)\ICQ6Toolbar\ICQ Service.exe [2010-06-02 246520]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2009-10-15 117760]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-07-09 139264]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys [2009-09-04 62464]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
Inhalt des "geplante Tasks" Ordners
.
2012-07-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-13 12:34]
.
2012-07-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-13 12:34]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-01 23:52 159744 ----a-w- c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt1_64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2009-11-26 05:49 70656 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2009-11-26 05:49 70656 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ETDWare"="c:\program files\Elantech\ETDCtrl.exe" [2009-09-30 621440]
"ASUS WebStorage"="c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe" [2009-12-24 1736704]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2009-09-01 323584]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 415256]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://start.icq.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Jonas\AppData\Roaming\Mozilla\Firefox\Profiles\ay8h666p.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://www.spiegel.de/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.4.7&q=
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
HKLM-Run-Setwallpaper - c:\programdata\SetWallpaper.cmd
AddRemove-Asus_ULSeries_ScreenSaver - c:\windows\system32\Asus_ULSeries_ScreenSaver.scr
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-07-03 23:22:31
ComboFix-quarantined-files.txt 2012-07-03 21:22
.
Vor Suchlauf: 9 Verzeichnis(se), 23.689.891.840 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 23.542.272.000 Bytes frei
.
- - End Of File - - 28FE0AA3ECB92EDD11452A3291B0FA28
 |
|
04.07.2012, 16:29
| #6 |
| /// Malware-holic | GVU Trojaner (andere Version als 2.04) mit Webcam Fenster in der Warnung malwarebytes: Downloade Dir bitte Malwarebytes
__________________ --> GVU Trojaner (andere Version als 2.04) mit Webcam Fenster in der Warnung |
|
04.07.2012, 21:37
| #7 |
| | GVU Trojaner (andere Version als 2.04) mit Webcam Fenster in der Warnung Malwarebytes ist durchgelaufen, nachdem es aktualisiert wurde, keine Funde?! Der Log: Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.61.0.1400 www.malwarebytes.org Datenbank Version: v2012.07.04.06 Windows 7 x64 NTFS Internet Explorer 9.0.8112.16421 Jonas :: JONAS-PC [Administrator] Schutz: Aktiviert 04.07.2012 20:39:48 mbam-log-2012-07-04 (20-39-48).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 514030 Laufzeit: 1 Stunde(n), 42 Minute(n), 32 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) |
|
04.07.2012, 22:34
| #8 |
| /// Malware-holic | GVU Trojaner (andere Version als 2.04) mit Webcam Fenster in der Warnung Bitte beginne damit, Windows Updates zu instalieren. Am besten geht dies, wenn du über Start, Suchen gehst, und dort Windows Updates eingibst. Prüfe unter "Einstellungen ändern" dass folgendes ausgewählt ist: - Updates automatisch Instalieren, - Täglich - Uhrzeit wählen - Bitte den gesammten rest anhaken, außer: - detailierte benachichtungen anzeigen, wenn neue Microsoft software verfügbar ist. Klicke jetzt die Schaltfläche "OK" Klicke jetzt "nach Updates suchen". Bitte instaliere zunächst wichtige Updates. Es wird nötig sein, den PC zwischendurch neu zu starten. falls dies der Fall ist, musst du erneut über Start, Suchen, Windows Update aufrufen, auf Updates suchen klicken und die nächsten instalieren. Mache das selbe bitte mit den optionalen Updates. wenn fertig, melden
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
10.07.2012, 13:35
| #9 |
| | GVU Trojaner (andere Version als 2.04) mit Webcam Fenster in der Warnung War ein paar Tage im Urlaub. Habe jetzt alle Updates installiert, wie gehts weiter? |
|
12.07.2012, 17:29
| #10 |
| /// Malware-holic | GVU Trojaner (andere Version als 2.04) mit Webcam Fenster in der Warnung lade den CCleaner standard: CCleaner Download - CCleaner 3.20.1750 falls der CCleaner bereits instaliert, überspringen. instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen. hinter, jedes von dir benötigte programm, schreibe notwendig. hinter, jedes, von dir nicht benötigte, unnötig. hinter, dir unbekannte, unbekannt. liste posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
12.07.2012, 22:35
| #11 |
| | GVU Trojaner (andere Version als 2.04) mit Webcam Fenster in der Warnung Okay, das könnte etwas schwierig werden, da es wie erwähnt der Laptop eines Kumpels ist, aber ich denke ich weiß, was er auf keinen Fall braucht (da ist auch jede Menge Müll drauf, ich bin bei sowas eher Minimalist). Mit den Windows Updates hat sich übrigens auch Securitys Essentials von Microsoft installiert. Der DLL Fehler beim Start ist immer noch nicht behoben. Ist der Virus/die Malware bereits entfernt oder startet sie nur nicht mehr? Editiere diesen Beitrag gleich mit der Liste. Hier die Liste: Code:
ATTFilter 2007 Microsoft Office system Microsoft Corporation 12.0.6612.1000 benötigt Acrobat.com Adobe Systems Incorporated 13.05.2010 1,60MB 1.6.65 unbekannt Activation Assistant for the 2007 Microsoft Office suites Microsoft Corporation 13.05.2010 unbekannt Adobe AIR Adobe Systems Inc. 13.05.2010 1.5.0.7220 unbekannt Adobe Flash Player 10 ActiveX Adobe Systems Incorporated 10.0.32.18 benötigt Adobe Flash Player 10 Plugin Adobe Systems Incorporated 10.3.181.34 benötigt Adobe Reader 9.1 MUI Adobe Systems Incorporated 13.05.2010 650MB 9.1.0 benötigt Alcor Micro USB Card Reader Alcor Micro Corp. 13.05.2010 1.5.17.25482 benötigt Alice Greenfingers Oberon Media 13.05.2010 unbekannt ASUS AI Recovery ASUS 13.05.2010 2,89MB 1.0.6 unbekannt ASUS AP Bank ASUSTEK 13.05.2010 1.0.0.0 unbekannt ASUS Data Security Manager ASUS 13.05.2010 15,1MB 1.00.0014 unbekannt ASUS FancyStart ASUSTeK Computer Inc. 13.05.2010 10,5MB 1.0.6 unbekannt ASUS LifeFrame3 ASUS 13.05.2010 27,7MB 3.0.20 unbekannt ASUS Live Update ASUS 13.05.2010 2.5.9 unbekannt ASUS MultiFrame ASUS 13.05.2010 1.0.0019 unbekannt ASUS Power4Gear Hybrid ASUS 13.05.2010 11,8MB 1.1.25 unbekannt ASUS SmartLogon ASUS 13.05.2010 10,8MB 1.0.0007 unbekannt ASUS Splendid Video Enhancement Technology ASUS 13.05.2010 24,4MB 1.02.0028 unbekannt ASUS WebStorage eCareme Technologies, Inc. 2.0.40.1319 unbekannt Asus_ULSeries_ScreenSaver unbekannt ATK Generic Function Service ATK 13.05.2010 1.00.0008 unbekannt ATK Hotkey ASUS 13.05.2010 5,74MB 1.0.0053 unbekannt ATK Media ASUS 13.05.2010 206KB 2.0.0006 unbekannt ATKOSD2 ASUS 13.05.2010 6,60MB 7.0.0007 unbekannt Bing Bar Microsoft Corporation 26.12.2011 26,8MB 7.0.850.0 unnötig CCleaner Piriform 22.06.2012 3.20 benötigt Chicken Invaders 2 Oberon Media 13.05.2010 unnötig ControlDeck ASUS 13.05.2010 1,81MB 1.0.4 unbekannt CyberLink LabelPrint CyberLink Corp. 13.05.2010 2.5.1908 unbekannt CyberLink Power2Go CyberLink Corp. 13.05.2010 6.1.3602c unbekannt CyberLink PowerDVD 9 CyberLink Corp. 13.05.2010 9.0.2311 unbekannt Dream Day Wedding Married in Manhattan Oberon Media 13.05.2010 unnötig ETDWare PS/2-x64 7.0.5.9_WHQL unbekannt Express Gate DeviceVM, Inc. 13.05.2010 382MB 1.2.13.23 unbekannt Fast Boot ASUS 13.05.2010 1,44MB 1.0.4 unbekannt Game Park Console Oberon Media, Inc. 13.05.2010 6.2.0.2 unnötig Google Chrome Google Inc. 13.05.2010 20.0.1132.47 benötigt Google Toolbar for Internet Explorer Google Inc. 13.05.2010 unnötig ICQ Toolbar ICQ 3.0.0 unnötig Intel(R) Graphics Media Accelerator Driver Intel Corporation 8.15.10.2202 benötigt Java(TM) 7 Update 5 Oracle 12.07.2012 99,3MB 7.0.50 benötigt JavaFX 2.1.1 Oracle Corporation 12.07.2012 20,8MB 2.1.1 unbekannt Malwarebytes Anti-Malware Version 1.61.0.1400 Malwarebytes Corporation 04.07.2012 1.61.0.1400 benötigt Microsoft .NET Framework 4 Client Profile Microsoft Corporation 14.06.2012 4.0.30319 unbekannt Microsoft Office File Validation Add-In Microsoft Corporation 10.07.2012 7,95MB 14.0.5130.5003 unbekannt Microsoft Office Live Add-in 1.5 Microsoft Corporation 10.07.2012 508KB 2.0.4024.1 unbekannt Microsoft Office Outlook Connector Microsoft Corporation 05.10.2010 6,11MB 12.0.6414.1000 unbekannt Microsoft Security Essentials Microsoft Corporation 10.07.2012 4.0.1526.0 benötigt Microsoft Silverlight Microsoft Corporation 18.05.2012 186MB 4.1.10329.0 unbekannt Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Corporation 05.10.2010 1,72MB 3.1.0000 unbekannt Microsoft Sync Framework Runtime Native v1.0 (x86) Microsoft Corporation 05.10.2010 625KB 1.0.1215.0 unbekannt Microsoft Sync Framework Services Native v1.0 (x86) Microsoft Corporation 05.10.2010 1,44MB 1.0.1215.0 unbekannt Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Corporation 10.10.2010 252KB 8.0.50727.4053 unbekannt Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 07.07.2011 300KB 8.0.61001 unbekannt Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 Microsoft Corporation 20.10.2010 212KB 9.0.30729.4148 unbekannt Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 Microsoft Corporation 09.10.2010 2,52MB 9.0.21022 unbekannt Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Corporation 22.07.2011 788KB 9.0.30729.6161 unbekannt Mozilla Firefox 13.0.1 (x86 de) Mozilla 13.0.1 benötigt Mozilla Maintenance Service Mozilla 13.0.1 benötigt MSXML 4.0 SP3 Parser (KB973685) Microsoft Corporation 13.05.2010 1,53MB 4.30.2107.0 unbekannt OpenOffice.org 3.2 OpenOffice.org 09.10.2010 364MB 3.2.9502 benötigt Piggly FREE Oberon Media 13.05.2010 unnötig Realtek High Definition Audio Driver Realtek Semiconductor Corp. 13.05.2010 6.0.1.5936 benötigt Skype Toolbars Skype Technologies S.A. 14.04.2011 7,67MB 5.3.7280 unnötig Skype™ 5.3 Skype Technologies S.A. 14.04.2011 22,5MB 5.3.108 benötigt Smileyville FREE Oberon Media 13.05.2010 unnötig Spotify Spotify AB 25.05.2012 0.8.3.222.g317ab79d benötigt SRS Premium Sound Control Panel SRS Labs, Inc. 13.05.2010 1,80MB 1.8.1200 benötigt tunebite 2.2.0.5 RapidSolution Software AG unbekannt USB 2.0 UVC 0.3M WebCam benötigt WIDCOMM Bluetooth Software Broadcom Corporation 13.05.2010 144MB 6.2.1.800 benötigt Windows Driver Package - Broadcom Bluetooth (05/27/2009 6.1.7100.0) Broadcom 05/27/2009 6.1.7100.0 benötigt Windows Driver Package - Broadcom Bluetooth (09/11/2009 6.2.0.9407) Broadcom 09/11/2009 6.2.0.9407 benötigt Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800) Broadcom 07/28/2009 6.2.0.9800 benötigt Windows Live Anmelde-Assistent Microsoft Corporation 10.10.2010 1,93MB 5.000.818.6 unbekannt Windows Live Essentials Microsoft Corporation 05.10.2010 14.0.8050.1202 unbekannt Windows Live Sync Microsoft Corporation 05.10.2010 2,79MB 14.0.8050.1202 unbekannt Windows Live Upload Tool Microsoft Corporation 05.10.2010 224KB 14.0.8014.1029 unbekannt WinFlash unbekannt Wireless Console 3 ASUS 13.05.2010 2,43MB 3.0.12 unbekannt Geändert von maverick757 (12.07.2012 um 23:12 Uhr) Grund: Liste angefügt |
|
13.07.2012, 18:20
| #12 |
| /// Malware-holic | GVU Trojaner (andere Version als 2.04) mit Webcam Fenster in der Warnung hi dann sprich das mal mit ihm ab die malware ist soweit runter aber der pc muss abgesichert werden
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
13.07.2012, 19:16
| #13 |
| | GVU Trojaner (andere Version als 2.04) mit Webcam Fenster in der Warnung Die Liste ist soweit fertig und mit ihm abgesprochen. Wodurch wurde die Malware denn jetzt entfernt? |
|
15.07.2012, 21:18
| #14 |
| /// Malware-holic | GVU Trojaner (andere Version als 2.04) mit Webcam Fenster in der Warnung durch otl also ist die liste von oben die richtige?
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
16.07.2012, 00:26
| #15 |
| | GVU Trojaner (andere Version als 2.04) mit Webcam Fenster in der Warnung Ja, die Liste kannst du so verwenden  |
|
| Themen zu GVU Trojaner (andere Version als 2.04) mit Webcam Fenster in der Warnung |
| alternate, aufrufe, autorun, besitzer, bho, bingbar, browser, defender, error, excel, firefox 13.0.1, flash player, google, gvu trojaner, install.exe, ip-adresse, microsoft office word, mozilla, office 2007, plug-in, programm, realtek, registry, rundll, scan, searchscopes, security, server, software, spotify web helper, svchost.exe, tcp, trojaner, udp, updates, usb, usb 2.0, warnung, webcam gvu trojaner, windows, windows internet, wlan verbindung |
Linear-Darstellung
