Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
GVU Trojaner 2.07 - Win7 32 BIT Ultimate - Logfiles anbei

GVU Trojaner 2.07 - Win7 32 BIT Ultimate - Logfiles anbei


Log-Analyse und Auswertung: GVU Trojaner 2.07 - Win7 32 BIT Ultimate - Logfiles anbei

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 16.07.2012, 15:09   #1
Snoopy-Dog
 
GVU Trojaner 2.07 - Win7 32 BIT Ultimate - Logfiles anbei - Standard

GVU Trojaner 2.07 - Win7 32 BIT Ultimate - Logfiles anbei


Hallo Zusammen,

ich habe mir heute den nervigen GVU Trojaner 2.07 eingefangen und brauche dringend Hilfe.

Hab das Ding mit Anti-Malware entfernt.

Log davon hier:

Code:
ATTFilter
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.07.16.07

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Martin :: WALLACE [Administrator]

16.07.2012 13:44:27
mbam-log-2012-07-16 (13-44-27).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 246301
Laufzeit: 5 Minute(n), 8 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 2
G:\Users\Martin\AppData\Local\Temp\fest0r_ot.exe (Spyware.Zbot.DG) -> Erfolgreich gelöscht und in Quarantäne gestellt.
G:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk (Trojan.Ransom.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
Hier das Log von OTL:

Code:
ATTFilter
OTL logfile created on: 7/16/2012 3:27:58 PM - Run 1
OTL by OldTimer - Version 3.2.54.0     Folder = G:\Users\Tanja\Downloads
 Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy
 
3.25 Gb Total Physical Memory | 1.62 Gb Available Physical Memory | 49.73% Memory free
6.50 Gb Paging File | 4.68 Gb Available in Paging File | 72.08% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = G: | %SystemRoot% = G:\Windows | %ProgramFiles% = G:\Program Files
Drive C: | 292.97 Gb Total Space | 62.97 Gb Free Space | 21.49% Space Free | Partition Type: NTFS
Drive D: | 292.97 Gb Total Space | 67.97 Gb Free Space | 23.20% Space Free | Partition Type: NTFS
Drive G: | 112.69 Gb Total Space | 5.86 Gb Free Space | 5.20% Space Free | Partition Type: NTFS
Drive I: | 976.56 Gb Total Space | 10.59 Gb Free Space | 1.08% Space Free | Partition Type: NTFS
Drive J: | 7.79 Gb Total Space | 7.72 Gb Free Space | 99.15% Space Free | Partition Type: NTFS
 
Computer Name: WALLACE | User Name: Martin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - G:\Users\Tanja\Downloads\OTL.exe (OldTimer Tools)
PRC - G:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe (Adobe Systems, Inc.)
PRC - G:\Program Files\AVG\AVG2012\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
PRC - G:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - G:\Program Files\AVG\AVG2012\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - G:\Program Files\AVG\AVG2012\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - G:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - G:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - G:\Program Files\AVG\AVG2012\avgemcx.exe (AVG Technologies CZ, s.r.o.)
PRC - G:\Program Files\Samsung\AllShare\AllShareDMS\AllShareDMS.exe (Samsung Electronics Co., Ltd.)
PRC - G:\Program Files\Samsung\AllShare\AllShareAgent.exe (Samsung Electronics Co., Ltd.)
PRC - G:\Program Files\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - G:\Program Files\AVG\AVG2012\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - G:\Windows\explorer.exe (Microsoft Corporation)
PRC - G:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
PRC - G:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - G:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe (Adobe Systems Inc.)
PRC - G:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
PRC - G:\Windows\System32\atieclxx.exe (AMD)
PRC - G:\Windows\System32\atiesrxx.exe (AMD)
PRC - G:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
PRC - G:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
PRC - G:\Program Files\ATI\ATI.ACE\Core-Static\MOM.exe (Advanced Micro Devices Inc.)
PRC - G:\Program Files\ATI\ATI.ACE\Core-Static\CCC.exe (ATI Technologies Inc.)
 
 
========== Modules (No Company Name) ==========
 
MOD - G:\Windows\System32\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
MOD - G:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\26e0457a9776a0e9f23e3986686d90a5\System.ServiceProcess.ni.dll ()
MOD - G:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\00a4922fbf869a79c043b665035516b6\System.Windows.Forms.ni.dll ()
MOD - G:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\a501b7960f6c6e2e39162b83f3303aaa\System.Web.ni.dll ()
MOD - G:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll ()
MOD - G:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll ()
MOD - G:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\b7de318e9fd1ef519ca6c1f3b5dba8e0\PresentationCore.ni.dll ()
MOD - G:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\a6e37a05b8d0cedbc5c3ea266ae3fc31\WindowsBase.ni.dll ()
MOD - G:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\4230ed1c7990e4ee8352baf67a2a85fa\System.Drawing.ni.dll ()
MOD - G:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll ()
MOD - G:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll ()
MOD - G:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll ()
MOD - G:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll ()
MOD - G:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll ()
MOD - G:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\63bc6e391de5014965039e100ce1e9d5\System.Runtime.Remoting.ni.dll ()
MOD - G:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\a84262e1224189f93e10cd3c403a9527\System.Configuration.ni.dll ()
MOD - G:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\9abe44a0f82070ead5f1256683a4d25a\System.Xml.ni.dll ()
MOD - G:\Windows\assembly\NativeImages_v4.0.30319_32\System\a6be120e49f895ef6b00e9918402395b\System.ni.dll ()
MOD - G:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\c1af4ec9a36f671617a8ecaec00373f4\mscorlib.ni.dll ()
MOD - G:\Program Files\Mozilla Firefox\mozjs.dll ()
MOD - G:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - G:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - G:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - G:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll ()
MOD - G:\Program Files\Adobe\Acrobat 10.0\Acrobat\Locale\de_DE\AcroTray.DEU ()
MOD - G:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager2.Graphics.Wizard\2.0.3685.42422__90ba9c70f846762e\CLI.Aspect.DisplaysManager2.Graphics.Wizard.dll ()
MOD - G:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Wizard\2.0.3685.42339__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Wizard.dll ()
MOD - G:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3685.42379__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll ()
MOD - G:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3685.42249__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll ()
MOD - G:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Wizard\2.0.3685.42359__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Wizard.dll ()
MOD - G:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3685.42279__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll ()
MOD - G:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3685.42353__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll ()
MOD - G:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3685.42324__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll ()
MOD - G:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3685.42310__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll ()
MOD - G:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3685.42271__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll ()
MOD - G:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3685.42263__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll ()
MOD - G:\Windows\assembly\GAC_MSIL\CLI.Caste.HydraVision.Runtime\2.0.3685.42396__90ba9c70f846762e\CLI.Caste.HydraVision.Runtime.dll ()
MOD - G:\Windows\assembly\GAC_MSIL\CLI.Caste.HydraVision.Shared\2.0.3685.42395__90ba9c70f846762e\CLI.Caste.HydraVision.Shared.dll ()
MOD - G:\Windows\assembly\GAC_MSIL\CLI.Caste.HydraVision.Wizard\2.0.3685.42400__90ba9c70f846762e\CLI.Caste.HydraVision.Wizard.dll ()
MOD - G:\Windows\assembly\GAC_MSIL\CLI.Caste.HydraVision.Dashboard\2.0.3685.42396__90ba9c70f846762e\CLI.Caste.HydraVision.Dashboard.dll ()
MOD - G:\Windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Dashboard\2.0.3685.42394__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Dashboard.dll ()
MOD - G:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3685.42331__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll ()
MOD - G:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3685.42332__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll ()
MOD - G:\Windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Runtime\2.0.3685.42394__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Runtime.dll ()
MOD - G:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3685.42261__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll ()
MOD - G:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3685.42380__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll ()
MOD - G:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3685.42330__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll ()
MOD - G:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Runtime\2.0.3685.42422__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Runtime.dll ()
MOD - G:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager2.Graphics.Dashboard\2.0.3685.42418__90ba9c70f846762e\CLI.Aspect.DisplaysManager2.Graphics.Dashboard.dll ()
MOD - G:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3685.42313__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll ()
MOD - G:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Dashboard\2.0.3685.42354__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Dashboard.dll ()
MOD - G:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Dashboard\2.0.3685.42326__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Dashboard.dll ()
MOD - G:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3685.42280__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll ()
MOD - G:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3685.42344__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll ()
MOD - G:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3685.42311__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll ()
MOD - G:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3685.42305__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll ()
MOD - G:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll ()
MOD - G:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3685.42279__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll ()
MOD - G:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3685.42312__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll ()
MOD - G:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3685.42320__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll ()
MOD - G:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3685.42310__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll ()
MOD - G:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3685.42312__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll ()
MOD - G:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3685.42319__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll ()
MOD - G:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3685.42284__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll ()
MOD - G:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3685.42321__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll ()
MOD - G:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.3685.42237__90ba9c70f846762e\CLI.Foundation.dll ()
MOD - G:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll ()
MOD - G:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.3685.42235__90ba9c70f846762e\LOG.Foundation.dll ()
MOD - G:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3685.42371__90ba9c70f846762e\CLI.Foundation.XManifest.dll ()
MOD - G:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0703\2.0.2651.18802__90ba9c70f846762e\DEM.Graphics.I0703.dll ()
MOD - G:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll ()
MOD - G:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll ()
MOD - G:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3685.42236__90ba9c70f846762e\NEWAEM.Foundation.dll ()
MOD - G:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3685.42241__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll ()
MOD - G:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll ()
MOD - G:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3685.42236__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll ()
MOD - G:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.3685.42247__90ba9c70f846762e\DEM.Graphics.dll ()
MOD - G:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3685.42377__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll ()
MOD - G:\Windows\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3685.42244__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll ()
MOD - G:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.3685.42240__90ba9c70f846762e\MOM.Foundation.dll ()
MOD - G:\Windows\assembly\GAC_MSIL\AEM.Plugin.REG.Shared\2.0.3685.42387__90ba9c70f846762e\AEM.Plugin.REG.Shared.dll ()
MOD - G:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3685.42248__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll ()
MOD - G:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3685.42244__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll ()
MOD - G:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3685.42239__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll ()
MOD - G:\Windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Shared\2.0.3685.42393__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Shared.dll ()
MOD - G:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3685.42330__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll ()
MOD - G:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3685.42378__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll ()
MOD - G:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3685.42238__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll ()
MOD - G:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3685.42238__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll ()
MOD - G:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3685.42270__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll ()
MOD - G:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3685.42261__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll ()
MOD - G:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Shared\2.0.3685.42379__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Shared.dll ()
MOD - G:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3685.42238__90ba9c70f846762e\CLI.Component.Client.Shared.dll ()
MOD - G:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3685.42243__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll ()
MOD - G:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3685.42352__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll ()
MOD - G:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3685.42300__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll ()
MOD - G:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3685.42276__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll ()
MOD - G:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3685.42310__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll ()
MOD - G:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3685.42261__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll ()
MOD - G:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3685.42323__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll ()
MOD - G:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3685.42262__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll ()
MOD - G:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3685.42262__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll ()
MOD - G:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3685.42275__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll ()
MOD - G:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3685.42319__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll ()
MOD - G:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3685.42248__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll ()
MOD - G:\Windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Implementation\2.0.3685.42415__90ba9c70f846762e\ResourceManagement.Foundation.Implementation.dll ()
MOD - G:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3685.42364__90ba9c70f846762e\CLI.Component.Systemtray.dll ()
MOD - G:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3685.42270__90ba9c70f846762e\CLI.Component.Wizard.dll ()
MOD - G:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3685.42372__90ba9c70f846762e\MOM.Implementation.dll ()
MOD - G:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3685.42369__90ba9c70f846762e\LOG.Foundation.Implementation.dll ()
MOD - G:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3685.42246__90ba9c70f846762e\CLI.Component.Runtime.dll ()
MOD - G:\Windows\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3685.42247__90ba9c70f846762e\CLI.Component.SkinFactory.dll ()
MOD - G:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3685.42245__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll ()
MOD - G:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3685.42387__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll ()
MOD - G:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3685.42241__90ba9c70f846762e\CLI.Foundation.Private.dll ()
MOD - G:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3685.42239__90ba9c70f846762e\LOG.Foundation.Private.dll ()
MOD - G:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3685.42240__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll ()
MOD - G:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.3685.42237__90ba9c70f846762e\APM.Foundation.dll ()
MOD - G:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3685.42269__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll ()
MOD - G:\Windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Private\2.0.3685.42246__90ba9c70f846762e\ResourceManagement.Foundation.Private.dll ()
MOD - G:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3685.42245__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll ()
MOD - G:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3685.42243__90ba9c70f846762e\AEM.Server.Shared.dll ()
MOD - G:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3685.42256__90ba9c70f846762e\CLI.Component.Dashboard.dll ()
MOD - G:\Windows\assembly\GAC_MSIL\APM.Server\2.0.3685.42242__90ba9c70f846762e\APM.Server.dll ()
MOD - G:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.3685.42244__90ba9c70f846762e\AEM.Server.dll ()
MOD - G:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3685.42254__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll ()
MOD - G:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll ()
MOD - G:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3685.42371__90ba9c70f846762e\CCC.Implementation.dll ()
MOD - G:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3685.42255__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll ()
MOD - G:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3685.42277__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll ()
MOD - G:\Program Files\ATI\ATI.ACE\Branding\Branding.dll ()
MOD - G:\Program Files\Common Files\LightScribe\QtGui4.dll ()
MOD - G:\Program Files\Common Files\LightScribe\QtCore4.dll ()
MOD - G:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (AdobeFlashPlayerUpdateSvc) -- G:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AVGIDSAgent) -- G:\Program Files\AVG\AVG2012\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
SRV - (Steam Client Service) -- G:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (SkypeUpdate) -- G:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (MozillaMaintenance) -- G:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (SamsungAllShareV2.0) -- G:\Program Files\Samsung\AllShare\AllShareDMS\AllShareDMS.exe (Samsung Electronics Co., Ltd.)
SRV - (SimpleSlideShowServer) -- G:\Program Files\Samsung\AllShare\AllShareSlideShowService.exe (Samsung Electronics Co., Ltd.)
SRV - (avgwd) -- G:\Program Files\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (AMD External Events Utility) -- G:\Windows\System32\atiesrxx.exe (AMD)
SRV - (Fabs) -- G:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
SRV - (SensrSvc) -- G:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- G:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- G:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (Nero BackItUp Scheduler 4.0) -- G:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (FirebirdServerMAGIXInstance) -- G:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe (MAGIX®)
SRV - (WcesComm) -- G:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- G:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (VGPU) -- System32\drivers\rdvgkmd.sys File not found
DRV - (tsusbhub) -- system32\drivers\tsusbhub.sys File not found
DRV - (Synth3dVsc) -- System32\drivers\synth3dvsc.sys File not found
DRV - (StarOpen) --  File not found
DRV - (jgjklf) -- G:\Windows\System32\drivers\yrjqvosb.sys ()
DRV - (MBAMSwissArmy) -- G:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (AVGIDSHX) -- G:\Windows\System32\drivers\avgidshx.sys (AVG Technologies CZ, s.r.o. )
DRV - (Avgtdix) -- G:\Windows\System32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgldx86) -- G:\Windows\System32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgrkx86) -- G:\Windows\System32\drivers\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgmfx86) -- G:\Windows\System32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSShim) -- G:\Windows\System32\drivers\avgidsshimx.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSFilter) -- G:\Windows\System32\drivers\avgidsfilterx.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSDriver) -- G:\Windows\System32\drivers\avgidsdriverx.sys (AVG Technologies CZ, s.r.o. )
DRV - (vpcvmm) -- G:\Windows\System32\drivers\vpcvmm.sys (Microsoft Corporation)
DRV - (vpcbus) -- G:\Windows\System32\drivers\vpchbus.sys (Microsoft Corporation)
DRV - (vmbus) -- G:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- G:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- G:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (vpcusb) -- G:\Windows\System32\drivers\vpcusb.sys (Microsoft Corporation)
DRV - (vpcnfltr) -- G:\Windows\System32\drivers\vpcnfltr.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- G:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (RdpVideoMiniport) -- G:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV - (WinUsb) -- G:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (VMBusHID) -- G:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- G:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (AnyDVD) -- G:\Windows\System32\drivers\AnyDVD.sys (SlySoft, Inc.)
DRV - (tbhsd) -- G:\Windows\System32\drivers\tbhsd.sys (RapidSolution Software AG)
DRV - (RRNetCapMP) -- G:\Windows\System32\drivers\rrnetcap.sys (RapidSolution Software AG)
DRV - (RRNetCap) -- G:\Windows\System32\drivers\rrnetcap.sys (RapidSolution Software AG)
DRV - (SCDEmu) -- G:\Windows\System32\drivers\scdemu.sys (PowerISO Computing, Inc.)
DRV - (SKYNET) -- G:\Windows\System32\drivers\SkyNET.sys (TechniSat Digital, S.A.)
DRV - (atikmdag) -- G:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (amdkmdag) -- G:\Windows\System32\drivers\atipmdag.sys (ATI Technologies Inc.)
DRV - (amdkmdap) -- G:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV - (AtiHdmiService) -- G:\Windows\System32\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV - (L1E) NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller(NDIS6.20) -- G:\Windows\System32\drivers\L1E62x86.sys (Atheros Communications, Inc.)
DRV - (mcdbus) -- G:\Windows\System32\drivers\mcdbus.sys (MagicISO, Inc.)
DRV - (ovt530) -- G:\Windows\System32\drivers\ov530vid.sys (OmniVision Technologies, Inc.)
DRV - (MTsensor) -- G:\Windows\System32\drivers\ASACPI.sys ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 90 2F 62 CD 59 4E CD 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{D4261820-1F3A-47B3-8570-B857B6CB1DC6}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=302398&p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: G:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: G:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: G:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: G:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: G:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@logitech.com/HarmonyRemote,version=1.0.0: G:\Program Files\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll (Logitech Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: G:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: G:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: G:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@rim.com/npappworld: G:\Program Files\Research In Motion Limited\BlackBerry App World Browser Plugin\npappworld.dll ()
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: G:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: G:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: G:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: G:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: G:\Programme\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: G:\Users\Martin\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: G:\Users\Martin\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: G:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2011/11/01 17:23:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: G:\Program Files\AVG\AVG2012\Firefox\DoNotTrack\ [2012/07/03 17:27:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: G:\Program Files\Mozilla Firefox\components [2012/06/01 22:05:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: G:\Program Files\Mozilla Firefox\plugins [2012/06/01 22:05:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: G:\Programme\Mozilla Firefox\components [2012/06/01 22:05:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: G:\Programme\Mozilla Firefox\plugins [2012/06/01 22:05:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.2pre\extensions\\Components: G:\Programme\Mozilla Firefox\components [2012/06/01 22:05:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.2pre\extensions\\Plugins: G:\Programme\Mozilla Firefox\plugins [2012/06/01 22:05:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Components: G:\Program Files\Mozilla Thunderbird\components [2012/06/19 11:51:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Plugins: G:\Program Files\Mozilla Thunderbird\plugins [2012/06/01 22:05:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\avgthb@avg.com: G:\Program Files\AVG\AVG2012\Thunderbird\ [2012/01/29 21:07:45 | 000,000,000 | ---D | M]
 
[2011/06/30 23:27:53 | 000,000,000 | ---D | M] (No name found) -- G:\Users\Martin\AppData\Roaming\mozilla\Extensions
[2010/03/13 14:33:41 | 000,000,000 | ---D | M] (No name found) -- G:\Users\Martin\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011/06/30 23:27:53 | 000,000,000 | ---D | M] (No name found) -- G:\Users\Martin\AppData\Roaming\mozilla\Extensions\ideskbrowser@haufe.de
[2012/07/06 18:08:21 | 000,000,000 | ---D | M] (No name found) -- G:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\2bb36brz.default\extensions
[2012/05/23 23:09:56 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- G:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\2bb36brz.default\extensions\ich@maltegoetz.de
[2012/03/24 23:36:53 | 000,000,000 | ---D | M] (No name found) -- G:\Program Files\Mozilla Firefox\extensions
[2012/04/20 23:20:50 | 000,000,000 | ---D | M] (Skype Click to Call) -- G:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/05/12 19:21:17 | 000,097,208 | ---- | M] (Mozilla Foundation) -- G:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/03/17 12:39:38 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- G:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/03/24 23:36:48 | 000,001,392 | ---- | M] () -- G:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/03/24 23:36:48 | 000,002,252 | ---- | M] () -- G:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/03/24 23:36:48 | 000,001,153 | ---- | M] () -- G:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012/03/24 23:36:48 | 000,006,805 | ---- | M] () -- G:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012/03/24 23:36:48 | 000,001,178 | ---- | M] () -- G:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/03/24 23:36:48 | 000,001,105 | ---- | M] () -- G:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage: hxxp://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms},
CHR - homepage: hxxp://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = G:\Users\Martin\AppData\Local\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = G:\Users\Martin\AppData\Local\Google\Chrome\Application\20.0.1132.57\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = G:\Users\Martin\AppData\Local\Google\Chrome\Application\20.0.1132.57\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = G:\Users\Martin\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = G:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Skype Toolbars (Enabled) = G:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = G:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = G:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Microsoft Office 2003 (Enabled) = G:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
CHR - plugin: Adobe Acrobat (Enabled) = G:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = G:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = G:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = G:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = G:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = G:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = G:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = G:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = G:\Programme\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
CHR - plugin: Orbit Downloader (Enabled) = G:\Users\Martin\AppData\Local\Google\Chrome\Application\plugins\nporbit.dll
CHR - plugin: RIM Handheld Application Loader (Enabled) = G:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
CHR - plugin: Google Earth Plugin (Enabled) = G:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = G:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Harmony Firefox Plugin (Enabled) = G:\Program Files\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll
CHR - plugin: Silverlight Plug-In (Enabled) = G:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: BlackBerry AppWorld (Enabled) = G:\Program Files\Research In Motion Limited\BlackBerry App World Browser Plugin\npappworld.dll
CHR - plugin: VLC Web Plugin (Enabled) = G:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = G:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = G:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - Extension: YouTube = G:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Adblock Plus (Beta) = G:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.2_0\
CHR - Extension: Google-Suche = G:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Die Siedler Online = G:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijmhcglhfdnepmdeelgjfdjckclajkha\1.0.1_0\
CHR - Extension: Skype Click to Call = G:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\
CHR - Extension: Google Maps = G:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh\5.2.4_0\
CHR - Extension: AVG Do Not Track = G:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.0.0.2166_0\
CHR - Extension: Google Mail = G:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2011/11/01 17:15:38 | 000,000,854 | ---- | M]) - G:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 activate.adobe.com
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - G:\Program Files\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - G:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - G:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - G:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - G:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - G:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - G:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - G:\Program Files\Orbitdownloader\GrabPro.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - G:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - G:\Program Files\Orbitdownloader\GrabPro.dll ()
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] G:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [AllShareAgent] G:\Program Files\Samsung\AllShare\AllShareAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [APSDaemon] G:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_TRAY] G:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [LexwareInfoService] G:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Haufe-Lexware GmbH & Co. KG)
O4 - HKLM..\Run: [PWRISOVM.EXE] G:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] G:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
O4 - HKLM..\Run: [StartCCC] G:\Program Files\ATI\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TrayServer] G:\Program Files\MAGIX\Video_deluxe_17_Premium_Download-Version\Trayserver.exe (MAGIX AG)
O4 - HKCU..\Run: [AnyDVD] G:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe (SlySoft, Inc.)
O4 - HKCU..\Run: [PureSync] G:\Program Files\PureSync\PureSyncTray.exe (Jumping Bytes)
O4 - HKCU..\Run: [Steam] "J:\Steam\Steam.exe" -silent File not found
O4 - HKCU..\Run: [Xvid] G:\Program Files\Xvid\CheckUpdate.exe ()
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] G:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware  (cleanup)] G:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll (Malwarebytes Corporation)
O4 - Startup: G:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Server4PC.lnk = G:\Program Files\TechniSat DVB\bin\Server4PC.exe (TechniSat Digital, S.A.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0
O8 - Extra context menu item: &Download by Orbit - G:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Grab video by Orbit - G:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - G:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Do&wnload selected by Orbit - G:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - G:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: In Adobe PDF konvertieren - G:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - G:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - G:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: @G:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - G:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @G:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - G:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - G:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - G:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - G:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - G:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 0.0.0.0
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{32D1B32D-1E3D-4E60-9EB4-35A17E650A21}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D862476E-33DA-4984-AB9F-E51E31F5632E}: DhcpNameServer = 0.0.0.0
O18 - Protocol\Handler\haufereader - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - G:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - G:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - G:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (AnyDiscHelp.dll) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - G:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (G:\Windows\system32\userinit.exe) - G:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - G:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/12/07 22:31:39 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - G:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{07212baf-96ca-11e1-8b04-002354083de4}\Shell - "" = AutoRun
O33 - MountPoints2\{07212baf-96ca-11e1-8b04-002354083de4}\Shell\AutoRun\command - "" = J:\pushinst.exe
O33 - MountPoints2\{1c5f7181-7d40-11df-a3f5-002354083de4}\Shell - "" = AutoRun
O33 - MountPoints2\{1c5f7181-7d40-11df-a3f5-002354083de4}\Shell\AutoRun\command - "" = P:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (G:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/07/16 13:43:50 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- G:\Windows\System32\drivers\mbamswissarmy.sys
[2012/07/16 13:43:50 | 000,000,000 | ---D | C] -- G:\Users\Martin\AppData\Roaming\Malwarebytes
[2012/07/16 13:43:40 | 000,000,000 | ---D | C] -- G:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/07/16 13:43:40 | 000,000,000 | ---D | C] -- G:\ProgramData\Malwarebytes
[2012/07/16 13:43:39 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- G:\Windows\System32\drivers\mbam.sys
[2012/07/16 13:43:39 | 000,000,000 | ---D | C] -- G:\Program Files\Malwarebytes' Anti-Malware
[2012/07/13 13:40:48 | 002,382,848 | ---- | C] (Microsoft Corporation) -- G:\Windows\System32\mshtml.tlb
[2012/07/13 13:40:47 | 001,800,192 | ---- | C] (Microsoft Corporation) -- G:\Windows\System32\jscript9.dll
[2012/07/13 13:40:47 | 000,176,640 | ---- | C] (Microsoft Corporation) -- G:\Windows\System32\ieui.dll
[2012/07/13 13:40:47 | 000,142,848 | ---- | C] (Microsoft Corporation) -- G:\Windows\System32\ieUnatt.exe
[2012/07/13 13:40:47 | 000,065,024 | ---- | C] (Microsoft Corporation) -- G:\Windows\System32\jsproxy.dll
[2012/07/13 13:40:46 | 001,427,968 | ---- | C] (Microsoft Corporation) -- G:\Windows\System32\inetcpl.cpl
[2012/07/13 13:40:46 | 000,231,936 | ---- | C] (Microsoft Corporation) -- G:\Windows\System32\url.dll
[2012/07/13 13:38:36 | 002,345,984 | ---- | C] (Microsoft Corporation) -- G:\Windows\System32\win32k.sys
[2012/07/13 13:38:02 | 000,805,376 | ---- | C] (Microsoft Corporation) -- G:\Windows\System32\cdosys.dll
[2012/07/13 13:37:58 | 000,002,048 | ---- | C] (Microsoft Corporation) -- G:\Windows\System32\msxml3r.dll
[2012/07/13 13:37:57 | 000,219,136 | ---- | C] (Microsoft Corporation) -- G:\Windows\System32\ncrypt.dll
[2012/07/12 22:50:49 | 000,000,000 | ---D | C] -- G:\Users\Martin\Documents\ArmA 2 Other Profiles
[2012/07/08 14:00:24 | 000,000,000 | ---D | C] -- G:\Users\Martin\AppData\Roaming\TS3Client
[2012/07/08 13:59:45 | 000,000,000 | ---D | C] -- G:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
[2012/07/06 20:31:04 | 000,000,000 | ---D | C] -- G:\Users\Martin\AppData\Local\ArmA 2 OA
[2012/07/06 18:08:16 | 000,000,000 | ---D | C] -- G:\ProgramData\Microsoft\Windows\Start Menu\Programs\Orbit
[2012/07/06 11:10:31 | 000,000,000 | ---D | C] -- G:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2012/06/30 14:57:14 | 000,000,000 | ---D | C] -- G:\ProgramData\Microsoft\Windows\Start Menu\Programs\PureSync
[2012/06/30 14:37:28 | 002,422,272 | ---- | C] (Microsoft Corporation) -- G:\Windows\System32\wucltux.dll
[2012/06/30 14:37:28 | 000,045,080 | ---- | C] (Microsoft Corporation) -- G:\Windows\System32\wups2.dll
[2012/06/30 14:37:22 | 000,577,048 | ---- | C] (Microsoft Corporation) -- G:\Windows\System32\wuapi.dll
[2012/06/30 14:37:22 | 000,088,576 | ---- | C] (Microsoft Corporation) -- G:\Windows\System32\wudriver.dll
[2012/06/30 14:37:22 | 000,035,864 | ---- | C] (Microsoft Corporation) -- G:\Windows\System32\wups.dll
[2012/06/30 14:37:14 | 000,171,904 | ---- | C] (Microsoft Corporation) -- G:\Windows\System32\wuwebv.dll
[2012/06/30 14:37:14 | 000,033,792 | ---- | C] (Microsoft Corporation) -- G:\Windows\System32\wuapp.exe
[2012/06/23 16:05:35 | 000,000,000 | ---D | C] -- G:\Users\Martin\AppData\Local\Macromedia
 
========== Files - Modified Within 30 Days ==========
 
[2012/07/16 15:09:05 | 000,054,016 | ---- | M] () -- G:\Windows\System32\drivers\yrjqvosb.sys
[2012/07/16 15:00:00 | 000,001,124 | ---- | M] () -- G:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4004331714-992687181-2945927093-1001UA.job
[2012/07/16 14:56:00 | 000,001,098 | ---- | M] () -- G:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/07/16 14:55:00 | 000,000,884 | ---- | M] () -- G:\Windows\tasks\Adobe Flash Player Updater.job
[2012/07/16 13:44:04 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- G:\Windows\System32\drivers\mbamswissarmy.sys
[2012/07/16 13:43:40 | 000,001,036 | ---- | M] () -- G:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012/07/16 13:42:56 | 004,503,728 | ---- | M] () -- G:\ProgramData\to_r0tsef.pad
[2012/07/16 13:37:05 | 000,001,094 | ---- | M] () -- G:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/07/16 10:41:34 | 000,016,944 | -H-- | M] () -- G:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/16 10:41:34 | 000,016,944 | -H-- | M] () -- G:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/16 10:37:03 | 101,553,324 | ---- | M] () -- G:\Windows\System32\drivers\AVG\incavi.avm
[2012/07/16 10:33:36 | 000,067,584 | --S- | M] () -- G:\Windows\bootstat.dat
[2012/07/16 10:33:34 | 2616,496,128 | -HS- | M] () -- G:\hiberfil.sys
[2012/07/14 17:57:15 | 000,720,996 | ---- | M] () -- G:\Windows\System32\perfh007.dat
[2012/07/14 17:57:15 | 000,661,704 | ---- | M] () -- G:\Windows\System32\perfh009.dat
[2012/07/14 17:57:15 | 000,158,094 | ---- | M] () -- G:\Windows\System32\perfc007.dat
[2012/07/14 17:57:15 | 000,130,408 | ---- | M] () -- G:\Windows\System32\perfc009.dat
[2012/07/13 20:00:00 | 000,001,072 | ---- | M] () -- G:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4004331714-992687181-2945927093-1001Core.job
[2012/07/13 17:36:02 | 000,431,568 | ---- | M] () -- G:\Windows\System32\FNTCACHE.DAT
[2012/07/12 20:55:13 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- G:\Windows\System32\FlashPlayerApp.exe
[2012/07/12 20:55:13 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- G:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/07/12 20:02:10 | 000,002,409 | ---- | M] () -- G:\Users\Martin\Desktop\Google Chrome.lnk
[2012/07/08 13:59:45 | 000,000,764 | ---- | M] () -- G:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
[2012/07/06 18:08:16 | 000,000,978 | ---- | M] () -- G:\Users\Martin\Desktop\Orbit.lnk
[2012/07/06 11:10:31 | 000,000,920 | ---- | M] () -- G:\Users\Public\Desktop\AVG 2012.lnk
[2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- G:\Windows\System32\drivers\mbam.sys
[2012/06/30 14:57:14 | 000,000,864 | ---- | M] () -- G:\Users\Public\Desktop\PureSync.lnk
[2012/06/29 00:39:37 | 000,178,357 | ---- | M] () -- G:\Windows\System32\drivers\AVG\iavichjg.avm
 
========== Files Created - No Company Name ==========
 
[2012/07/16 15:09:05 | 000,054,016 | ---- | C] () -- G:\Windows\System32\drivers\yrjqvosb.sys
[2012/07/16 13:43:40 | 000,001,036 | ---- | C] () -- G:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012/07/16 11:31:04 | 004,503,728 | ---- | C] () -- G:\ProgramData\to_r0tsef.pad
[2012/07/08 13:59:45 | 000,000,764 | ---- | C] () -- G:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
[2012/07/06 11:34:05 | 000,000,884 | ---- | C] () -- G:\Windows\tasks\Adobe Flash Player Updater.job
[2011/06/14 21:23:56 | 000,645,632 | ---- | C] () -- G:\Windows\System32\xvidcore.dll
[2011/06/14 21:23:56 | 000,240,640 | ---- | C] () -- G:\Windows\System32\xvidvfw.dll
[2011/03/05 15:52:23 | 000,080,896 | ---- | C] () -- G:\Windows\System32\RDVGHelper.exe
[2011/03/05 15:51:48 | 000,066,048 | ---- | C] () -- G:\Windows\System32\PrintBrmUi.exe
[2011/01/03 23:19:00 | 000,022,328 | ---- | C] () -- G:\Windows\System32\drivers\PnkBstrK.sys
[2011/01/03 23:18:45 | 000,022,328 | ---- | C] () -- G:\Users\Martin\AppData\Roaming\PnkBstrK.sys
[2011/01/03 23:18:16 | 000,103,736 | ---- | C] () -- G:\Windows\System32\PnkBstrB.exe
[2011/01/03 23:18:15 | 000,669,184 | ---- | C] () -- G:\Windows\System32\pbsvc.exe
[2011/01/03 23:18:15 | 000,066,872 | ---- | C] () -- G:\Windows\System32\PnkBstrA.exe
[2010/11/07 01:02:02 | 000,015,873 | ---- | C] () -- G:\Windows\System32\Inetde.dll
[2010/10/14 02:36:44 | 000,179,263 | ---- | C] () -- G:\Windows\System32\xlive.dll.cat
[2010/08/29 21:32:08 | 000,000,056 | -H-- | C] () -- G:\ProgramData\ezsidmv.dat
[2010/08/25 21:41:10 | 000,001,436 | ---- | C] () -- G:\Users\Martin\.recently-used.xbel
[2010/08/10 18:07:02 | 000,000,142 | ---- | C] () -- G:\Users\Martin\AppData\Roaming\default.rss
[2010/07/23 21:41:30 | 000,000,032 | ---- | C] () -- G:\Windows\CD_Start.INI
[2010/07/21 22:06:54 | 000,116,224 | ---- | C] () -- G:\Windows\System32\pdfcmnnt.dll
[2010/07/04 20:53:54 | 000,006,266 | -HS- | C] () -- G:\ProgramData\KGyGaAvL.sys
[2010/07/04 20:53:54 | 000,000,008 | RHS- | C] () -- G:\ProgramData\D0F605A352.sys
[2010/04/29 17:20:36 | 000,000,040 | -HS- | C] () -- G:\ProgramData\.zreglib
[2010/04/09 15:16:05 | 000,030,208 | ---- | C] () -- G:\Users\Martin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/06 13:38:34 | 000,007,597 | ---- | C] () -- G:\Users\Martin\AppData\Local\Resmon.ResmonCfg
[2010/03/15 15:53:13 | 000,032,768 | ---- | C] () -- G:\Program Files\FritzReNew.exe
[2010/03/13 15:14:30 | 000,001,385 | ---- | C] () -- G:\Users\Martin\AppData\Roaming\mdbu.bin

< End of report >

Für schnelle Hilfe vorab vielen Dank.

Snoopy (alias Martin)

Alt 16.07.2012, 16:05   #2
t'john
/// Helfer-Team
 
GVU Trojaner 2.07 - Win7 32 BIT Ultimate - Logfiles anbei - Standard

GVU Trojaner 2.07 - Win7 32 BIT Ultimate - Logfiles anbei




Fixen mit OTL

Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).

  • Deaktiviere etwaige Virenscanner wie Avira, Kaspersky etc.
  • Starte die OTL.exe.
    Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
  • Kopiere folgendes Skript in das Textfeld unterhalb von Benuterdefinierte Scans/Fixes:


Code:
ATTFilter
:OTL
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC 
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} 
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC 
IE - HKCU\..\SearchScopes\{D4261820-1F3A-47B3-8570-B857B6CB1DC6}: "URL" = http://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=302398&p={searchTerms} 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local 
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: G:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) 
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: G:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) 
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: G:\Users\Martin\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) 
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: G:\Users\Martin\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) 
CHR - plugin: Google Update (Enabled) = G:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll 
O4 - HKLM..\Run: [] File not found 
O4 - HKCU..\Run: [Steam] "J:\Steam\Steam.exe" -silent File not found 
O4 - HKCU..\Run: [Xvid] G:\Program Files\Xvid\CheckUpdate.exe () 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0 
O32 - HKLM CDRom: AutoRun - 1 
O33 - MountPoints2\{07212baf-96ca-11e1-8b04-002354083de4}\Shell - "" = AutoRun 
O33 - MountPoints2\{07212baf-96ca-11e1-8b04-002354083de4}\Shell\AutoRun\command - "" = J:\pushinst.exe 
O33 - MountPoints2\{1c5f7181-7d40-11df-a3f5-002354083de4}\Shell - "" = AutoRun 
O33 - MountPoints2\{1c5f7181-7d40-11df-a3f5-002354083de4}\Shell\AutoRun\command - "" = P:\LaunchU3.exe -a 
[2010/07/04 20:53:54 | 000,000,008 | RHS- | C] () -- G:\ProgramData\D0F605A352.sys 
[2012/07/16 15:00:00 | 000,001,124 | ---- | M] () -- G:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4004331714-992687181-2945927093-1001UA.job 
[2012/07/16 14:56:00 | 000,001,098 | ---- | M] () -- G:\Windows\tasks\GoogleUpdateTaskMachineUA.job 
[2012/07/16 14:55:00 | 000,000,884 | ---- | M] () -- G:\Windows\tasks\Adobe Flash Player Updater.job 
[2012/07/16 13:42:56 | 004,503,728 | ---- | M] () -- G:\ProgramData\to_r0tsef.pad 
[2012/07/16 13:37:05 | 000,001,094 | ---- | M] () -- G:\Windows\tasks\GoogleUpdateTaskMachineCore.job 
[2012/07/13 20:00:00 | 000,001,072 | ---- | M] () -- G:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4004331714-992687181-2945927093-1001Core.job 
[2012/07/16 11:31:04 | 004,503,728 | ---- | C] () -- G:\ProgramData\to_r0tsef.pad 
[2012/07/06 11:34:05 | 000,000,884 | ---- | C] () -- G:\Windows\tasks\Adobe Flash Player Updater.job 
[2010/07/04 20:53:54 | 000,006,266 | -HS- | C] () -- G:\ProgramData\KGyGaAvL.sys 
[2010/07/04 20:53:54 | 000,000,008 | RHS- | C] () -- G:\ProgramData\D0F605A352.sys 
:Files

ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[emptyflash]
  • Schließe alle Programme.
  • Klicke auf den Fix Button.
  • Wenn OTL einen Neustart verlangt, bitte zulassen.
  • Kopiere den Inhalt des Logfiles hier in Code-Tags in Deinen Thread.
    Nachträglich kannst Du das Logfile hier einsehen => C:\_OTL\MovedFiles\

Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!
__________________

__________________
Alt 16.07.2012, 20:44   #3
Snoopy-Dog
 
GVU Trojaner 2.07 - Win7 32 BIT Ultimate - Logfiles anbei - Standard

GVU Trojaner 2.07 - Win7 32 BIT Ultimate - Logfiles anbei


Hallo T.John,

danke für die schnelle Hilfe.

Was hab ich jetzt eigentlich genau bereinigt - bin da leide Laie.
Die gelöschen Einträge scheinen mir recht umfangreich und tw. auch von mir bekannten Anwendungen.

Hier das Ergebnis-Log:

Code:
ATTFilter
All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D4261820-1F3A-47B3-8570-B857B6CB1DC6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4261820-1F3A-47B3-8570-B857B6CB1DC6}\ not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=3\ deleted successfully.
G:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=9\ deleted successfully.
File G:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll not found.
Registry key HKEY_CURRENT_USER\Software\MozillaPlugins\@tools.google.com/Google Update;version=3\ deleted successfully.
G:\Users\Martin\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll moved successfully.
Registry key HKEY_CURRENT_USER\Software\MozillaPlugins\@tools.google.com/Google Update;version=9\ deleted successfully.
File G:\Users\Martin\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll not found.
File G:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Steam deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Xvid deleted successfully.
G:\Program Files\Xvid\CheckUpdate.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutorun deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{07212baf-96ca-11e1-8b04-002354083de4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{07212baf-96ca-11e1-8b04-002354083de4}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{07212baf-96ca-11e1-8b04-002354083de4}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{07212baf-96ca-11e1-8b04-002354083de4}\ not found.
File J:\pushinst.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1c5f7181-7d40-11df-a3f5-002354083de4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1c5f7181-7d40-11df-a3f5-002354083de4}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1c5f7181-7d40-11df-a3f5-002354083de4}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1c5f7181-7d40-11df-a3f5-002354083de4}\ not found.
File P:\LaunchU3.exe -a not found.
G:\ProgramData\D0F605A352.sys moved successfully.
G:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4004331714-992687181-2945927093-1001UA.job moved successfully.
G:\Windows\Tasks\GoogleUpdateTaskMachineUA.job moved successfully.
G:\Windows\Tasks\Adobe Flash Player Updater.job moved successfully.
G:\ProgramData\to_r0tsef.pad moved successfully.
G:\Windows\Tasks\GoogleUpdateTaskMachineCore.job moved successfully.
G:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4004331714-992687181-2945927093-1001Core.job moved successfully.
File G:\ProgramData\to_r0tsef.pad not found.
File G:\Windows\tasks\Adobe Flash Player Updater.job not found.
G:\ProgramData\KGyGaAvL.sys moved successfully.
File G:\ProgramData\D0F605A352.sys not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
G:\Users\Martin\Desktop\cmd.bat deleted successfully.
G:\Users\Martin\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Martin
->Temp folder emptied: 265344429 bytes
->Temporary Internet Files folder emptied: 316966639 bytes
->Java cache emptied: 3477588 bytes
->FireFox cache emptied: 53133360 bytes
->Google Chrome cache emptied: 194214590 bytes
->Flash cache emptied: 506 bytes
 
User: Public
 
User: Tanja
->Temp folder emptied: 227652000 bytes
->Temporary Internet Files folder emptied: 115007829 bytes
->Java cache emptied: 38834 bytes
->FireFox cache emptied: 329915669 bytes
->Flash cache emptied: 17774 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 206571102 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 306206985 bytes
 
Total Files Cleaned = 1,925.00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: Default
 
User: Default User
 
User: Martin
->Flash cache emptied: 0 bytes
 
User: Public
 
User: Tanja
->Flash cache emptied: 0 bytes
 
Total Flash Files Cleaned = 0.00 mb
 
 
OTL by OldTimer - Version 3.2.54.0 log created on 07162012_213725

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
Paßt das nun so und ist mein System jetzt wirklich wieder clean.
Danke für die Hilfe

Greeting
Snoopy
__________________
Alt 16.07.2012, 20:50   #4
t'john
/// Helfer-Team
 
GVU Trojaner 2.07 - Win7 32 BIT Ultimate - Logfiles anbei - Standard

GVU Trojaner 2.07 - Win7 32 BIT Ultimate - Logfiles anbei


Sehr gut!

Wie laeuft der Rechner?

Downloade Dir bitte AdwCleaner auf deinen Desktop.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Search.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.
__________________
Mfg, t'john
Das TB unterstützen

Alt 16.07.2012, 20:53   #5
Snoopy-Dog
 
GVU Trojaner 2.07 - Win7 32 BIT Ultimate - Logfiles anbei - Standard

GVU Trojaner 2.07 - Win7 32 BIT Ultimate - Logfiles anbei


Hi,

das geht ja hier super schnell.
Rechner läuft bisher wieder stabil.
Weiß aber eben nicht ob er wirklich wieder clean ist.

Hier das Log:

Code:
ATTFilter
# AdwCleaner v1.702 - Logfile created 07/16/2012 at 21:52:41
# Updated 13/07/2012 by Xplode
# Operating system : Windows 7 Ultimate Service Pack 1 (32 bits)
# User : Martin - WALLACE
# Running from : G:\Users\Martin\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

Folder Found : G:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

***** [Registry] *****

Key Found : HKLM\SOFTWARE\Classes\AppID\WMHelper.DLL
Key Found : HKLM\SOFTWARE\Orbit\OpenCandy

***** [Registre - GUID] *****

Key Found : HKLM\SOFTWARE\Classes\AppID\{A7DDCBDE-5C86-415c-8A37-763AE183E7E4}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v12.0 (de)

Profile name : default 
File : G:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\2bb36brz.default\prefs.js

[OK] File is clean.

Profile name : default 
File : G:\Users\Tanja\AppData\Roaming\Mozilla\Firefox\Profiles\9d7quoxn.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v20.0.1132.57

File : G:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [1281 octets] - [16/07/2012 21:52:41]

########## EOF - G:\AdwCleaner[R1].txt - [1409 octets] ##########


Alt 16.07.2012, 21:04   #6
t'john
/// Helfer-Team
 
GVU Trojaner 2.07 - Win7 32 BIT Ultimate - Logfiles anbei - Standard

GVU Trojaner 2.07 - Win7 32 BIT Ultimate - Logfiles anbei


Sehr gut!

  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Delete.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.



danach:

Malware-Scan mit Emsisoft Anti-Malware

Lade die Gratisversion von => Emsisoft Anti-Malware herunter und installiere das Programm.
Lade über Jetzt Updaten die aktuellen Signaturen herunter.
Wähle den Freeware-Modus aus.

Wähle Detail Scan und starte über den Button Scan die Überprüfung des Computers.
Am Ende des Scans nichts loeschen lassen!. Mit Klick auf Bericht speichern das Logfile auf dem Desktop speichern und hier in den Thread posten.

Anleitung: http://www.trojaner-board.de/103809-...i-malware.html
__________________
--> GVU Trojaner 2.07 - Win7 32 BIT Ultimate - Logfiles anbei

Alt 30.07.2012, 11:07   #7
t'john
/// Helfer-Team
 
GVU Trojaner 2.07 - Win7 32 BIT Ultimate - Logfiles anbei - Standard

GVU Trojaner 2.07 - Win7 32 BIT Ultimate - Logfiles anbei


Fehlende Rückmeldung

Gibt es Probleme beim Abarbeiten obiger Anleitung?

Um Kapazitäten für andere Hilfesuchende freizumachen, lösche ich dieses Thema aus meinen Benachrichtigungen.

Solltest Du weitermachen wollen, schreibe mir eine PN oder eröffne ein neues Thema.
http://www.trojaner-board.de/69886-a...-beachten.html


Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner sauber ist.
__________________
Mfg, t'john
Das TB unterstützen

Antwort

Themen zu GVU Trojaner 2.07 - Win7 32 BIT Ultimate - Logfiles anbei
.dll, 32 bit, adblock, adobe, avg, bho, bonjour, branding, browser, ccc.exe, ctfmon.lnk, defender, desktop, downloader, dringend, explorer, firefox, flash player, format, google earth, helper, heuristiks/extra, heuristiks/shuriken, homepage, hängen, langs, logfile, microsoft office 2003, mom.exe, mozilla, plug-in, poweriso, registry, searchscopes, software, staropen, taskhost.exe, teamspeak, temp, trojaner, usb, win7 32 bit


« SUPERAntiSpyware nach Neuinstallation. | "Polizei Einheit 5.2" Trojaner »


Ähnliche Themen: GVU Trojaner 2.07 - Win7 32 BIT Ultimate - Logfiles anbei


  1. Sehr gefährlicher Trojaner unter Win7 Ultimate
    Plagegeister aller Art und deren Bekämpfung - 01.07.2015 (9)
  2. Laptop mit Windows 8 nach Malware Befall wirklich sauber? Logfiles anbei
    Log-Analyse und Auswertung - 30.12.2014 (9)
  3. ADWARE/InstallCore.Gen7 auf Rechner gefunden - Logfiles dazu anbei
    Log-Analyse und Auswertung - 22.12.2014 (7)
  4. BKA Trojaner WindowsXP OTL.txt Logfiles anbei
    Log-Analyse und Auswertung - 17.10.2013 (12)
  5. Online Banking - Bahn frei oder nicht? Logfiles anbei.
    Log-Analyse und Auswertung - 02.07.2013 (5)
  6. PC fährt spontan und ohne Anmeldung runter / Logfiles anbei
    Log-Analyse und Auswertung - 26.03.2013 (2)
  7. GUV Trojaner, OTL LogFiles anbei
    Plagegeister aller Art und deren Bekämpfung - 24.08.2012 (11)
  8. Suisa Trojaner, Win7 64bit, Logfiles anbei
    Log-Analyse und Auswertung - 14.08.2012 (16)
  9. -Live Security Platinum- Logfiles anbei!
    Log-Analyse und Auswertung - 14.08.2012 (5)
  10. Win7 PC mit BKA-Trojaner infiziert (Logfiles angehängt)
    Log-Analyse und Auswertung - 08.08.2012 (18)
  11. erbitte Hilfe: Bundespolizei Trojaner -0.9930813233754422.exe (Exploit.Drop.UR.2)-LOGFILES anbei
    Plagegeister aller Art und deren Bekämpfung - 02.08.2012 (7)
  12. GVU Trojaner auf Win7 64bit - Logfiles
    Log-Analyse und Auswertung - 02.08.2012 (17)
  13. Suisa Trojaner, Win XP 32Bit, Logfiles Anbei
    Log-Analyse und Auswertung - 19.07.2012 (14)
  14. Achtung! Windows wurde aus Sicherheitsgründen heruntergefahren. (2 OTL Logfiles anbei)
    Log-Analyse und Auswertung - 11.03.2012 (3)
  15. Wie beseitige ich folgende Trojaner? Logfiles anbei
    Plagegeister aller Art und deren Bekämpfung - 06.08.2008 (3)
  16. KreditKA-Daten wurden ausgelesen - Logfiles anbei - bitte um Hilfe
    Log-Analyse und Auswertung - 09.06.2008 (3)
  17. Ein paar Viren + HotkeysH@@k irgendwo... Logfiles anbei!
    Plagegeister aller Art und deren Bekämpfung - 03.05.2008 (5)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema GVU Trojaner 2.07 - Win7 32 BIT Ultimate - Logfiles anbei - Hallo Zusammen, ich habe mir heute den nervigen GVU Trojaner 2.07 eingefangen und brauche dringend Hilfe. Hab das Ding mit Anti-Malware entfernt. Log davon hier: Code: Alles auswählen Aufklappen ATTFilter - GVU Trojaner 2.07 - Win7 32 BIT Ultimate - Logfiles anbei...
Archiv
Du betrachtest: GVU Trojaner 2.07 - Win7 32 BIT Ultimate - Logfiles anbei auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55