| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: GVU Trojaner inkl. rundll-Probleme beim SystemstartWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
| |
15.07.2012, 16:56
| #1 |
 |  GVU Trojaner inkl. rundll-Probleme beim Systemstart Hallo, mich hat es auch mit dem Trojaner erwischt. Ich habe dann Avira DE Cleaner drüberlaufen lassen. Jetzt zeigt es beim Systemstart folgendes Problem an: RUNDLL: Fehler beim Laden ..../glom0_og.exe und Fehler beim Laden C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\msonem.dll Habe nun OTL installiert und wollte einen Qick-Scan machen, der bleibt aber beim Manuel File Scan hängen. Was kann man nun tun? Welche Daten fehlen noch zum besseren Verständnis? P.S. Für mich sind das alles spanische Dörfer, also bitte "kindgerecht" antworten! Vielen Dank schon im Voraus! Gruß Hans D. |
|
15.07.2012, 17:40
| #2 |
| /// Helfer-Team  | GVU Trojaner inkl. rundll-Probleme beim Systemstart 1. Schritt Neue Version! Bitte neu runterladen! Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten. 2. Schritt Systemscan mit OTL (bebilderte Anleitung)
__________________ |
|
17.07.2012, 06:09
| #3 |
| | GVU Trojaner inkl. rundll-Probleme beim Systemstart Hallo und Danke schonmal vorab!
__________________Anbei der Scan von Malwarebytes Code:
ATTFilter Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.07.16.09 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 Besitzer :: MEIER [Administrator] 16.07.2012 19:59:53 mbam-log-2012-07-17 (06-58-31).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 424413 Laufzeit: 2 Stunde(n), 36 Minute(n), 50 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\Dokumente und Einstellungen\Besitzer\Startmenü\Programme\Autostart\ctfmon.lnk (Trojan.Ransom.Gen) -> Keine Aktion durchgeführt. (Ende) Code:
ATTFilter OTL logfile created on: 15.07.2012 18:25:53 - Run 1 OTL by OldTimer - Version 3.2.54.0 Folder = C:\Dokumente und Einstellungen\Besitzer\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,98 Gb Total Physical Memory | 1,44 Gb Available Physical Memory | 72,66% Memory free 3,83 Gb Paging File | 3,17 Gb Available in Paging File | 82,84% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 232,88 Gb Total Space | 45,12 Gb Free Space | 19,38% Space Free | Partition Type: NTFS Computer Name: MEIER | User Name: Besitzer | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.07.15 17:03:40 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Besitzer\Desktop\OTL.exe PRC - [2012.06.30 17:00:09 | 000,935,008 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe PRC - [2012.06.30 17:00:06 | 001,107,552 | ---- | M] () -- C:\Programme\AVG Secure Search\vprot.exe PRC - [2012.05.30 13:56:52 | 003,048,136 | ---- | M] (Skype Technologies S.A.) -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Skype\Toolbars\Skype C2C Service\c2c_service.exe PRC - [2012.05.03 18:37:54 | 001,226,096 | ---- | M] (Lavasoft Limited) -- C:\Programme\Ad-Aware Antivirus\AdAwareService.exe PRC - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2012.05.02 00:31:35 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.04.24 02:11:55 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2011.10.21 11:09:36 | 000,198,032 | ---- | M] (Lavasoft) -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ad-Aware Browsing Protection\adawarebp.exe PRC - [2011.10.13 17:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft\BingBar\SeaPort.EXE PRC - [2011.08.23 13:14:20 | 001,114,112 | ---- | M] (1&1 Internet AG) -- C:\Programme\1&1\1&1 EasyLogin\EasyLogin.exe PRC - [2010.04.08 15:59:26 | 000,286,720 | ---- | M] (Deutsche Telekom AG, Marmiko IT-Solutions GmbH) -- C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToADiMon.exe PRC - [2009.12.22 12:31:50 | 000,024,576 | ---- | M] () -- C:\Programme\LG Soft India\EasySetPackage\bin\TestDDCCI.exe PRC - [2009.12.22 12:30:54 | 000,159,744 | ---- | M] () -- C:\Programme\LG Soft India\EasySetPackage\bin\EasySetPackage.exe PRC - [2008.04.14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2007.01.09 18:16:12 | 000,061,440 | ---- | M] (Deutsche Telekom AG, Marmiko IT-Solutions GmbH) -- C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe PRC - [2006.03.09 15:30:34 | 000,630,905 | ---- | M] (Diskeeper® Corporation) -- C:\Programme\Diskeeper Corporation\Diskeeper\DkService.exe PRC - [2005.12.18 18:26:54 | 000,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe PRC - [2004.12.13 04:34:32 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe ========== Modules (No Company Name) ========== MOD - [2012.06.30 17:00:09 | 000,935,008 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe MOD - [2012.06.30 17:00:09 | 000,132,704 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\AVG Secure Search\SiteSafetyInstaller\11.2.0\SiteSafety.dll MOD - [2012.06.30 17:00:06 | 001,107,552 | ---- | M] () -- C:\Programme\AVG Secure Search\vprot.exe MOD - [2012.06.14 14:43:55 | 011,817,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\dbc413807cb7360b3e26ef3ca1d54f9a\System.Web.ni.dll MOD - [2012.06.13 09:22:58 | 012,433,920 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\01abbadafaf265d9f4ac9bbb247acb98\System.Windows.Forms.ni.dll MOD - [2012.06.13 09:22:35 | 001,592,320 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\d86f2038209a4cf0d0f5b30f6375c9b2\System.Drawing.ni.dll MOD - [2012.05.10 08:22:11 | 000,771,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\92d58f840f549f9bd880783d43db7e3c\System.Runtime.Remoting.ni.dll MOD - [2012.05.10 08:21:54 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\3d5b7368bde0f65aa15d9f46b498cc89\System.Configuration.ni.dll MOD - [2012.05.10 08:21:32 | 000,025,600 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\016444dfc5f7e3d11c776f2fbc7a4594\Accessibility.ni.dll MOD - [2012.05.10 07:28:16 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\3bba1b8b0b5ef0be238b011cc7a0575e\System.Xml.ni.dll MOD - [2012.05.10 07:24:26 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll MOD - [2012.05.10 07:24:10 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll MOD - [2012.04.16 23:11:02 | 000,398,288 | ---- | M] () -- C:\Programme\Avira\AntiVir Desktop\sqlite3.dll MOD - [2012.04.05 21:53:26 | 000,270,336 | ---- | M] () -- C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll MOD - [2012.03.26 21:47:33 | 000,016,832 | ---- | M] () -- C:\Programme\Adobe\Reader 9.0\Reader\ViewerPS.dll MOD - [2012.02.17 20:55:35 | 000,166,912 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll MOD - [2011.07.29 10:32:58 | 000,013,824 | ---- | M] () -- C:\Programme\1&1\1&1 EasyLogin\MasterLoginLibrary.dll MOD - [2010.03.16 12:22:12 | 000,014,848 | ---- | M] () -- C:\Programme\ATI Technologies\ATI.ACE\Core-Static\AxInterop.WBOCXLib.dll MOD - [2009.12.22 12:31:50 | 000,024,576 | ---- | M] () -- C:\Programme\LG Soft India\EasySetPackage\bin\TestDDCCI.exe MOD - [2009.12.22 12:30:54 | 000,159,744 | ---- | M] () -- C:\Programme\LG Soft India\EasySetPackage\bin\EasySetPackage.exe MOD - [2009.12.22 12:30:36 | 000,057,344 | ---- | M] () -- C:\Programme\LG Soft India\EasySetPackage\bin\Hook.dll MOD - [2009.12.22 12:30:34 | 000,065,536 | ---- | M] () -- C:\WINDOWS\system32\LGErrorHandler.dll MOD - [2009.12.22 12:30:30 | 000,012,288 | ---- | M] () -- C:\Programme\LG Soft India\EasySetPackage\bin\GerRes.dll MOD - [2009.02.27 17:41:26 | 000,311,296 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\pdfshell.DEU MOD - [2001.10.28 17:42:30 | 000,116,224 | ---- | M] () -- C:\WINDOWS\system32\pdfcmnnt.dll ========== Win32 Services (SafeList) ========== SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt) SRV - [2012.07.12 10:16:20 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.06.30 17:00:09 | 000,935,008 | ---- | M] () [Auto | Running] -- C:\Programme\Gemeinsame Dateien\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe -- (vToolbarUpdater11.2.0) SRV - [2012.06.15 00:17:46 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.06.05 15:17:44 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.05.30 13:56:52 | 003,048,136 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service) SRV - [2012.05.03 18:37:54 | 001,226,096 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Programme\Ad-Aware Antivirus\AdAwareService.exe -- (Ad-Aware Service) SRV - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.12.19 13:20:06 | 003,289,032 | ---- | M] (GFI Software) [Auto | Stopped] -- C:\Programme\Ad-Aware Antivirus\SBAMSvc.exe -- (SBAMSvc) SRV - [2011.10.21 15:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Programme\Microsoft\BingBar\BBSvc.EXE -- (BBSvc) SRV - [2011.10.13 17:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate) SRV - [2011.07.20 06:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2010.01.26 12:41:08 | 000,652,800 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2007.11.26 14:50:04 | 000,294,912 | ---- | M] (T-Systems Enterprise Services GmbH) [Disabled | Stopped] -- C:\Programme\T-Online\DSL-Manager\DslMgrSvc.exe -- (TDslMgrService) SRV - [2007.04.21 15:54:10 | 000,052,080 | ---- | M] () [On_Demand | Stopped] -- C:\Programme\IVT Corporation\BlueSoleil\StartSkysolSvc.exe -- (Start BT in service) SRV - [2007.01.09 18:16:12 | 000,061,440 | ---- | M] (Deutsche Telekom AG, Marmiko IT-Solutions GmbH) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe -- (MZCCntrl) SRV - [2006.10.26 15:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose) SRV - [2006.03.09 15:30:34 | 000,630,905 | ---- | M] (Diskeeper® Corporation) [Auto | Running] -- C:\Programme\Diskeeper Corporation\Diskeeper\DkService.exe -- (Diskeeper) SRV - [2005.12.18 18:26:54 | 000,073,728 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe -- (LightScribeService) SRV - [2005.07.08 16:24:46 | 000,871,424 | ---- | M] (Nero AG) [Disabled | Stopped] -- C:\Programme\Ahead\InCD\InCDsrv.exe -- (InCDsrv) SRV - [2004.12.13 04:34:32 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\usbaapl.sys -- (USBAAPL) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [File_System | Boot | Stopped] -- system32\DRIVERS\Lbd.sys -- (Lbd) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - [2012.04.27 10:20:04 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb) DRV - [2012.04.25 00:32:27 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt) DRV - [2012.04.16 21:17:40 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr) DRV - [2012.04.06 07:16:18 | 007,746,048 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag) DRV - [2012.02.23 14:31:22 | 000,099,856 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AtihdXP3.sys -- (AtiHDAudioService) DRV - [2011.12.19 12:44:24 | 000,335,224 | ---- | M] (GFI Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SbFw.sys -- (SbFw) DRV - [2011.12.19 12:44:24 | 000,217,976 | ---- | M] (GFI Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\sbtis.sys -- (sbtis) DRV - [2011.12.19 12:44:24 | 000,093,816 | ---- | M] (GFI Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sbhips.sys -- (sbhips) DRV - [2011.11.29 06:59:52 | 000,077,816 | ---- | M] (GFI Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\sbapifs.sys -- (sbapifs) DRV - [2011.11.29 06:59:48 | 000,021,240 | ---- | M] (GFI Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\sbaphd.sys -- (sbaphd) DRV - [2011.10.26 14:23:40 | 000,101,112 | ---- | M] (GFI Software) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\SBREDrv.sys -- (SBRE) DRV - [2011.09.29 12:16:18 | 000,094,584 | ---- | M] (GFI Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SbFwIm.sys -- (SBFWIMCLMP) DRV - [2011.09.29 12:16:18 | 000,094,584 | ---- | M] (GFI Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SbFwIm.sys -- (SBFWIMCL) DRV - [2010.08.27 13:23:08 | 000,019,200 | ---- | M] (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH) [Kernel | On_Demand | Running] -- C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\MTOnlPktAlyx.sys -- (MTOnlPktAlyX) DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2010.04.03 11:02:54 | 000,240,608 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\RsFx0150.sys -- (RsFx0150) DRV - [2010.01.21 14:53:16 | 000,018,048 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd) DRV - [2009.12.30 11:30:56 | 000,007,936 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt) DRV - [2009.12.30 11:30:48 | 000,022,016 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc) DRV - [2009.12.30 11:30:48 | 000,007,936 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev) DRV - [2009.12.22 12:30:46 | 000,019,456 | ---- | M] (LG Soft India) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\LGPII2CDriver.sys -- (LGII2CDevice) DRV - [2009.12.22 12:30:36 | 000,016,384 | ---- | M] (LG Soft India) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\LGI2CDriver.sys -- (LGDDCDevice) DRV - [2009.08.05 23:48:42 | 000,054,752 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr) DRV - [2008.08.26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd) DRV - [2008.07.02 21:38:14 | 000,089,600 | R--- | M] (ATI Research Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AtiHdmi.sys -- (AtiHdmiService) DRV - [2008.04.13 20:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm) DRV - [2007.09.12 17:24:00 | 000,026,816 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DslTestSp5.sys -- (dsltestSp5) DRV - [2007.06.26 11:53:54 | 000,013,824 | ---- | M] (T-Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tsmpkt.sys -- (TSMPacket) DRV - [2007.03.05 07:01:18 | 000,039,184 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btcusb.sys -- (Btcsrusb) DRV - [2007.03.05 07:00:04 | 000,027,792 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BlueletSCOAudio.sys -- (BlueletSCOAudio) DRV - [2007.03.05 06:59:04 | 000,018,320 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btnetdrv.sys -- (BT) DRV - [2007.03.05 06:56:18 | 000,035,600 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\BTHidMgr.sys -- (BTHidMgr) DRV - [2007.03.05 06:55:12 | 000,020,880 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\vbtenum.sys -- (BTHidEnum) DRV - [2007.03.05 06:53:18 | 000,044,304 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VcommMgr.sys -- (VcommMgr) DRV - [2007.03.05 06:52:18 | 000,034,448 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VComm.sys -- (VComm) DRV - [2007.03.05 06:51:24 | 000,034,576 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\blueletaudio.sys -- (BlueletAudio) DRV - [2006.11.21 23:41:18 | 000,022,416 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\Programme\IVT Corporation\BlueSoleil\device\Win2k\BTNetFilter.sys -- (BTNetFilter) DRV - [2006.10.09 16:03:56 | 000,017,152 | ---- | M] (Deutsche Telekom AG, Marmiko IT-Solutions GmbH) [Kernel | On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Marmiko Shared\MInfraIS\MIINPazx.sys -- (MIINPazX) DRV - [2006.10.04 10:14:26 | 000,017,280 | ---- | M] (Marmiko IT-Solutions GmbH) [Kernel | On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Marmiko Shared\MAcNdis5.sys -- (MACNDIS5) DRV - [2006.06.01 14:43:56 | 000,043,264 | R--- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HECI.sys -- (HECI) Intel(R) DRV - [2006.05.26 09:59:12 | 001,177,032 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA) DRV - [2005.12.02 19:38:04 | 000,041,728 | ---- | M] (Sonic Focus, Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sfng32.sys -- (sfng32) DRV - [2005.07.08 16:17:56 | 000,008,704 | ---- | M] (Nero AG) [Recognizer | System | Unknown] -- C:\WINDOWS\System32\drivers\InCDrec.sys -- (InCDrec) DRV - [2005.07.08 16:17:54 | 000,099,584 | ---- | M] (Nero AG) [File_System | Disabled | Running] -- C:\WINDOWS\System32\drivers\InCDfs.sys -- (InCDfs) DRV - [2005.07.08 16:17:36 | 000,029,696 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDpass.sys -- (InCDPass) DRV - [2005.07.08 16:17:31 | 000,028,672 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\InCDrm.sys -- (incdrm) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://isearch.avg.com/?cid={32D669D0-2BC1-4B33-ACBD-84BFD72EC50C}&mid=4fbf632af4de47d09501d15f3026af7b-b36cc4c10a19fda1a6a37effe023b75cffea14f8&lang=en&ds=qw011&pr=sa&d=2012-06-30 17:00:12&v=11.1.0.12&sap=hp IE - HKCU\..\URLSearchHook: {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\4.7\pdfforgeToolbarIE.dll (Spigot, Inc.) IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC IE - HKCU\..\SearchScopes\{0B7670F3-4BA8-4FD9-B9BE-92AB65FAE639}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms} IE - HKCU\..\SearchScopes\{2529F95D-5CF1-45C2-9FAD-EA470BEEC9C4}: "URL" = hxxp://go.1und1.de/suchbox/1und1suche?su={searchTerms} IE - HKCU\..\SearchScopes\{335F0779-FE9B-4F7D-A340-FED5EA191C7B}: "URL" = hxxp://search.live.com/results.aspx?FORM=IEFM1&q={searchTerms}&src=IE-SearchBox IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://go.web.de/suchbox/google?q={searchTerms} IE - HKCU\..\SearchScopes\{6C34B1FE-7653-4092-B69A-C2658982CF44}: "URL" = hxxp://go.web.de/suchbox/ebay?query={searchTerms} IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = hxxp://isearch.avg.com/search?cid={32D669D0-2BC1-4B33-ACBD-84BFD72EC50C}&mid=4fbf632af4de47d09501d15f3026af7b-b36cc4c10a19fda1a6a37effe023b75cffea14f8&lang=en&ds=qw011&pr=sa&d=2012-06-30 17:00:12&v=11.1.0.12&sap=dsp&q={searchTerms} IE - HKCU\..\SearchScopes\{CD00894A-82CD-4AC1-9A9C-81C1574EF54D}: "URL" = hxxp://go.1und1.de/suchbox/amazon?tag=1und1icon-21&field-keywords={searchTerms} IE - HKCU\..\SearchScopes\{F57594AD-0F09-4A72-8650-E74B8D68576F}: "URL" = hxxp://go.web.de/suchbox/google?q={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search" FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=827316&ilc=12" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.2.26 FF - prefs.js..extensions.enabledItems: pdfforge@mybrowserbar.com:4.7 FF - prefs.js..extensions.enabledItems: wtxpcom@mybrowserbar.com:4.7 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29 FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:6.0.0.10201 FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=827316&p=" FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_265.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Programme\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Programme\Gemeinsame Dateien\AVG Secure Search\SiteSafetyInstaller\11.2.0\\npsitesafety.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: C:\Programme\Picasa2\npPicasa2.dll File not found FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Programme\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Programme\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Programme\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Programme\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Programme\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Programme\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2010.04.18 18:03:12 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\avg@toolbar: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVG Secure Search\11.1.0.12\ [2012.06.30 17:00:27 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.07.13 13:19:20 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012.07.13 13:19:14 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Programme\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2010.04.18 18:03:13 | 000,000,000 | ---D | M] [2011.02.02 10:28:04 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Mozilla\Extensions [2012.06.26 13:04:29 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Mozilla\Firefox\Profiles\xbw050n0.default\extensions [2011.02.05 16:28:30 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Mozilla\Firefox\Profiles\xbw050n0.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2012.07.13 13:19:20 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.06.12 08:51:40 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012.06.15 00:19:07 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll [2011.10.03 06:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\mozilla firefox\plugins\npdeployJava1.dll [2012.06.15 00:46:57 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.06.30 17:00:03 | 000,003,750 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\avg-secure-search.xml [2012.06.15 00:46:56 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml [2012.06.15 00:46:57 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml [2012.06.15 00:46:57 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml [2012.06.15 00:46:57 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.15 00:46:56 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: 1und1 Suche () CHR - default_search_provider: search_url = hxxp://go.1und1.de/suchbox/1und1suche?su={searchTerms} CHR - default_search_provider: suggest_url = CHR - homepage: hxxp://www.google.com O1 HOSTS File: ([2011.12.23 13:13:18 | 000,440,018 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 127.0.0.1 1-2005-search.com O1 - Hosts: 15128 more lines... O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Ad-Aware Security Toolbar) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Programme\adawaretb\adawareDx.dll () O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found. O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Programme\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll () O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.) O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\4.7\pdfforgeToolbarIE.dll (Spigot, Inc.) O2 - BHO: (no name) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No CLSID value found. O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Programme\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O2 - BHO: (1&&1 Internet AG Browser Configuration by mquadr.at) - {D48FF4B4-E68F-47D1-8E25-81A0F0EEB341} - C:\WINDOWS\system32\ieconfig_1und1.dll (mquadr.at software engineering und consulting GmbH) O3 - HKLM\..\Toolbar: (Ad-Aware Security Toolbar) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Programme\adawaretb\adawareDx.dll () O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Programme\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Programme\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll () O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\4.7\pdfforgeToolbarIE.dll (Spigot, Inc.) O3 - HKLM\..\Toolbar: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found. O4 - HKLM..\Run: [Ad-Aware Antivirus] C:\Programme\Ad-Aware Antivirus\AdAwareLauncher.exe (Lavasoft Limited) O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft) O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [APSDaemon] C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [IntelAudioStudio] C:\Programme\Intel Audio Studio\IntelAudioStudio.exe (Intel Corporation) O4 - HKLM..\Run: [ISUSPM Startup] C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation) O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found O4 - HKLM..\Run: [msonem] rundll32.exe "C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\msonem.dll",CleanupGlobalTempFiles File not found O4 - HKLM..\Run: [SigmatelSysTrayApp] sttray.exe File not found O4 - HKLM..\Run: [StartCCC] C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [ToADiMon.exe] C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToADiMon.exe (Deutsche Telekom AG, Marmiko IT-Solutions GmbH) O4 - HKLM..\Run: [vProt] C:\Programme\AVG Secure Search\vprot.exe () O4 - HKCU..\Run: [PowerBar] File not found O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\EasySetPackage.lnk = C:\Programme\LG Soft India\EasySetPackage\bin\EasySetPackage.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Add to Windows &Live Favorites - hxxp://favorites.live.com/quickadd.aspx File not found O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O12 - Plugin for: .spop - C:\Programme\Internet Explorer\PLUGINS\NPDocBox.dll (Intertrust Technologies, Inc.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {AED98630-0251-4E83-917D-43A23D66D507} hxxp://activex.microgaming.com/DLHelper/version7/DLHelper.cab (Download Helper Class) O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} hxxp://ax.emsisoft.com/asquared.cab (a-squared Scanner) O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} hxxp://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx (CRLDownloadWrapper Class) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Programme\Gemeinsame Dateien\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll () O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.30 20:12:42 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.07.15 17:03:34 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Besitzer\Desktop\OTL.exe [2012.07.15 16:42:31 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Besitzer\Eigene Dateien\OTL.exe [2012.07.15 16:02:18 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\CCleaner [2012.07.15 16:01:59 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner [2012.07.15 16:00:15 | 003,889,704 | ---- | C] (Piriform Ltd) -- C:\Dokumente und Einstellungen\Besitzer\Eigene Dateien\ccsetup320.exe [2012.07.13 13:19:42 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Mozilla [2012.07.13 13:19:41 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Maintenance Service [2012.07.05 07:01:12 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Ad-Aware Antivirus [2012.07.04 20:55:20 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Anwendungsdaten\adaware [2012.07.04 16:50:08 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Ad-Aware Antivirus [2012.07.04 16:50:07 | 000,093,816 | ---- | C] (GFI Software) -- C:\WINDOWS\System32\drivers\sbhips.sys [2012.07.04 16:50:07 | 000,077,816 | ---- | C] (GFI Software) -- C:\WINDOWS\System32\drivers\sbapifs.sys [2012.07.04 16:50:07 | 000,021,240 | ---- | C] (GFI Software) -- C:\WINDOWS\System32\drivers\sbaphd.sys [2012.07.04 16:50:06 | 000,217,976 | ---- | C] (GFI Software) -- C:\WINDOWS\System32\drivers\sbtis.sys [2012.07.04 16:49:47 | 000,094,584 | ---- | C] (GFI Software) -- C:\WINDOWS\System32\drivers\SbFwIm.sys [2012.07.04 16:49:45 | 000,335,224 | ---- | C] (GFI Software) -- C:\WINDOWS\System32\drivers\SbFw.sys [2012.07.04 16:49:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\VDD [2012.07.04 16:49:39 | 000,000,000 | ---D | C] -- C:\Programme\Ad-Aware Antivirus [2012.07.04 16:39:39 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Ad-Aware Antivirus [2012.07.04 16:39:26 | 006,236,280 | ---- | C] (Lavasoft Limited) -- C:\Dokumente und Einstellungen\Besitzer\Eigene Dateien\Adaware_Installer.exe [2012.06.30 17:01:10 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Besitzer\Eigene Dateien\Any Video Converter [2012.06.30 17:00:52 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\AnvSoft [2012.06.30 17:00:33 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Anwendungsdaten\AVG Secure Search [2012.06.30 17:00:13 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\AVG Secure Search [2012.06.30 17:00:10 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVG Secure Search [2012.06.30 17:00:06 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\AVG Secure Search [2012.06.30 17:00:05 | 000,000,000 | ---D | C] -- C:\Programme\AVG Secure Search [2012.06.30 16:58:49 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Common Files [2012.06.30 16:58:41 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\AnvSoft [2012.06.30 16:58:27 | 000,000,000 | ---D | C] -- C:\Programme\AnvSoft [2012.06.30 16:57:17 | 029,522,488 | ---- | C] (Any-Video-Converter.com ) -- C:\Dokumente und Einstellungen\Besitzer\Eigene Dateien\avc-free.exe [2012.06.21 17:16:51 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\QuickTime [2012.06.21 17:16:31 | 000,000,000 | ---D | C] -- C:\Programme\QuickTime [2012.06.21 17:14:27 | 000,000,000 | ---D | C] -- C:\Programme\Apple Software Update [2012.06.06 09:58:51 | 033,269,216 | ---- | C] (RIB Software AG ) -- C:\Dokumente und Einstellungen\Besitzer\avasign400.exe [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.07.15 20:19:34 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2012.07.15 19:48:00 | 000,001,090 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2012.07.15 17:03:40 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Besitzer\Desktop\OTL.exe [2012.07.15 17:03:38 | 010,280,390 | ---- | M] () -- C:\Dokumente und Einstellungen\Besitzer\Eigene Dateien\vlc-0.8.6d-win32.exe [2012.07.15 16:42:34 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Besitzer\Eigene Dateien\OTL.exe [2012.07.15 16:33:42 | 000,004,096 | ---- | M] () -- C:\WINDOWS\System32\crash [2012.07.15 16:29:34 | 000,000,756 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk [2012.07.15 16:24:04 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012.07.15 16:21:41 | 000,001,587 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Ad-Aware Antivirus.lnk [2012.07.15 16:21:31 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2012.07.15 16:21:27 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012.07.15 16:02:17 | 000,000,654 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\CCleaner.lnk [2012.07.15 16:00:21 | 003,889,704 | ---- | M] (Piriform Ltd) -- C:\Dokumente und Einstellungen\Besitzer\Eigene Dateien\ccsetup320.exe [2012.07.15 15:02:18 | 000,027,423 | ---- | M] () -- C:\Dokumente und Einstellungen\Besitzer\Desktop\Fenster-Zus-st._2012-07-15.pdf [2012.07.15 15:02:13 | 000,089,199 | ---- | M] () -- C:\Dokumente und Einstellungen\Besitzer\Desktop\Fe-Detail-3_Müller_2012-07-14.pdf [2012.07.15 15:02:10 | 000,150,405 | ---- | M] () -- C:\Dokumente und Einstellungen\Besitzer\Desktop\Fe-Detail-2_Müller_2012-07-14.pdf [2012.07.15 15:02:05 | 000,177,689 | ---- | M] () -- C:\Dokumente und Einstellungen\Besitzer\Desktop\Fe-Detail-1_Müller_2012-07-14.pdf [2012.07.15 13:19:00 | 000,001,044 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job [2012.07.15 12:00:02 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Antivirus Scheduled Scan.job [2012.07.13 13:24:17 | 000,289,758 | ---- | M] () -- C:\Dokumente und Einstellungen\Besitzer\Desktop\geprüfte 1. ARE Fa. Meier.pdf [2012.07.13 13:24:15 | 000,144,889 | ---- | M] () -- C:\Dokumente und Einstellungen\Besitzer\Desktop\Rechnungsprüfung 1. ARE Fa. Meier.pdf [2012.07.13 13:19:46 | 000,000,696 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Mozilla Firefox.lnk [2012.07.13 09:05:00 | 000,000,470 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job [2012.07.13 08:40:35 | 004,503,728 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\go_0molg.pad [2012.07.12 22:43:33 | 000,001,904 | ---- | M] () -- C:\Dokumente und Einstellungen\Besitzer\Desktop\Entfernen des Avira DE-Cleaners.lnk [2012.07.12 22:43:33 | 000,001,833 | ---- | M] () -- C:\Dokumente und Einstellungen\Besitzer\Desktop\Avira DE-Cleaner.lnk [2012.07.12 22:43:19 | 000,883,840 | ---- | M] () -- C:\Dokumente und Einstellungen\Besitzer\Eigene Dateien\Avira-DE-Cleaner.exe [2012.07.12 18:24:20 | 000,001,616 | ---- | M] () -- C:\Dokumente und Einstellungen\Besitzer\Startmenü\Programme\Autostart\ctfmon.lnk [2012.07.12 11:41:40 | 000,002,243 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Skype.lnk [2012.07.11 10:43:48 | 002,545,098 | ---- | M] () -- C:\Dokumente und Einstellungen\Besitzer\Desktop\S36C-112071109520.pdf [2012.07.11 08:44:05 | 000,155,568 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2012.07.11 08:26:45 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2012.07.10 16:38:44 | 000,348,122 | ---- | M] () -- C:\Dokumente und Einstellungen\Besitzer\Desktop\Fensterverkleinert.bmp [2012.07.10 10:47:36 | 000,018,436 | ---- | M] () -- C:\Dokumente und Einstellungen\Besitzer\Desktop\heid88113956.pdf [2012.07.10 07:19:02 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2012.07.06 18:21:21 | 003,294,778 | ---- | M] () -- C:\Dokumente und Einstellungen\Besitzer\Desktop\120130_Planung_FE_NW_10a.pdf [2012.07.06 18:21:14 | 000,618,000 | ---- | M] () -- C:\Dokumente und Einstellungen\Besitzer\Desktop\120228_ANS_S+N.pdf [2012.07.06 18:21:10 | 000,682,125 | ---- | M] () -- C:\Dokumente und Einstellungen\Besitzer\Desktop\120627_Angebotsanfr_FE_NW-10a.pdf [2012.07.06 18:12:22 | 000,152,379 | ---- | M] () -- C:\Dokumente und Einstellungen\Besitzer\Desktop\Details BV Bennewitz.pdf [2012.07.06 17:56:58 | 000,169,984 | ---- | M] () -- C:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.07.04 20:55:46 | 000,000,012 | ---- | M] () -- C:\Dokumente und Einstellungen\Besitzer\Eigene Dateien\FSSC.dat [2012.07.04 16:39:35 | 006,236,280 | ---- | M] (Lavasoft Limited) -- C:\Dokumente und Einstellungen\Besitzer\Eigene Dateien\Adaware_Installer.exe [2012.07.04 09:49:03 | 000,028,229 | ---- | M] () -- C:\Dokumente und Einstellungen\Besitzer\Desktop\LV Auszug Bürgerhaus ME Küchen.pdf [2012.07.04 08:59:58 | 000,262,790 | ---- | M] () -- C:\Dokumente und Einstellungen\Besitzer\Desktop\Bürgerhaus ME Teeküche OG.pdf [2012.07.04 08:59:18 | 000,385,603 | ---- | M] () -- C:\Dokumente und Einstellungen\Besitzer\Desktop\Bürgerhaus ME Küche DG.pdf [2012.07.04 08:58:46 | 000,377,355 | ---- | M] () -- C:\Dokumente und Einstellungen\Besitzer\Desktop\Bürgerhaus ME Küche EG.pdf [2012.07.04 07:43:19 | 000,158,182 | ---- | M] () -- C:\Dokumente und Einstellungen\Besitzer\Desktop\MerkblattThermischerSpannungsbruch_132089_DE.pdf [2012.07.03 16:39:16 | 001,213,078 | ---- | M] () -- C:\Dokumente und Einstellungen\Besitzer\Desktop\Preisliste_2012 Cortex.pdf [2012.07.03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2012.07.03 09:08:00 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\rp_stats.dat [2012.07.03 09:08:00 | 000,000,044 | ---- | M] () -- C:\WINDOWS\System32\rp_rules.dat [2012.07.02 12:02:35 | 000,270,586 | ---- | M] () -- C:\Dokumente und Einstellungen\Besitzer\Desktop\133603.pdf [2012.06.30 16:58:00 | 029,522,488 | ---- | M] (Any-Video-Converter.com ) -- C:\Dokumente und Einstellungen\Besitzer\Eigene Dateien\avc-free.exe [2012.06.28 17:26:00 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2012.06.21 17:16:51 | 000,001,584 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\QuickTime Player.lnk [2012.06.21 16:58:38 | 000,156,107 | ---- | M] () -- C:\Dokumente und Einstellungen\Besitzer\Desktop\Angebot.pdf [2012.06.20 12:53:41 | 000,073,653 | ---- | M] () -- C:\Dokumente und Einstellungen\Besitzer\Desktop\Aufheizprotokoll und CM Messung Caliebe.pdf [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.07.15 16:02:16 | 000,000,654 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\CCleaner.lnk [2012.07.15 15:02:18 | 000,027,423 | ---- | C] () -- C:\Dokumente und Einstellungen\Besitzer\Desktop\Fenster-Zus-st._2012-07-15.pdf [2012.07.15 15:02:13 | 000,089,199 | ---- | C] () -- C:\Dokumente und Einstellungen\Besitzer\Desktop\Fe-Detail-3_Müller_2012-07-14.pdf [2012.07.15 15:02:09 | 000,150,405 | ---- | C] () -- C:\Dokumente und Einstellungen\Besitzer\Desktop\Fe-Detail-2_Müller_2012-07-14.pdf [2012.07.15 15:02:02 | 000,177,689 | ---- | C] () -- C:\Dokumente und Einstellungen\Besitzer\Desktop\Fe-Detail-1_Müller_2012-07-14.pdf [2012.07.13 13:24:17 | 000,289,758 | ---- | C] () -- C:\Dokumente und Einstellungen\Besitzer\Desktop\geprüfte 1. ARE Fa. Meier.pdf [2012.07.13 13:24:13 | 000,144,889 | ---- | C] () -- C:\Dokumente und Einstellungen\Besitzer\Desktop\Rechnungsprüfung 1. ARE Fa. Meier.pdf [2012.07.13 13:19:46 | 000,000,702 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Mozilla Firefox.lnk [2012.07.12 22:43:33 | 000,001,904 | ---- | C] () -- C:\Dokumente und Einstellungen\Besitzer\Desktop\Entfernen des Avira DE-Cleaners.lnk [2012.07.12 22:43:32 | 000,001,833 | ---- | C] () -- C:\Dokumente und Einstellungen\Besitzer\Desktop\Avira DE-Cleaner.lnk [2012.07.12 22:43:18 | 000,883,840 | ---- | C] () -- C:\Dokumente und Einstellungen\Besitzer\Eigene Dateien\Avira-DE-Cleaner.exe [2012.07.12 18:24:20 | 000,001,616 | ---- | C] () -- C:\Dokumente und Einstellungen\Besitzer\Startmenü\Programme\Autostart\ctfmon.lnk [2012.07.12 18:24:19 | 004,503,728 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\go_0molg.pad [2012.07.11 10:43:44 | 002,545,098 | ---- | C] () -- C:\Dokumente und Einstellungen\Besitzer\Desktop\S36C-112071109520.pdf [2012.07.10 16:38:43 | 000,348,122 | ---- | C] () -- C:\Dokumente und Einstellungen\Besitzer\Desktop\Fensterverkleinert.bmp [2012.07.10 10:47:35 | 000,018,436 | ---- | C] () -- C:\Dokumente und Einstellungen\Besitzer\Desktop\heid88113956.pdf [2012.07.06 18:21:16 | 003,294,778 | ---- | C] () -- C:\Dokumente und Einstellungen\Besitzer\Desktop\120130_Planung_FE_NW_10a.pdf [2012.07.06 18:21:13 | 000,618,000 | ---- | C] () -- C:\Dokumente und Einstellungen\Besitzer\Desktop\120228_ANS_S+N.pdf [2012.07.06 18:21:09 | 000,682,125 | ---- | C] () -- C:\Dokumente und Einstellungen\Besitzer\Desktop\120627_Angebotsanfr_FE_NW-10a.pdf [2012.07.06 18:12:22 | 000,152,379 | ---- | C] () -- C:\Dokumente und Einstellungen\Besitzer\Desktop\Details BV Bennewitz.pdf [2012.07.05 07:03:11 | 000,001,086 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Antivirus Scheduled Scan.job [2012.07.04 20:55:46 | 000,000,012 | ---- | C] () -- C:\Dokumente und Einstellungen\Besitzer\Eigene Dateien\FSSC.dat [2012.07.04 16:50:09 | 000,001,587 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Ad-Aware Antivirus.lnk [2012.07.04 09:48:59 | 000,028,229 | ---- | C] () -- C:\Dokumente und Einstellungen\Besitzer\Desktop\LV Auszug Bürgerhaus ME Küchen.pdf [2012.07.04 08:59:58 | 000,262,790 | ---- | C] () -- C:\Dokumente und Einstellungen\Besitzer\Desktop\Bürgerhaus ME Teeküche OG.pdf [2012.07.04 08:59:18 | 000,385,603 | ---- | C] () -- C:\Dokumente und Einstellungen\Besitzer\Desktop\Bürgerhaus ME Küche DG.pdf [2012.07.04 08:58:46 | 000,377,355 | ---- | C] () -- C:\Dokumente und Einstellungen\Besitzer\Desktop\Bürgerhaus ME Küche EG.pdf [2012.07.04 07:43:18 | 000,158,182 | ---- | C] () -- C:\Dokumente und Einstellungen\Besitzer\Desktop\MerkblattThermischerSpannungsbruch_132089_DE.pdf [2012.07.03 16:39:14 | 001,213,078 | ---- | C] () -- C:\Dokumente und Einstellungen\Besitzer\Desktop\Preisliste_2012 Cortex.pdf [2012.07.02 12:02:34 | 000,270,586 | ---- | C] () -- C:\Dokumente und Einstellungen\Besitzer\Desktop\133603.pdf [2012.06.21 17:16:51 | 000,001,584 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\QuickTime Player.lnk [2012.06.21 17:14:34 | 000,000,276 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2012.06.21 17:14:29 | 000,001,830 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Apple Software Update.lnk [2012.06.21 16:58:37 | 000,156,107 | ---- | C] () -- C:\Dokumente und Einstellungen\Besitzer\Desktop\Angebot.pdf [2012.06.20 12:53:41 | 000,073,653 | ---- | C] () -- C:\Dokumente und Einstellungen\Besitzer\Desktop\Aufheizprotokoll und CM Messung Caliebe.pdf [2012.04.26 12:19:53 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat [2012.04.26 12:19:51 | 000,601,728 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat [2012.04.26 12:19:51 | 000,000,003 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat [2012.04.12 07:59:02 | 000,000,037 | ---- | C] () -- C:\WINDOWS\System32\RBuilder.ini [2012.02.16 08:07:43 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2011.05.15 01:42:26 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat [2011.05.15 01:42:26 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat [2011.05.04 13:25:32 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\LGErrorHandler.dll [2011.03.09 11:16:42 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll [2011.02.02 09:28:30 | 000,003,565 | ---- | C] () -- C:\Dokumente und Einstellungen\Besitzer\.recently-used.xbel [2010.12.25 16:09:07 | 000,029,376 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat [2010.04.14 13:52:15 | 000,000,616 | ---- | C] () -- C:\Dokumente und Einstellungen\Besitzer\BieterModul.ini [2009.03.07 13:13:10 | 000,282,606 | ---- | C] () -- C:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Anwendungsdaten\mkici_nav.dat [2009.03.07 13:12:40 | 000,003,021 | ---- | C] () -- C:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Anwendungsdaten\mkici.dat [2009.03.07 13:12:40 | 000,001,920 | ---- | C] () -- C:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Anwendungsdaten\mkici_navps.dat [2006.10.20 17:55:27 | 000,169,984 | ---- | C] () -- C:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2006.10.06 07:05:24 | 000,000,141 | ---- | C] () -- C:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat [2006.10.02 19:07:17 | 000,040,960 | ---- | C] () -- C:\Programme\Uninstall_CDS.exe [2006.09.30 21:32:18 | 000,000,305 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\addr_file.html [2006.09.30 20:59:21 | 000,016,896 | ---- | C] () -- C:\Programme\Gemeinsame Dateien\so_icon_lib.dll ========== LOP Check ========== [2012.07.04 20:55:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ad-Aware Browsing Protection [2012.07.12 18:13:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVG Secure Search [2007.11.21 18:33:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Bluetooth [2010.12.23 08:50:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Buhl Data Service GmbH [2012.06.30 16:58:49 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Common Files [2009.03.03 18:53:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\IEConfiguration1und1 [2009.01.04 15:41:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\IsolatedStorage [2007.10.10 16:15:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MGS [2010.04.18 18:00:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\OviInstallerCache [2010.04.18 18:09:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Suite [2012.04.15 11:05:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\RavensburgerTipToi [2009.03.30 12:11:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\T-Online [2009.03.30 12:11:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\T-Online DSL-Manager [2006.10.05 23:10:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ulead Systems [2011.03.14 15:35:41 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{411234A5-A7C5-4628-A4D3-64C942F8C38C} [2010.12.25 15:58:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2007.06.16 08:18:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\1&1 [2012.07.06 07:33:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Ad-Aware Antivirus [2011.11.17 22:01:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\adawaretb [2012.06.30 17:00:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\AnvSoft [2012.06.30 17:00:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\AVG Secure Search [2010.12.23 08:50:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Buhl Data Service [2011.02.01 08:14:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Buhl Data Service GmbH [2011.06.17 07:12:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Foxit Software [2011.02.02 09:28:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\gtk-2.0 [2010.05.23 15:16:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Imaxel [2006.10.02 23:33:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\InterTrust [2006.09.30 20:59:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\InterVideo [2009.03.27 12:14:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Leadertech [2011.02.01 08:14:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\LetsTrade [2010.04.18 18:10:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Nokia [2011.04.18 16:46:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\ntr [2011.09.10 14:27:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\PC Suite [2011.03.11 12:20:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\pdfforge [2012.04.12 10:28:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\RavensburgerTipToi [2011.11.02 17:23:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Search Settings [2009.01.04 15:42:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\sizling [2009.04.01 07:01:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\T-Online [2012.04.26 12:01:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\TeamViewer [2012.07.15 12:00:02 | 000,001,086 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Antivirus Scheduled Scan.job [2012.07.13 09:05:00 | 000,000,470 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 15.07.2012 18:25:53 - Run 1
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Dokumente und Einstellungen\Besitzer\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1,98 Gb Total Physical Memory | 1,44 Gb Available Physical Memory | 72,66% Memory free
3,83 Gb Paging File | 3,17 Gb Available in Paging File | 82,84% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 232,88 Gb Total Space | 45,12 Gb Free Space | 19,38% Space Free | Partition Type: NTFS
Computer Name: MEIER | User Name: Besitzer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = htmlfile] -- c:\programme\t-online\t-online_software_6\browser\Browser.exe (Deutsche Telekom AG)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [open] -- c:\programme\t-online\t-online_software_6\browser\Browser.exe "%1" (Deutsche Telekom AG)
htmlfile [opennew] -- c:\programme\t-online\t-online_software_6\browser\Browser.exe "%1" (Deutsche Telekom AG)
http [open] -- c:\programme\t-online\t-online_software_6\browser\Browser.exe "%1" (Deutsche Telekom AG)
https [open] -- c:\programme\t-online\t-online_software_6\browser\Browser.exe "%1" (Deutsche Telekom AG)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1391:UDP" = 1391:UDP:*:Enabled:Windows Media Format SDK (BROWSER.EXE)
"1390:UDP" = 1390:UDP:*:Enabled:Windows Media Format SDK (BROWSER.EXE)
"1398:UDP" = 1398:UDP:*:Enabled:Windows Media Format SDK (BROWSER.EXE)
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\VectorWorks 11\VectorWorks.exe" = C:\Programme\VectorWorks 11\VectorWorks.exe:*:Disabled:VectorWorks Application -- (Nemetschek North America, Inc.)
"C:\Programme\eMule\emule.exe" = C:\Programme\eMule\emule.exe:*:Enabled:eMule
"C:\Programme\IVT Corporation\BlueSoleil\BlueSoleil.exe" = C:\Programme\IVT Corporation\BlueSoleil\BlueSoleil.exe:*:Enabled:BlueSoleil -- (IVT Corporation.)
"C:\Programme\TVUPlayer\TVUPlayer.exe" = C:\Programme\TVUPlayer\TVUPlayer.exe:*:Enabled:TVUPlayer Component
"C:\Programme\T-Online\T-Online_Software_6\Browser\dlman.exe" = C:\Programme\T-Online\T-Online_Software_6\Browser\dlman.exe:*:Enabled:T-Online Browser 6.0 Download Manager -- (Deutsche Telekom AG)
"C:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Temporary Internet Files\Content.IE5\0I9LGFTL\NTRsupport_99503[1].exe" = C:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Temporary Internet Files\Content.IE5\0I9LGFTL\NTRsupport_99503[1].exe:*:Enabled:NTRsupport
"C:\Programme\Google\Google Earth\client\googleearth.exe" = C:\Programme\Google\Google Earth\client\googleearth.exe:*:Disabled:Google Earth -- (Google)
"C:\Programme\Google\Google Earth\plugin\geplugin.exe" = C:\Programme\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth -- (Google)
"C:\Programme\adawaretb\dtUser.exe" = C:\Programme\adawaretb\dtUser.exe:*:Enabled:Ad-Aware Security Toolbar DTX Broker -- (Visicom Media Inc.)
"C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00DF228D-0F08-9C76-F2D9-2FB5000439EB}" = CCC Help Thai
"{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (CANTOR2005)
"{03D375B0-8750-5182-0F7A-2E7478EB53F6}" = CCC Help Finnish
"{03D4C700-2BFE-43E0-A0B4-9512B43C5B9F}" = Catalyst Control Center - Branding
"{04B7FE00-9D1E-FAB5-6AE3-9570CCF43058}" = CCC Help Japanese
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{07AC654E-38B1-410A-E655-7C7D975F9986}" = Catalyst Control Center InstallProxy
"{0A0873E1-D9BA-4994-B85D-A0A331EF1F0C}" = Intel(R) PRO Network Connections
"{0AF50818-4920-620E-C71B-7EE0440AE1EC}" = CCC Help Korean
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{11CF3ABC-DFB0-47DE-B31F-71CB995A12D7}_is1" = Mein Büro
"{13CEE5F4-1E7D-44F8-B77E-6B805680863F}" = Microsoft SQL Server 2008 R2 Native Client
"{1559D65C-9467-4CC7-B826-6CEFB73A6E45}" = Premium VoIP Offers
"{173C262F-8474-4118-8BF3-02BFDFA00AC9}" = UPE2009
"{18EC172E-2FBB-1C87-36D5-D87C3FF393D3}" = CCC Help French
"{1902A37F-C3F4-4984-AD67-81309B3B2E64}" = Diskeeper Home Edition
"{1962E9F3-7870-DA54-3A18-2669DF9DE216}" = ccc-utility
"{1C01FF9E-2267-4100-AD37-9162D698D160}" = Cantor 2010.2 Prerequisites
"{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Earth
"{1D9B22F5-D40C-38FA-46E4-11D8E0F0CB95}" = CCC Help Polish
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = Multimedia Launcher
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{21082652-1361-FA14-14C2-6048A6B30209}" = CCC Help Chinese Standard
"{2205E3A5-DCDC-461D-8ED6-D6F2341D3B64}" = Intel Audio Studio 2.0
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{22CFB202-3D2D-44E2-BB7C-6F703B99919B}" = pdfforge Toolbar v4.7
"{240D4AC7-F7BC-4B51-898E-E4CB86485ECE}" = Intel Audio Studio 2.0
"{24A4214B-819F-D5C8-3EB6-23098FD0E7E4}" = CCC Help Turkish
"{266725C1-716F-43AC-BBFB-4201131ED656}" = EasySetPackage
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 29
"{295C31E5-3F91-498E-9623-DA24D2FA2B6A}" = T-Online WLAN-Access Finder
"{29C699E7-103E-4DB0-BEBC-EEC36F24FDDC}" = UPE2011
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2D2B857A-2D9A-62EC-0C8B-143A67D44BAA}" = CCC Help Spanish
"{2EF095CE-24AF-4AAA-BB82-85F988EC51C0}" = 1und1 Internet Explorer Add-On
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{34F0D55F-C386-4195-9A5B-961D3F6ACD46}" = InterVideo MediaOne Gallery
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{356B2830-696A-888B-F501-9223ABF478FB}" = CCC Help Czech
"{3DECEA7E-BC27-5B1D-10CE-CB1BBA0DD4CA}" = Catalyst Control Center Graphics Previews Common
"{4112625F-2D38-49EF-924F-48511BC5CD34}" = SQL Server 2008 R2 Database Engine Services
"{41245369-03C6-873A-0E5A-F5296A1213B9}" = CCC Help Hungarian
"{41FADB1B-BCF0-4D97-8A6D-EC7A4A9E021E}" = Cantor Crystal Reports 10 Components
"{45EB96EE-AC25-5797-FAC5-78025043708F}" = Catalyst Control Center
"{47BE41E6-2F0F-4D17-9C2D-3850FFD9D405}" = Microsoft SQL Server VSS Writer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}" = Adobe® Photoshop® Album Starter Edition 3.0
"{4C9D82EB-9001-4E59-8F64-0BEEE5F4A30A}" = SQL Server 2008 R2 Database Engine Shared
"{4E1CD3D5-D4EE-4246-AE24-F0FD5A60390D}" = OviMPlatform
"{4FFD1AB4-54F0-4069-88D9-3A55B38F874B}" = Nokia Ovi Suite Software Updater
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{59CB0414-01D1-D394-5CD7-8A6845F45947}" = CCC Help Italian
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5A79D3F9-1EB9-424A-A4EB-721677E56740}" = Install Intel Desktop Utilities
"{60DED9C2-22BF-47A3-B6C8-6B141BA31DFD}" = Ovi Desktop Sync Engine
"{66615E72-0F55-4D4F-8320-DF89ABB39A95}" = Cantor Crystal Reports 11.5 Components
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6E0B6D9B-9C27-095E-33CE-057D2677C80F}" = CCC Help Russian
"{6FFC6CC9-56B4-428C-ADAF-AFEBF896EA22}" = Cantor Crystal Reports 11.5 Components V3
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{72DE3C67-FB48-450E-8BEA-4EB1B3B5355D}" = Microsoft SQL Server 2008 R2 Setup (English)
"{7397EDED-F38A-4654-B669-BF61065803D0}" = PC Connectivity Solution
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7803FC29-BB90-F52B-13F6-BC480DFB0ACD}" = CCC Help Swedish
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7ACCB284-D190-411B-B1B9-1DBD4BFDACE1}" = Unilux Partner EDV
"{7C8EAD2B-A954-4F73-AAFC-C3EC60D49ADA}" = Microsoft SQL Server 2008 R2 RsFx Driver
"{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent
"{841AEB60-5A7E-481E-93AD-F456065DE2F1}" = Cantor 2006.1 Prerequisites
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{881F5DE8-9367-4B81-A325-E91BBC6472F9}" = iTunes
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{8E9D738A-2C30-4574-90FE-E6B4F6065D48}" = Bluesoleil3.2.2.8 Release 070421
"{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (German) 12
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90A455A7-0FC8-4508-B7FA-8F135B8F041A}" = DSL-Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{911FEE13-483C-CABD-B024-993E97A07F18}" = CCC Help Dutch
"{93998800-1608-403F-9A51-420A77D23C25}" = Sql Server Customer Experience Improvement Program
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{986D042E-5211-3D34-0DB0-2FB3FFF00C39}" = CCC Help Danish
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A057B18B-71F3-7C99-5948-7727EC9C0923}" = CCC Help Portuguese
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{ABB2901A-3D0A-4F21-8324-2F13C3EFE163}" = LightScribe 1.4.62.1
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.1 - Deutsch
"{ACD8576E-C02F-0118-9D06-2E65BCEC3540}" = CCC Help English
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B1275E23-717A-4D52-997A-1AD1E24BC7F3}" = T-Online 6.0
"{B4089055-D468-45A4-A6BA-5A138DD715FC}" = Bing Bar
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{B8E9F8A1-9F4D-43D5-ABD6-1DF067FAA469}" = SQL Server 2008 R2 Database Engine Services
"{B97CF5C3-0487-11D8-A36E-0050BAE317E1}" = DVD Solution
"{B9C9DB4C-6D77-4AE9-AD1C-C708C23239A0}" = Nokia Connectivity Cable Driver
"{BBAAAD82-6242-420F-86D4-BD72BB5E6C86}" = Tools für Microsoft SQL Server 2005 Express Edition
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BF9BF038-FE03-429D-9B26-2FA0FD756052}" = Microsoft SQL Server Browser
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{CACEA8C8-3D38-4F51-953D-1E6FC3346FEF}" = SQL Server 2008 R2 Common Files
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CBBEDBF2-0095-A8BD-891E-E3245D388F90}" = CCC Help German
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D158588C-B6A4-636B-2A24-38C15EAD2D5C}" = Catalyst Control Center Localization All
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D441BD04-E548-4F8E-97A4-1B66135BAAA8}" = Microsoft SQL Server 2008 Setup Support Files
"{D638323B-6AEF-4190-ABB4-AF2F4AFE75DB}" = Cantor 2008.2 Prerequisites
"{D67107F9-3DFB-9D54-434B-028CA4F1ADF2}" = AMD Catalyst Install Manager
"{DBBD6080-FB66-FD07-EE8B-7B0D5EA509A9}" = CCC Help Chinese Traditional
"{DEE1E2E5-B553-4F88-9DE7-23CBEA5D739C}" = Nokia Ovi Suite
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.9
"{EFCEF949-9821-4759-A573-3EB8C857DF46}" = Windows Live Family Safety
"{F021CC0C-21C3-4038-AA4A-6E3CBC669CE8}" = SQL Server 2008 R2 Database Engine Shared
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F46E21DF-5BE1-48E2-8390-5EEA8B25E36A}" = Microsoft SQL Server Native Client
"{F89FD8CD-FC96-4F75-8376-3C3C292907D5}" = Intel Special Offers
"{FB53C441-9BF0-30F4-6537-F7A3F26058C5}" = CCC Help Norwegian
"{fc8208f2-b1c1-4253-9e89-d518e983b7bb}" = Ad-Aware Antivirus
"{FC835376-FF3B-4CAA-83E0-2148B3FB7C98}" = SQL Server 2008 R2 Common Files
"{FF34CC98-7A5D-FDA1-3EE9-CF628A45EA4F}" = CCC Help Greek
"1&1 EasyLogin" = 1&1 EasyLogin
"1und1 Internet Explorer Add-On" = 1und1 Internet Explorer Add-On
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"Ad-Aware Browsing Protection" = Ad-Aware Browsing Protection
"adawaretb" = Ad-Aware Security Toolbar
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Any Video Converter_is1" = Any Video Converter 3.3.9
"ava-sign 4.2.10.1919_is1" = ava-sign 4.2.10.1919 -
"ava-sign 4.2.7.1832_is1" = ava-sign 4.2.7.1832
"AVG Secure Search" = AVG Security Toolbar
"Avira AntiVir Desktop" = Avira Free Antivirus
"CadStd" = CadStd
"CCleaner" = CCleaner
"Fotobuchexpress24 - Fotobuch" = Fotobuchexpress24 - Fotobuch
"Google Updater" = Google Updater
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HECI" = Intel(R) Active Client Manager 2.0 HECI Driver
"Home Media Server 4.1.4.0067" = Home Media Server 4.1.4.0067
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InCD!UninstallKey" = InCD
"Installationsauswahl" = Installationsauswahl
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft SQL Server 10" = Microsoft SQL Server 2008 R2
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Microsoft SQL Server 2008 R2" = Microsoft SQL Server 2008 R2
"Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Nero - Burning Rom!UninstallKey" = Nero OEM
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Nokia Ovi Suite" = Nokia Ovi Suite
"Picasa 3" = Picasa 3
"SUPER ©" = SUPER © Version 2010.bld.37 (Jan 2, 2010)
"UPE 2000 5.3" = UPE 2000 5.3
"UPE 2000 5.3 Arbeitsplatz" = UPE 2000 5.3 Arbeitsplatz
"VectorWorks 11" = VectorWorks 11
"ventasoft Demo-Filme_is1" = Lernvideos für Bieter
"VLC media player" = VideoLAN VLC media player 0.8.6d
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinGimp-2.0_is1" = GIMP 2.6.4
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.11 (32-Bit)
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01007" = Microsoft User-Mode Driver Framework Feature Pack 1.7
"YASA VOB to MP4 Converter v3.9 (build 0059)" = YASA VOB to MP4 Converter v3.9 (build 0059)
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 13.07.2012 01:08:53 | Computer Name = MEIER | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung kernel.exe, Version 2.21.0.4, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 13.07.2012 01:09:13 | Computer Name = MEIER | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung kernel.exe, Version 2.21.0.4, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 13.07.2012 02:23:17 | Computer Name = MEIER | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung browser.exe, Version 6.7.0.4, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 13.07.2012 05:12:36 | Computer Name = MEIER | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung browser.exe, Version 6.7.0.4, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 15.07.2012 05:32:24 | Computer Name = MEIER | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung browser.exe, Version 6.13.150.3, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 15.07.2012 05:36:39 | Computer Name = MEIER | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung browser.exe, Version 6.13.150.3, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 15.07.2012 11:02:23 | Computer Name = MEIER | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung OTL.exe, Version 3.2.54.0, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 15.07.2012 11:03:04 | Computer Name = MEIER | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung OTL.exe, Version 3.2.54.0, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 15.07.2012 11:03:14 | Computer Name = MEIER | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung OTL.exe, Version 3.2.54.0, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 15.07.2012 11:46:59 | Computer Name = MEIER | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung OTL.exe, Version 3.2.54.0, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
[ OSession Events ]
Error - 13.04.2010 05:40:40 | Computer Name = MEIER | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1160
seconds with 1080 seconds of active time. This session ended with a crash.
Error - 01.04.2011 10:57:31 | Computer Name = MEIER | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 904
seconds with 780 seconds of active time. This session ended with a crash.
Error - 14.01.2012 14:20:59 | Computer Name = MEIER | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1726
seconds with 240 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 13.07.2012 03:36:50 | Computer Name = MEIER | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk1\D.
Error - 13.07.2012 03:36:54 | Computer Name = MEIER | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk1\D.
Error - 13.07.2012 03:36:59 | Computer Name = MEIER | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk1\D.
Error - 13.07.2012 03:37:03 | Computer Name = MEIER | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk1\D.
Error - 13.07.2012 03:37:07 | Computer Name = MEIER | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk1\D.
Error - 13.07.2012 04:17:36 | Computer Name = MEIER | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
Lbd
Error - 14.07.2012 04:16:52 | Computer Name = MEIER | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
Lbd
Error - 15.07.2012 05:19:06 | Computer Name = MEIER | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
Lbd
Error - 15.07.2012 09:32:53 | Computer Name = MEIER | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
Lbd
Error - 15.07.2012 10:23:12 | Computer Name = MEIER | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
Lbd
< End of report >
|
|
17.07.2012, 16:00
| #4 |
| /// Helfer-Team | GVU Trojaner inkl. rundll-Probleme beim Systemstart Fixen mit OTL Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).
Code:
ATTFilter :OTL
PRC - [2012.06.30 17:00:09 | 000,935,008 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
PRC - [2012.06.30 17:00:06 | 001,107,552 | ---- | M] () -- C:\Programme\AVG Secure Search\vprot.exe
PRC - [2012.05.30 13:56:52 | 003,048,136 | ---- | M] (Skype Technologies S.A.) -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2011.10.21 11:09:36 | 000,198,032 | ---- | M] (Lavasoft) -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ad-Aware Browsing Protection\adawarebp.exe
PRC - [2009.12.22 12:31:50 | 000,024,576 | ---- | M] () -- C:\Programme\LG Soft India\EasySetPackage\bin\TestDDCCI.exe
PRC - [2009.12.22 12:30:54 | 000,159,744 | ---- | M] () -- C:\Programme\LG Soft India\EasySetPackage\bin\EasySetPackage.exe
SRV - [2012.05.30 13:56:52 | 003,048,136 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKCU\..\URLSearchHook: {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\4.7\pdfforgeToolbarIE.dll (Spigot, Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKCU\..\SearchScopes\{0B7670F3-4BA8-4FD9-B9BE-92AB65FAE639}: "URL" = http://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms}
IE - HKCU\..\SearchScopes\{2529F95D-5CF1-45C2-9FAD-EA470BEEC9C4}: "URL" = http://go.1und1.de/suchbox/1und1suche?su={searchTerms}
IE - HKCU\..\SearchScopes\{335F0779-FE9B-4F7D-A340-FED5EA191C7B}: "URL" = http://search.live.com/results.aspx?FORM=IEFM1&q={searchTerms}&src=IE-SearchBox
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://go.web.de/suchbox/google?q={searchTerms}
IE - HKCU\..\SearchScopes\{6C34B1FE-7653-4092-B69A-C2658982CF44}: "URL" = http://go.web.de/suchbox/ebay?query={searchTerms}
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={32D669D0-2BC1-4B33-ACBD-84BFD72EC50C}&mid=4fbf632af4de47d09501d15f3026af7b-b36cc4c10a19fda1a6a37effe023b75cffea14f8&lang=en&ds=qw011&pr=sa&d=2012-06-30 17:00:12&v=11.1.0.12&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{CD00894A-82CD-4AC1-9A9C-81C1574EF54D}: "URL" = http://go.1und1.de/suchbox/amazon?tag=1und1icon-21&field-keywords={searchTerms}
IE - HKCU\..\SearchScopes\{F57594AD-0F09-4A72-8650-E74B8D68576F}: "URL" = http://go.web.de/suchbox/google?q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=827316&ilc=12"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.2.26
FF - prefs.js..extensions.enabledItems: pdfforge@mybrowserbar.com:4.7
FF - prefs.js..extensions.enabledItems: wtxpcom@mybrowserbar.com:4.7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:6.0.0.10201
FF - prefs.js..keyword.URL: "http://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=827316&p="
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\4.7\pdfforgeToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\4.7\pdfforgeToolbarIE.dll (Spigot, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [msonem] rundll32.exe "C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\msonem.dll",CleanupGlobalTempFiles File not found
O4 - HKLM..\Run: [SigmatelSysTrayApp] sttray.exe File not found
O4 - HKCU..\Run: [PowerBar] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O32 - HKLM CDRom: AutoRun - 1
[2012.07.13 08:40:35 | 004,503,728 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\go_0molg.pad
[2012.07.12 18:24:20 | 000,001,616 | ---- | M] () -- C:\Dokumente und Einstellungen\Besitzer\Startmenü\Programme\Autostart\ctfmon.lnk
[2012.07.12 18:24:20 | 000,001,616 | ---- | C] () -- C:\Dokumente und Einstellungen\Besitzer\Startmenü\Programme\Autostart\ctfmon.lnk
[2012.07.12 18:24:19 | 004,503,728 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\go_0molg.pad
:Files
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[emptyflash]
Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden. Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen! |
|
17.07.2012, 17:56
| #5 |
| | GVU Trojaner inkl. rundll-Probleme beim Systemstart Hallo, wiederum nochmals Danke. Anbei der Inhalt des Logfiles Code:
ATTFilter All processes killed
========== OTL ==========
No active process named ToolbarUpdater.exe was found!
No active process named vprot.exe was found!
No active process named c2c_service.exe was found!
No active process named adawarebp.exe was found!
No active process named TestDDCCI.exe was found!
No active process named EasySetPackage.exe was found!
Service Skype C2C Service stopped successfully!
Service Skype C2C Service deleted successfully!
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Skype\Toolbars\Skype C2C Service\c2c_service.exe moved successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{B922D405-6D13-4A2B-AE89-08A030DA4402} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ deleted successfully.
C:\Programme\pdfforge Toolbar\IE\4.7\pdfforgeToolbarIE.dll moved successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0B7670F3-4BA8-4FD9-B9BE-92AB65FAE639}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B7670F3-4BA8-4FD9-B9BE-92AB65FAE639}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2529F95D-5CF1-45C2-9FAD-EA470BEEC9C4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2529F95D-5CF1-45C2-9FAD-EA470BEEC9C4}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{335F0779-FE9B-4F7D-A340-FED5EA191C7B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{335F0779-FE9B-4F7D-A340-FED5EA191C7B}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6C34B1FE-7653-4092-B69A-C2658982CF44}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6C34B1FE-7653-4092-B69A-C2658982CF44}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CD00894A-82CD-4AC1-9A9C-81C1574EF54D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CD00894A-82CD-4AC1-9A9C-81C1574EF54D}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{F57594AD-0F09-4A72-8650-E74B8D68576F}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F57594AD-0F09-4A72-8650-E74B8D68576F}\ not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
Prefs.js: "AVG Secure Search" removed from browser.search.defaultenginename
Prefs.js: "chr-greentree_ff&type=827316&ilc=12" removed from browser.search.param.yahoo-fr
Prefs.js: "Google" removed from browser.search.selectedEngine
Prefs.js: jqs@sun.com:1.0 removed from extensions.enabledItems
Prefs.js: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.2.26 removed from extensions.enabledItems
Prefs.js: pdfforge@mybrowserbar.com:4.7 removed from extensions.enabledItems
Prefs.js: wtxpcom@mybrowserbar.com:4.7 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29 removed from extensions.enabledItems
Prefs.js: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:6.0.0.10201 removed from extensions.enabledItems
Prefs.js: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=827316&p=" removed from keyword.URL
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=3\ deleted successfully.
C:\Programme\Google\Update\1.3.21.115\npGoogleUpdate3.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=9\ deleted successfully.
File C:\Programme\Google\Update\1.3.21.115\npGoogleUpdate3.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ not found.
File C:\Programme\pdfforge Toolbar\IE\4.7\pdfforgeToolbarIE.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{B922D405-6D13-4A2B-AE89-08A030DA4402} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ not found.
File C:\Programme\pdfforge Toolbar\IE\4.7\pdfforgeToolbarIE.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C4069E3A-68F1-403E-B40E-20066696354B}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Ad-Aware Browsing Protection deleted successfully.
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ad-Aware Browsing Protection\adawarebp.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\KernelFaultCheck deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\msonem deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SigmatelSysTrayApp deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\PowerBar deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\HonorAutoRunSetting deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\WINDOWS\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\go_0molg.pad moved successfully.
C:\Dokumente und Einstellungen\Besitzer\Startmenü\Programme\Autostart\ctfmon.lnk moved successfully.
File C:\Dokumente und Einstellungen\Besitzer\Startmenü\Programme\Autostart\ctfmon.lnk not found.
File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\go_0molg.pad not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Auflösungscache wurde geleert.
C:\Dokumente und Einstellungen\Besitzer\Desktop\cmd.bat deleted successfully.
C:\Dokumente und Einstellungen\Besitzer\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Besitzer
->Temp folder emptied: 1046053854 bytes
->Temporary Internet Files folder emptied: 43265757 bytes
->Java cache emptied: 28645182 bytes
->FireFox cache emptied: 59872344 bytes
->Flash cache emptied: 1891179 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 83 bytes
User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 4482442 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2134333 bytes
%systemroot%\System32 .tmp files removed: 2951 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 5704129 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 1.137,00 mb
[EMPTYFLASH]
User: All Users
User: Besitzer
->Flash cache emptied: 0 bytes
User: Default User
->Flash cache emptied: 0 bytes
User: LocalService
User: NetworkService
Total Flash Files Cleaned = 0,00 mb
OTL by OldTimer - Version 3.2.54.0 log created on 07172012_184626
Files\Folders moved on Reboot...
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_7a8.dat not found!
PendingFileRenameOperations files...
File C:\WINDOWS\temp\Perflib_Perfdata_7a8.dat not found!
Registry entries deleted on Reboot...
|
|
17.07.2012, 19:36
| #6 |
| /// Helfer-Team | GVU Trojaner inkl. rundll-Probleme beim Systemstart Sehr gut!  Wie laeuft der Rechner? Downloade Dir bitte AdwCleaner auf deinen Desktop.
__________________ --> GVU Trojaner inkl. rundll-Probleme beim Systemstart |
|
18.07.2012, 06:10
| #7 |
| | GVU Trojaner inkl. rundll-Probleme beim Systemstart Hallo, der Rechner läuft jetzt wieder wie ein Schnitzel! Anbei die Logdatei! Code:
ATTFilter Folder Found : C:\Programme\Gemeinsame Dateien\spigot
File Found : C:\Programme\Mozilla Firefox\extensions\pdfforge@mybrowserbar.com
File Found : C:\Programme\Mozilla Firefox\extensions\wtxpcom@mybrowserbar.com
File Found : C:\Programme\Mozilla Firefox\searchplugins\avg-secure-search.xml
***** [Registry] *****
Key Found : HKCU\Software\AppDataLow\Software\pdfforge
Key Found : HKCU\Software\AppDataLow\Software\Search Settings
Key Found : HKCU\Software\AVG Secure Search
Key Found : HKCU\Software\IGearSettings
Key Found : HKLM\SOFTWARE\Application Updater
Key Found : HKLM\SOFTWARE\AVG Secure Search
Key Found : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Found : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Key Found : HKLM\SOFTWARE\Classes\S
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Key Found : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Found : HKLM\SOFTWARE\pdfforge
Key Found : HKLM\SOFTWARE\Search Settings
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
***** [Registre - GUID] *****
Key Found : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A3F2A195-0D11-463b-96BB-D2FF1B7490A1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{ECD0ECC6-DCA4-4013-A915-12355AB70999}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2D5E2D34-BED5-4B9F-9793-A31E26E6806E}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
***** [Internet Browsers] *****
-\\ Internet Explorer v8.0.6001.18702
[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://isearch.avg.com/?cid={32D669D0-2BC1-4B33-ACBD-84BFD72EC50C}&mid=4fbf632af4de47d09501d15f3026af7b-b36cc4c10a19fda1a6a37effe023b75cffea14f8&lang=en&ds=qw011&pr=sa&d=2012-06-30 17:00:12&v=11.1.0.12&sap=hp
[HKCU\Software\Microsoft\Internet Explorer\Main - Secondary Start Pages] = hxxp://isearch.avg.com/?cid={32D669D0-2BC1-4B33-ACBD-84BFD72EC50C}&mid=4fbf632af4de47d09501d15f3026af7b-b36cc4c10a19fda1a6a37effe023b75cffea14f8&lang=en&ds=qw011&pr=sa&d=2012-06-30 17:00:12&v=11.1.0.12&sap=hp
hxxp://isearch.avg.com/?cid={32D669D0-2BC1-4B33-ACBD-84BFD72EC50C}&mid=4fbf632af4de47d09501d15f3026af7b-b36cc4c10a19fda1a6a37effe023b75cffea14f8&lang=en&ds=qw011&pr=sa&d=2012-06-30 17:00:12&v=11.1.0.12&sap=hp
hxxp://isearch.avg.com/?cid={32D669D0-2BC1-4B33-ACBD-84BFD72EC50C}&mid=4fbf632af4de47d09501d15f3026af7b-b36cc4c10a19fda1a6a37effe023b75cffea14f8&lang=en&ds=qw011&pr=sa&d=2012-06-30 17:00:12&v=11.1.0.12&sap=hp
hxxp://isearch.avg.com/?cid={32D669D0-2BC1-4B33-ACBD-84BFD72EC50C}&mid=4fbf632af4de47d09501d15f3026af7b-b36cc4c10a19fda1a6a37effe023b75cffea14f8&lang=en&ds=qw011&pr=sa&d=2012-06-30 17:00:12&v=11.1.0.12&sap=hp
hxxp://isearch.avg.com/?cid={32D669D0-2BC1-4B33-ACBD-84BFD72EC50C}&mid=4fbf632af4de47d09501d15f3026af7b-b36cc4c10a19fda1a6a37effe023b75cffea14f8&lang=en&ds=qw011&pr=sa&d=2012-06-30 17:00:12&v=11.1.0.12&sap=hp
hxxp://isearch.avg.com/?cid={32D669D0-2BC1-4B33-ACBD-84BFD72EC50C}&mid=4fbf632af4de47d09501d15f3026af7b-b36cc4c10a19fda1a6a37effe023b75cffea14f8&lang=en&ds=qw011&pr=sa&d=2012-06-30 17:00:12&v=11.1.0.12&sap=hp
hxxp://isearch.avg.com/?cid={32D669D0-2BC1-4B33-ACBD-84BFD72EC50C}&mid=4fbf632af4de47d09501d15f3026af7b-b36cc4c10a19fda1a6a37effe023b75cffea14f8&lang=en&ds=qw011&pr=sa&d=2012-06-30 17:00:12&v=11.1.0.12&sap=hp
hxxp://isearch.avg.com/?cid={32D669D0-2BC1-4B33-ACBD-84BFD72EC50C}&mid=4fbf632af4de47d09501d15f3026af7b-b36cc4c10a19fda1a6a37effe023b75cffea14f8&lang=en&ds=qw011&pr=sa&d=2012-06-30 17:00:12&v=11.1.0.12&sap=hp
hxxp://www.1und1.de
[HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://isearch.avg.com/tab?cid={32D669D0-2BC1-4B33-ACBD-84BFD72EC50C}&mid=4fbf632af4de47d09501d15f3026af7b-b36cc4c10a19fda1a6a37effe023b75cffea14f8&lang=en&ds=qw011&pr=sa&d=2012-06-30 17:00:12&v=11.1.0.12&sap=nt
*************************
AdwCleaner[R1].txt - [7488 octets] - [18/07/2012 07:05:50]
########## EOF - C:\AdwCleaner[R1].txt - [7616 octets] ##########
|
|
18.07.2012, 08:13
| #8 |
| /// Helfer-Team | GVU Trojaner inkl. rundll-Probleme beim Systemstart Sehr gut!
danach: Malware-Scan mit Emsisoft Anti-Malware Lade die Gratisversion von => Emsisoft Anti-Malware herunter und installiere das Programm. Lade über Jetzt Updaten die aktuellen Signaturen herunter. Wähle den Freeware-Modus aus. Wähle Detail Scan und starte über den Button Scan die Überprüfung des Computers. Am Ende des Scans nichts loeschen lassen!. Mit Klick auf Bericht speichern das Logfile auf dem Desktop speichern und hier in den Thread posten. Anleitung: http://www.trojaner-board.de/103809-...i-malware.html |
|
18.07.2012, 18:33
| #9 |
| | GVU Trojaner inkl. rundll-Probleme beim Systemstart Hallo, anbei die gewünschten Logdateien. Code:
ATTFilter # AdwCleaner v1.702 - Logfile created 07/18/2012 at 15:10:28
# Updated 13/07/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Besitzer - MEIER
# Running from : C:\Dokumente und Einstellungen\Besitzer\Desktop\adwcleaner.exe
# Option [Delete]
***** [Services] *****
***** [Files / Folders] *****
Folder Deleted : C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\AVG Secure Search
Folder Deleted : C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\pdfforge
Folder Deleted : C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Search Settings
Folder Deleted : C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVG Secure Search
Folder Deleted : C:\Programme\Application Updater
Folder Deleted : C:\Programme\AVG Secure Search
Folder Deleted : C:\Programme\pdfforge Toolbar
Deleted on reboot : C:\Programme\Gemeinsame Dateien\AVG Secure Search
Folder Deleted : C:\Programme\Gemeinsame Dateien\spigot
File Deleted : C:\Programme\Mozilla Firefox\extensions\pdfforge@mybrowserbar.com
File Deleted : C:\Programme\Mozilla Firefox\extensions\wtxpcom@mybrowserbar.com
File Deleted : C:\Programme\Mozilla Firefox\searchplugins\avg-secure-search.xml
***** [Registry] *****
Key Deleted : HKCU\Software\AppDataLow\Software\pdfforge
Key Deleted : HKCU\Software\AppDataLow\Software\Search Settings
Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKCU\Software\IGearSettings
Key Deleted : HKLM\SOFTWARE\Application Updater
Key Deleted : HKLM\SOFTWARE\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SOFTWARE\pdfforge
Key Deleted : HKLM\SOFTWARE\Search Settings
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
***** [Registre - GUID] *****
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A3F2A195-0D11-463b-96BB-D2FF1B7490A1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{ECD0ECC6-DCA4-4013-A915-12355AB70999}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2D5E2D34-BED5-4B9F-9793-A31E26E6806E}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
***** [Internet Browsers] *****
-\\ Internet Explorer v8.0.6001.18702
Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://isearch.avg.com/?cid={32D669D0-2BC1-4B33-ACBD-84BFD72EC50C}&mid=4fbf632af4de47d09501d15f3026af7b-b36cc4c10a19fda1a6a37effe023b75cffea14f8&lang=en&ds=qw011&pr=sa&d=2012-06-30 17:00:12&v=11.1.0.12&sap=hp --> hxxp://www.google.com
Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Secondary Start Pages] = hxxp://isearch.avg.com/?cid={32D669D0-2BC1-4B33-ACBD-84BFD72EC50C}&mid=4fbf632af4de47d09501d15f3026af7b-b36cc4c10a19fda1a6a37effe023b75cffea14f8&lang=en&ds=qw011&pr=sa&d=2012-06-30 17:00:12&v=11.1.0.12&sap=hp
hxxp://isearch.avg.com/?cid={32D669D0-2BC1-4B33-ACBD-84BFD72EC50C}&mid=4fbf632af4de47d09501d15f3026af7b-b36cc4c10a19fda1a6a37effe023b75cffea14f8&lang=en&ds=qw011&pr=sa&d=2012-06-30 17:00:12&v=11.1.0.12&sap=hp
hxxp://isearch.avg.com/?cid={32D669D0-2BC1-4B33-ACBD-84BFD72EC50C}&mid=4fbf632af4de47d09501d15f3026af7b-b36cc4c10a19fda1a6a37effe023b75cffea14f8&lang=en&ds=qw011&pr=sa&d=2012-06-30 17:00:12&v=11.1.0.12&sap=hp
hxxp://isearch.avg.com/?cid={32D669D0-2BC1-4B33-ACBD-84BFD72EC50C}&mid=4fbf632af4de47d09501d15f3026af7b-b36cc4c10a19fda1a6a37effe023b75cffea14f8&lang=en&ds=qw011&pr=sa&d=2012-06-30 17:00:12&v=11.1.0.12&sap=hp
hxxp://isearch.avg.com/?cid={32D669D0-2BC1-4B33-ACBD-84BFD72EC50C}&mid=4fbf632af4de47d09501d15f3026af7b-b36cc4c10a19fda1a6a37effe023b75cffea14f8&lang=en&ds=qw011&pr=sa&d=2012-06-30 17:00:12&v=11.1.0.12&sap=hp
hxxp://isearch.avg.com/?cid={32D669D0-2BC1-4B33-ACBD-84BFD72EC50C}&mid=4fbf632af4de47d09501d15f3026af7b-b36cc4c10a19fda1a6a37effe023b75cffea14f8&lang=en&ds=qw011&pr=sa&d=2012-06-30 17:00:12&v=11.1.0.12&sap=hp
hxxp://isearch.avg.com/?cid={32D669D0-2BC1-4B33-ACBD-84BFD72EC50C}&mid=4fbf632af4de47d09501d15f3026af7b-b36cc4c10a19fda1a6a37effe023b75cffea14f8&lang=en&ds=qw011&pr=sa&d=2012-06-30 17:00:12&v=11.1.0.12&sap=hp
hxxp://isearch.avg.com/?cid={32D669D0-2BC1-4B33-ACBD-84BFD72EC50C}&mid=4fbf632af4de47d09501d15f3026af7b-b36cc4c10a19fda1a6a37effe023b75cffea14f8&lang=en&ds=qw011&pr=sa&d=2012-06-30 17:00:12&v=11.1.0.12&sap=hp
hxxp://www.1und1.de --> hxxp://www.google.com
Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://isearch.avg.com/tab?cid={32D669D0-2BC1-4B33-ACBD-84BFD72EC50C}&mid=4fbf632af4de47d09501d15f3026af7b-b36cc4c10a19fda1a6a37effe023b75cffea14f8&lang=en&ds=qw011&pr=sa&d=2012-06-30 17:00:12&v=11.1.0.12&sap=nt --> hxxp://www.google.com
*************************
AdwCleaner[R1].txt - [7617 octets] - [18/07/2012 07:05:50]
AdwCleaner[S1].txt - [7784 octets] - [18/07/2012 15:10:28]
########## EOF - C:\AdwCleaner[S1].txt - [7912 octets] ##########
Code:
ATTFilter Emsisoft Anti-Malware - Version 6.6
Letztes Update: 18.07.2012 15:28:52
Scan Einstellungen:
Scan Methode: Detail Scan
Objekte: Rootkits, Speicher, Traces, C:\
Archiv Scan: An
ADS Scan: An
Scan Beginn: 18.07.2012 15:29:23
C:\System Volume Information\_restore{09B6A9D9-D5C9-4C38-9F74-23241906A064}\RP1820\A0209842.exe gefunden: SoftwareBundler.Win32.KaZaA!E2
C:\Programme\T-Online\T-Online_Software_6\Messenger\Clean.exe gefunden: Trojan.SuspectCRC!E2
C:\Dokumente und Einstellungen\Besitzer\Desktop\Sicherung\Programme\MediaLoads\v1\ML.exe gefunden: AdWare.Win32.MediaLoads!E2
C:\Dokumente und Einstellungen\Besitzer\Desktop\Sicherung\Dokumente und Einstellungen\Klaus\Lokale Einstellungen\Temp\Temporary Internet Files\Content.IE5\GDE3OHYB\0518[1].htm gefunden: AdWare.JS.CountXES!E2
Gescannt 699161
Gefunden 4
Scan Ende: 18.07.2012 19:25:50
Scan Zeit: 3:56:27
|
|
18.07.2012, 20:49
| #10 |
| /// Helfer-Team | GVU Trojaner inkl. rundll-Probleme beim Systemstart Sehr gut! Lasse die Funde loeschen danach: Hinweis: ESET zeigt durchaus öfter ein paar Fehlalarme. Deswegen soll auch von ESET immer nur erst das Log gepostet und nichts entfernt werden. ESET Online Scanner
Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
|
|
19.07.2012, 09:02
| #11 |
| | GVU Trojaner inkl. rundll-Probleme beim Systemstart Hallo, die Funde von Emsisoft waren nicht mehr da. Hab´s nochmal drüberlaufen lassen, hat nichts mehr gefunden! Anbei der gewünschte Log Code:
ATTFilter ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# BROWSER.EXE=6.13.150.3
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=d9438a796e00474ca529ae0aadb24d4c
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-07-19 07:49:20
# local_time=2012-07-19 09:49:20 (+0100, Westeuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1792 16777175 100 0 3000603 3000603 0 0
# compatibility_mode=8192 67108863 100 0 257 257 0 0
# scanned=275536
# found=1
# cleaned=0
# scan_time=9497
C:\_OTL\MovedFiles\07172012_184626\C_Programme\pdfforge Toolbar\IE\4.7\pdfforgeToolbarIE.dll a variant of Win32/Toolbar.Widgi application (unable to clean) 00000000000000000000000000000000 I
|
|
19.07.2012, 09:28
| #12 |
| /// Helfer-Team | GVU Trojaner inkl. rundll-Probleme beim Systemstart Sehr gut! damit bist Du sauber und entlassen!  Tool-Bereinigung mit OTL Wir werden nun die CleanUp!-Funktion von OTL nutzen, um die meisten Programme, die wir zur Bereinigung installiert haben, wieder von Deinem System zu löschen.
Lektuere zum abarbeiten: http://www.trojaner-board.de/90880-d...tallation.html http://www.trojaner-board.de/105213-...tellungen.html PluginCheck http://www.trojaner-board.de/96344-a...-rechners.html Secunia Online Software Inspector http://www.trojaner-board.de/71715-k...iendungen.html http://www.trojaner-board.de/83238-a...sschalten.html |
|
20.07.2012, 06:07
| #13 |
| | GVU Trojaner inkl. rundll-Probleme beim Systemstart Ok, vielen Dank nochmals!  |
|
| Themen zu GVU Trojaner inkl. rundll-Probleme beim Systemstart |
| anwendungsdaten, avira, besitzer, bessere, cftmon.lnk, cleaner, dokumente, einstellungen, fehler beim laden glom0_og.exe, folgendes, go_0molg.pad, gvu trojaner, gvu trojaner entfernen, gvu trojaner entfernen windows xp, gvu trojaner mit webcam, hänge, laden, manuel, systems, systemstart, trojaner, webcam gvu trojaner, webcamfenster, worte |
Hybrid-Darstellung
