|
Log-Analyse und Auswertung: GVU-Trojaner, Win7, 64bitWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
25.07.2012, 21:11 | #1 | |
| GVU-Trojaner, Win7, 64bit Hallo! Ich habe mir heute einen GVU-Trojaner zugezogen, konnte dank der Anleitung von Chip.de immerhin schonmal einen Neustart im abgesicherten Modus durchführen. Den vollständigen Scan mit Malwarebytes habe ich durchgeführt, hier das Ergebnis: Zitat:
MfG, Ceremony. Geändert von ceremony (25.07.2012 um 21:23 Uhr) |
27.07.2012, 13:26 | #2 |
/// Helfer-Team | GVU-Trojaner, Win7, 64bit1. Schritt Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten. 2. Schritt Systemscan mit OTL (bebilderte Anleitung)
__________________ |
10.08.2012, 19:30 | #3 |
/// Helfer-Team | GVU-Trojaner, Win7, 64bit Fehlende Rückmeldung
__________________Gibt es Probleme beim Abarbeiten obiger Anleitung? Um Kapazitäten für andere Hilfesuchende freizumachen, lösche ich dieses Thema aus meinen Benachrichtigungen. Solltest Du weitermachen wollen, schreibe mir eine PN oder eröffne ein neues Thema. http://www.trojaner-board.de/69886-a...-beachten.html Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner sauber ist.
__________________ |
13.08.2012, 22:48 | #4 |
| GVU-Trojaner, Win7, 64bit Tut mir leid, dass ich jetzt erst antworte, ich hatte längere Zeit keinen Zugang zu diesem PC. Hier die Ergebnisse des OTL-Scans: Code:
ATTFilter OTL Extras logfile created on: 13.08.2012 22:54:06 - Run 1 OTL by OldTimer - Version 3.2.57.0 Folder = C:\Users\Muster\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,97 Gb Total Physical Memory | 2,17 Gb Available Physical Memory | 54,62% Memory free 7,93 Gb Paging File | 5,78 Gb Available in Paging File | 72,84% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 149,04 Gb Total Space | 84,11 Gb Free Space | 56,43% Space Free | Partition Type: NTFS Drive D: | 148,65 Gb Total Space | 138,65 Gb Free Space | 93,27% Space Free | Partition Type: NTFS Drive G: | 465,76 Gb Total Space | 395,79 Gb Free Space | 84,98% Space Free | Partition Type: NTFS Computer Name: MUSTER | User Name: MUSTER | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. http [open] -- Reg Error: Key error. https [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- "C:\Program Files (x86)\File Type Assistant\tsassist.exe" "%1" (Trusted Software ApS) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. http [open] -- Reg Error: Key error. https [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- "C:\Program Files (x86)\File Type Assistant\tsassist.exe" "%1" (Trusted Software ApS) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0F7B7B07-289C-4DF2-B6D3-436869486D96}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{1082A0A5-2139-4254-8B4F-126E4A36CC5A}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{1A4165ED-E622-4A3E-96E7-07FFB806F712}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{3A0F6337-37AF-407D-B0AE-61083FFC6245}" = lport=139 | protocol=6 | dir=in | app=system | "{46EC443E-5D67-43DE-A2BE-75572BF23B8E}" = lport=2869 | protocol=6 | dir=in | app=system | "{487E82B7-DC4C-48AE-BB9F-1B56C3149E77}" = rport=137 | protocol=17 | dir=out | app=system | "{4E6F4F3C-E7EA-4D1F-8EE4-3DE903C24291}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{50DD8446-F4CB-4400-B117-E57C97DDE9FB}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{58BF1926-D253-4457-B6B9-63DECB8C2F84}" = lport=137 | protocol=17 | dir=in | app=system | "{72FC0567-3DEE-4D12-ACAC-252E56B41049}" = lport=10243 | protocol=6 | dir=in | app=system | "{75F1E3BF-57DA-4CDA-8FD3-18327482025A}" = rport=138 | protocol=17 | dir=out | app=system | "{78A5126B-E567-4320-B660-4D0801AE7343}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{812D9F19-23E7-47AB-80AD-3C63410113F0}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{8848FDAB-E380-4EC7-ADEF-AC9B0FDDB884}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{938B38F8-DE92-46F9-B54D-FCB25873699C}" = lport=138 | protocol=17 | dir=in | app=system | "{9F1054F0-08E3-4079-8C28-E1E5D03B8C29}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{A80D8F59-7F7A-44D7-9C7F-84CBAA3B4C23}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{B1317D5E-5692-4FDF-B6BC-4E9E59F6BAF8}" = lport=2869 | protocol=6 | dir=in | app=system | "{BB51B39A-E497-4C21-B970-412144D48DAF}" = rport=10243 | protocol=6 | dir=out | app=system | "{CE634FF2-700C-461E-A150-421B8EC46B12}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{CF50896D-6857-4954-B7C2-55ABE4E013CD}" = rport=139 | protocol=6 | dir=out | app=system | "{EC9ED790-08F4-473E-B98D-55A3E422B503}" = rport=445 | protocol=6 | dir=out | app=system | "{F09BC853-E428-48EF-B6F8-252558F0B837}" = lport=445 | protocol=6 | dir=in | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{01EDD12E-AF3C-4D53-9646-21BF6B4FEEA0}" = protocol=6 | dir=out | app=system | "{0363FC25-276D-42EA-85E0-49CDB9F56DFB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{03C37CA1-894F-4149-BDA1-BDC382EC6184}" = dir=in | app=c:\program files (x86)\nokia\nokia ovi suite\nokiaovisuite.exe | "{046F2664-2F26-44EE-A9BC-594AA2043797}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{05B18C99-66EF-4E1A-9210-64FF5413D44F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{148E02F4-1801-419B-AC2E-B776D3DC67CD}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe | "{1684E112-8CF5-49FB-8558-3F87A31F6414}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{1B38C172-1D33-4729-B171-E71A7C807573}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | "{41839C03-D28B-440A-B8B0-317182192DB2}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{4CA8BA81-989F-472A-AD0A-C6D7FA2A037D}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{4F963B9A-AC62-4B81-88D3-B08104C7A8F4}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | "{53648F6A-AAB7-4ED9-BEBC-14E86F0A8812}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe | "{5ADCE308-CC0B-4C0C-AA56-3F881B485E66}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{601A0612-AB35-4E44-A7C3-9CA051CB1446}" = dir=in | app=c:\program files (x86)\finaltorrent\finaltorrent.exe | "{664AE0B3-4DFA-4D4E-A057-56EE7AAF119C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{67037F2D-EB08-422B-9F46-0A0483EB36FA}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{6835C442-8FE3-4A39-9F9F-5B53C7ACD924}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{68518721-331D-4FB7-8CCE-664F9CF69319}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{778AA8A9-59FE-40FB-8FA6-7B16FE3B2A3C}" = dir=in | app=c:\program files (x86)\finaltorrent\ftcheckforupdates.exe | "{8516A2EB-BE36-4A0A-A0E8-E794EA0A14B5}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe | "{89275F09-C06D-4581-BA01-69BEBE146459}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{8A03AA71-F7F7-46E9-8A79-729F0B73D9B0}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe | "{92180CC8-211D-4FE0-B4DD-EFC2286F0202}" = dir=in | app=c:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe | "{A1260A08-0467-4139-999A-9B7F11944E20}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe | "{B2F683F2-0C13-474F-A2E6-D3B5654EB441}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe | "{B4F5F8A3-6D57-4A37-B52E-43E657E8CD12}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{B51B0DE3-CC66-4A0C-A93D-77AE52C89900}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{B88F3854-229A-4571-8913-BA6451276128}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{BA5308A0-993C-4700-8CA2-E69E7C223ADC}" = dir=in | app=c:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe | "{BA852ED4-F538-43E5-991D-FE772C56F610}" = protocol=17 | dir=in | app=e:\alicecd.exe | "{C7481280-28EC-43F2-928C-FA983869143B}" = protocol=6 | dir=in | app=e:\alicecd.exe | "{C79C4EEB-E887-4C3B-8EAB-520D6F02A96B}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{CB508994-85A2-4C0E-8B37-1D6F74ED5FBE}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe | "{D4543244-B517-4A1E-B7F3-6EA41D7BB823}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{DCFBE03A-B339-4D20-8906-E8AEA2064490}" = dir=in | app=c:\program files (x86)\nokia\nokia ovi suite\nokiaovisuite.exe | "{DDB4DDE7-065E-425D-AF20-BC1923FBA6D2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{E2EB3D25-B66D-4B33-AECB-734312593DE0}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe | "{F0FE7D63-0CB3-4071-867E-B4B8F7BFFC56}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{F595B3F4-80B6-424E-9C4B-B6B913D91831}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{FD9719A1-7159-480C-BD49-033C6DB5ECA1}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe | "TCP Query User{703F7DA4-1283-485E-A744-59CBEAAB1CE5}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe | "TCP Query User{CA58AFAB-29FB-4BFD-BD6C-E66FD3287BF1}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | "TCP Query User{D4950543-BCBA-4277-80DF-AF7BB10020BF}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe | "UDP Query User{3BB9A691-A743-4678-892D-AC20FDB048AE}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe | "UDP Query User{532E04F3-320B-43DC-AABB-5D072AC69E40}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe | "UDP Query User{76CA77DE-5C34-4517-952B-D398991E2F5F}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64) "{0FB2E75A-1024-331F-77EF-D45F71505D58}" = ATI Catalyst Install Manager "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP250_series" = Canon MP250 series MP Drivers "{1E9E8BA6-FD0B-465D-AFA2-ECE10BF095F9}" = TOSHIBA Bulletin Board "{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 "{3D33F6F0-4D90-484D-A1D9-09AE791CCBD9}" = Eraser 6.0.9.2343 "{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2 "{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007 "{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007 "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}" = TOSHIBA PC Health Monitor "{9EE58CAC-21D5-1412-F0F2-CB9CD8834B59}" = ccc-utility64 "{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64 "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility "{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator "{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64 "{C2DDF845-7107-40E8-8D2A-8719F1799570}" = TOSHIBA ReelTime "{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert "{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORMCLauncher "{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities "{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition "CCleaner" = CCleaner "FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0) "SynTPDeinstKey" = Synaptics Pointing Device Driver [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3 "{0163E195-D5EF-BF70-CBEE-73AA7CBBBEEE}" = CCC Help Thai "{03883959-80DA-6151-CEAE-46A058CF774F}" = CCC Help Danish "{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3 "{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package "{07D77970-B205-460C-84E4-263F30455597}" = Nokia Ovi Suite "{0823A2E3-69DD-A37A-7CD9-1CBEB037545C}" = Toshiba Photo Service - powered by myphotobook "{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting "{096D1CCF-0F1E-08FB-094F-C40A633D5AEB}" = ccc-core-static "{0FB630AB-7BD8-40AE-B223-60397D57C3C9}" = Realtek WLAN Driver "{12451AF7-EFF8-4B5B-8255-282D7CC7CAEE}" = OviMPlatform "{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver "{13D0EB07-FCA0-C005-A6C5-B1A4B7E5BB48}" = Catalyst Control Center Core Implementation "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin "{1B87C40B-A60B-4EF3-9A68-706CF4B69978}" = Toshiba Assist "{1D4A3E7D-A580-5BB7-DED3-48508A53D2B2}" = CCC Help Chinese Standard "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{22354A21-BE84-0D40-191D-6E530B715CCF}" = CCC Help Polish "{2290A680-4083-410A-ADCC-7092C67FC052}" = Toshiba Online Product Information "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2 "{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java(TM) 6 Update 32 "{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3 "{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie "{2CC53A53-44F4-4667-8584-2FFC9ACB2242}" = Ovi Desktop Sync Engine "{2D99A593-C841-43A7-B7C9-D6F3AE70B756}" = Nokia Connectivity Cable Driver "{2F36BA32-7986-9E40-B3F6-908B214EC898}" = CCC Help Japanese "{2F4A39B2-5A2D-3E9F-E8EA-6F891A097ACF}" = CCC Help English "{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform "{3DBE8669-1F7D-E1C9-2BC8-CC4BAE0A5136}" = CCC Help Turkish "{3FF5FF03-DB97-2ACE-BAE7-61D6D4A39F9B}" = Catalyst Control Center Graphics Full Existing "{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4CEE0E9F-2116-BE92-CD54-8D1834935B54}" = Catalyst Control Center Localization All "{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings "{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password "{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup "{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3 "{5508128A-2C7B-46B5-81F9-58E8E8115F0B}" = AdblockIE "{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth "{5DD59391-FED6-576D-B6BD-71111EF96522}" = CCC Help Russian "{5E6F6CF3-BACC-4144-868C-E14622C658F3}" = TOSHIBA Web Camera Application "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053 "{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call "{6168260A-6D56-50BB-193C-BF6F471394AA}" = CCC Help Greek "{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility "{6A150790-FC79-D323-92D4-E773E3A03789}" = CCC Help Portuguese "{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All "{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER "{6CB88B54-4C1C-E6AB-49C6-476DE56327BC}" = CCC Help Spanish "{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2 "{6DE880FE-F0C9-BC57-B7C5-2ABEAE1E501E}" = CCC Help German "{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3 "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2 "{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync "{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TOSHIBA Recovery Media Creator Reminder "{79660B73-3DD0-9C3D-3F29-0E266F3AE5EA}" = CCC Help Norwegian "{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3 "{81E5E076-F2C1-AE09-A360-0CAC2967FD5F}" = CCC Help Swedish "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3 "{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System "{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002A-0407-1000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3 "{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}" = Toshiba Manuals "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007 "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{949D34E5-F53F-4830-9A50-1E2C39109043}_is1" = PNotes 8.5.106 "{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German) "{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings "{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader "{986CAA52-3249-B34F-DC64-07347926CF57}" = CCC Help Korean "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3 "{9E4FF410-471F-49E3-9358-74FF0D5E9901}" = Toshiba TEMPRO "{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific "{A8F7FCEF-3CA6-4CE9-8FEA-8BB18F8686F0}" = Nokia Ovi Suite Software Updater "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A9FE59F0-5BFA-4FDF-84C6-F45457715379}" = InstallIQ Updater "{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings "{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station "{AC76BA86-7AD7-1031-7B44-A92000000001}" = Adobe Reader 9.2 - Deutsch "{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86 "{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0 "{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup "{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility "{B5B8BA5D-55CA-9351-984B-048FEF97A544}" = Catalyst Control Center Graphics Previews Vista "{B6DECBD2-EC09-17C3-35AE-8C72B08062C9}" = CCC Help Czech "{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3 "{BF3AB290-563B-2F6F-9AF0-189B5CCF2C01}" = Catalyst Control Center Graphics Light "{C373F7C4-05D2-4047-96D1-6AF30661C6AA}" = PC Connectivity Solution "{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail "{C644BA4B-07D6-A67E-9EB4-157F6DEB68BE}" = CCC Help Chinese Traditional "{CB6075D9-F912-40AE-BEA6-E590DA24F16B}" = Adobe Photoshop Elements 7.0 "{D0831990-FF97-1F08-668D-4743CC32EFBC}" = CCC Help Finnish "{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client "{D1BB4446-AE9C-4256-9A7F-4D46604D2462}" = Adobe Setup "{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files "{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert "{D9835CE0-E294-83FE-AF9F-BC113A0D2EA9}" = CCC Help Hungarian "{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings "{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings "{DFFC0648-BC4B-47D1-93D2-6CA6B9457641}" = OpenOffice.org 3.2 "{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer "{E25FA4E1-678F-414F-9777-1E3FDBBDA4D1}" = Catalyst Control Center InstallProxy "{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update "{E3D63B95-4B21-414A-A2C7-D6D6A6AC6D79}" = Catalyst Control Center - Branding "{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant "{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3 "{E8B28EF5-2A73-03A7-4F02-2DFF1D182940}" = Catalyst Control Center Graphics Full New "{E94F833D-6435-40A2-112C-4BC18100B91D}" = CCC Help Italian "{EEA02668-D5D9-AEFF-6FFB-1EB5BC765A52}" = CCC Help French "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F3529665-D75E-4D6D-98F0-745C78C68E9B}" = TOSHIBA ConfigFree "{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials "{FCD674E3-F281-46D6-7717-6EAFDD16D8FC}" = CCC Help Dutch "Ace Zip v 3.2_is1" = Ace Zip 3.2.0 "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Photoshop Elements 7" = Adobe Photoshop Elements 7.0 "Adobe_2ac78060bc5856b0c1cf873bb919b58" = Adobe Photoshop CS3 "Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2 "avast" = avast! Free Antivirus "Canon MP250 series Benutzerregistrierung" = Canon MP250 series Benutzerregistrierung "CANONIJPLM100" = Canon Inkjet Printer/Scanner/Fax Extended Survey Program "CanonMyPrinter" = Canon Utilities My Printer "DivX Setup.divx.com" = DivX-Setup "Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX "eu.myphotobook.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1" = Toshiba Photo Service - powered by myphotobook "FinalTorrent_is1" = FinalTorrent 2011 "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.26.706 "HOMESTUDENTR" = Microsoft Office Home and Student 2007 "InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package "InstallShield_{1E9E8BA6-FD0B-465D-AFA2-ECE10BF095F9}" = TOSHIBA Bulletin Board "InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisorkennwort "InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup "InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center "InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility "InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TOSHIBA Recovery Media Creator Reminder "InstallShield_{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility "InstallShield_{C2DDF845-7107-40E8-8D2A-8719F1799570}" = TOSHIBA ReelTime "InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert "InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORMCLauncher "InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition "LastFM_is1" = Last.fm 1.5.4.27091 "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300 "Nokia Ovi Suite" = Nokia Ovi Suite "NSS" = Norton Security Scan "RarZilla Free Unrar" = RarZilla Free Unrar "SWI-Prolog" = SWI-Prolog (remove only) "Trusted Software Assistant_is1" = File Type Assistant "WinAce Archiver" = WinAce Archiver "WinLiveSuite_Wave3" = Windows Live Essentials ========== Last 20 Event Log Errors ========== [ Antivirus Events ] Error - 28.11.2009 09:05:31 | Computer Name = FLORIAN-TOSH | Source = avast! | ID = 33554522 Description = [ Application Events ] Error - 09.07.2011 10:11:44 | Computer Name = FLORIAN-TOSH | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 8.0.7601.17514, Zeitstempel: 0x4ce79912 Name des fehlerhaften Moduls: mshtml.dll, Version: 8.0.7601.17622, Zeitstempel: 0x4de0795b Ausnahmecode: 0xc0000005 Fehleroffset: 0x0015e787 ID des fehlerhaften Prozesses: 0xf80 Startzeit der fehlerhaften Anwendung: 0x01cc3e41cd4a2aa2 Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\iexplore.exe Pfad des fehlerhaften Moduls: C:\Windows\SysWOW64\mshtml.dll Berichtskennung: 5f81b382-aa35-11e0-a08f-00262235917f Error - 09.07.2011 19:33:08 | Computer Name = FLORIAN-TOSH | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 8.0.7601.17514, Zeitstempel: 0x4ce79912 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x04246c83 ID des fehlerhaften Prozesses: 0xe4 Startzeit der fehlerhaften Anwendung: 0x01cc3e8a86fad241 Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\iexplore.exe Pfad des fehlerhaften Moduls: unknown Berichtskennung: cd04d85b-aa83-11e0-a08f-00262235917f Error - 11.07.2011 09:26:50 | Computer Name = FLORIAN-TOSH | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 8.0.7601.17514, Zeitstempel: 0x4ce79912 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17514, Zeitstempel: 0x4ce7ba58 Ausnahmecode: 0xc0000374 Fehleroffset: 0x000ce653 ID des fehlerhaften Prozesses: 0x1abc Startzeit der fehlerhaften Anwendung: 0x01cc3fcab2ef4617 Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\iexplore.exe Pfad des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll Berichtskennung: 6e7f23e0-abc1-11e0-ab1f-00262235917f Error - 11.07.2011 18:59:37 | Computer Name = FLORIAN-TOSH | Source = Application Hang | ID = 1002 Description = Programm iexplore.exe, Version 8.0.7601.17514 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 650 Startzeit: 01cc3f28d37cfaae Endzeit: 18 Anwendungspfad: C:\Program Files (x86)\Internet Explorer\iexplore.exe Berichts-ID: 70c8bb26-ac11-11e0-ab1f-00262235917f Error - 12.07.2011 05:40:26 | Computer Name = FLORIAN-TOSH | Source = SideBySide | ID = 16842815 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig. Error - 12.07.2011 07:07:56 | Computer Name = FLORIAN-TOSH | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 8.0.7601.17514, Zeitstempel: 0x4ce79912 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17514, Zeitstempel: 0x4ce7ba58 Ausnahmecode: 0xc0000374 Fehleroffset: 0x000ce653 ID des fehlerhaften Prozesses: 0x13f8 Startzeit der fehlerhaften Anwendung: 0x01cc4083e4f97753 Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\iexplore.exe Pfad des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll Berichtskennung: 315e2359-ac77-11e0-ad74-00262235917f Error - 14.07.2011 03:30:44 | Computer Name = FLORIAN-TOSH | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: PhotoshopElementsFileAgent.exe, Version: 7.0.0.0, Zeitstempel: 0x48cfeb6b Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x73486c9c ID des fehlerhaften Prozesses: 0x6bc Startzeit der fehlerhaften Anwendung: 0x01cc41f7d0ecab32 Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe Pfad des fehlerhaften Moduls: unknown Berichtskennung: 2ea3fc03-adeb-11e0-8043-00262235917f Error - 14.07.2011 03:30:47 | Computer Name = FLORIAN-TOSH | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: mDNSResponder.exe, Version: 1.0.3.1, Zeitstempel: 0x4404b5bc Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x73486c9c ID des fehlerhaften Prozesses: 0x70c Startzeit der fehlerhaften Anwendung: 0x01cc41f7d16d3581 Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Bonjour\mDNSResponder.exe Pfad des fehlerhaften Moduls: unknown Berichtskennung: 30ce9ca2-adeb-11e0-8043-00262235917f Error - 14.07.2011 03:30:48 | Computer Name = FLORIAN-TOSH | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: IJPLMSVC.EXE, Version: 3.0.0.101, Zeitstempel: 0x4991253f Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x73486c9c ID des fehlerhaften Prozesses: 0x744 Startzeit der fehlerhaften Anwendung: 0x01cc41f7d182a1e3 Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE Pfad des fehlerhaften Moduls: unknown Berichtskennung: 3140deb0-adeb-11e0-8043-00262235917f Error - 16.07.2011 08:13:07 | Computer Name = FLORIAN-TOSH | Source = SideBySide | ID = 16842815 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig. [ Media Center Events ] Error - 10.11.2009 13:18:52 | Computer Name = TOSH | Source = MCUpdate | ID = 0 Description = 18:18:52 - Fehler beim Herstellen der Internetverbindung. 18:18:52 - Serververbindung konnte nicht hergestellt werden.. Error - 10.11.2009 16:39:38 | Computer Name = TOSH | Source = MCUpdate | ID = 0 Description = 21:39:38 - Fehler beim Herstellen der Internetverbindung. 21:39:38 - Serververbindung konnte nicht hergestellt werden.. [ System Events ] Error - 29.07.2012 08:10:25 | Computer Name = TOSH | Source = atikmdag | ID = 52236 Description = CPLIB :: General - Invalid Parameter Error - 29.07.2012 08:10:25 | Computer Name = TOSH | Source = atikmdag | ID = 43029 Description = Display is not active Error - 29.07.2012 08:22:20 | Computer Name = TOSH | Source = atikmdag | ID = 43029 Description = Display is not active Error - 31.07.2012 02:00:29 | Computer Name = TOSH | Source = atikmdag | ID = 43029 Description = Display is not active Error - 31.07.2012 02:10:32 | Computer Name = TOSH | Source = atikmdag | ID = 43029 Description = Display is not active Error - 13.08.2012 09:27:31 | Computer Name = TOSH | Source = atikmdag | ID = 43029 Description = Display is not active Error - 13.08.2012 09:48:37 | Computer Name = TOSH | Source = WMPNetworkSvc | ID = 866333 Description = Error - 13.08.2012 09:49:09 | Computer Name = TOSH | Source = WMPNetworkSvc | ID = 866333 Description = Error - 13.08.2012 16:45:18 | Computer Name = TOSH | Source = atikmdag | ID = 43029 Description = Display is not active Error - 13.08.2012 17:10:19 | Computer Name = TOSH | Source = DCOM | ID = 10016 Description = < End of report > Code:
ATTFilter OTL logfile created on: 13.08.2012 22:54:06 - Run 1 OTL by OldTimer - Version 3.2.57.0 Folder = C:\Users\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,97 Gb Total Physical Memory | 2,17 Gb Available Physical Memory | 54,62% Memory free 7,93 Gb Paging File | 5,78 Gb Available in Paging File | 72,84% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 149,04 Gb Total Space | 84,11 Gb Free Space | 56,43% Space Free | Partition Type: NTFS Drive D: | 148,65 Gb Total Space | 138,65 Gb Free Space | 93,27% Space Free | Partition Type: NTFS Drive G: | 465,76 Gb Total Space | 395,79 Gb Free Space | 84,98% Space Free | Partition Type: NTFS Computer Name: FLORIAN-TOSH | User Name: Muster| Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_268_ActiveX.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe (Google Inc.) PRC - C:\Programme\Alwil Software\Avast5\AvastUI.exe (AVAST Software) PRC - C:\Programme\Alwil Software\Avast5\AvastSvc.exe (AVAST Software) PRC - C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia) PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () PRC - C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Last.fm\LastFM.exe (Last.fm) PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (OpenOffice.org) PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) PRC - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe (TOSHIBA CORPORATION) PRC - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION) PRC - C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe () PRC - C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA CORPORATION) PRC - C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated) ========== Modules (No Company Name) ========== MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\64de6810023adccdc56ddae13bdd6b03\System.Xml.Linq.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\dfd33f59a5803a3c73cf408362e6e0b7\System.Core.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\626d0ac2f4ada682d7ca6c4ebf821469\CustomMarshalers.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll () MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll () MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll () MOD - C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll () MOD - C:\Program Files (x86)\Last.fm\srv_rtaudioplayback.dll () MOD - C:\Program Files (x86)\Last.fm\ext_messengernotify.dll () MOD - C:\Program Files (x86)\Last.fm\ext_skypenotify.dll () MOD - C:\Program Files (x86)\Last.fm\srv_madtranscode.dll () MOD - C:\Program Files (x86)\Last.fm\srv_httpinput.dll () MOD - C:\Program Files (x86)\Last.fm\LastFmFingerprint1.dll () MOD - C:\Program Files (x86)\Last.fm\breakpad.dll () MOD - C:\Program Files (x86)\Last.fm\Moose1.dll () MOD - C:\Program Files (x86)\Last.fm\LastFmTools1.dll () MOD - C:\Program Files (x86)\Last.fm\libfftw3f-3.dll () MOD - C:\Program Files (x86)\Last.fm\zlibwapi.dll () MOD - C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll () MOD - \\?\C:\ProgramData\Microsoft\Windows\DRM\Cache\Indiv_SID_S-1-5-21-3908575037-3958625406-1395504474-1000\Indiv01.key () MOD - C:\Windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll () MOD - C:\Program Files (x86)\Last.fm\QtNetwork4.dll () MOD - C:\Program Files (x86)\Last.fm\QtSql4.dll () MOD - C:\Program Files (x86)\Last.fm\QtGui4.dll () MOD - C:\Program Files (x86)\Last.fm\QtXml4.dll () MOD - C:\Program Files (x86)\Last.fm\QtCore4.dll () MOD - C:\Program Files (x86)\Last.fm\imageformats\qmng4.dll () MOD - C:\Program Files (x86)\Last.fm\imageformats\qgif4.dll () MOD - C:\Program Files (x86)\Last.fm\imageformats\qjpeg4.dll () ========== Win32 Services (SafeList) ========== SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (TODDSrv) -- C:\Windows\SysNative\TODDSrv.exe (TOSHIBA Corporation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (avast! Antivirus) -- C:\Programme\Alwil Software\Avast5\AvastSvc.exe (AVAST Software) SRV - (ServiceLayer) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia) SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.) SRV - (TOSHIBA eco Utility Service) -- C:\Programme\TOSHIBA\TECO\TecoService.exe (TOSHIBA Corporation) SRV - (TMachInfo) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe (TOSHIBA Corporation) SRV - (cfWiMAXService) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe (TOSHIBA CORPORATION) SRV - (TemproMonitoringService) -- C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe (Toshiba Europe GmbH) SRV - (TosCoSrv) -- C:\Programme\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation) SRV - (TPCHSrv) -- C:\Programme\TOSHIBA\TPHM\TPCHSrv.exe (TOSHIBA Corporation) SRV - (TOSHIBA HDD SSD Alert Service) -- C:\Programme\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe (TOSHIBA Corporation) SRV - (ConfigFree Gadget Service) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe (TOSHIBA CORPORATION) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (ConfigFree Service) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION) SRV - (IJPLMSVC) -- C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe () SRV - (AdobeActiveFileMonitor7.0) -- C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated) ========== Driver Services (SafeList) ========== DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software) DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (AVAST Software) DRV:64bit: - (aswTdi) -- C:\Windows\SysNative\drivers\aswTdi.sys (AVAST Software) DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr.sys (AVAST Software) DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software) DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys (AVAST Software) DRV:64bit: - (UsbserFilt) -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys (Nokia) DRV:64bit: - (upperdev) -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys (Nokia) DRV:64bit: - (nmwcdc) -- C:\Windows\SysNative\drivers\ccdcmbox64.sys (Nokia) DRV:64bit: - (nmwcd) -- C:\Windows\SysNative\drivers\ccdcmbx64.sys (Nokia) DRV:64bit: - (nmwcdnsux64) -- C:\Windows\SysNative\drivers\nmwcdnsux64.sys (Nokia) DRV:64bit: - (nmwcdnsucx64) -- C:\Windows\SysNative\drivers\nmwcdnsucx64.sys (Nokia) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (usbser) -- C:\Windows\SysNative\drivers\usbser.sys (Microsoft Corporation) DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions) DRV:64bit: - (rtl8192se) -- C:\Windows\SysNative\drivers\rtl8192se.sys (Realtek Semiconductor Corporation ) DRV:64bit: - (LPCFilter) -- C:\Windows\SysNative\drivers\LPCFilter.sys (COMPAL ELECTRONIC INC.) DRV:64bit: - (tdcmdpst) -- C:\Windows\SysNative\drivers\tdcmdpst.sys (TOSHIBA Corporation.) DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.) DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (tos_sps64) -- C:\Windows\SysNative\drivers\tos_sps64.sys (TOSHIBA Corporation) DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated) DRV:64bit: - (TVALZ) -- C:\Windows\SysNative\drivers\TVALZ_O.SYS (TOSHIBA Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (PGEffect) -- C:\Windows\SysNative\drivers\PGEffect.sys (TOSHIBA Corporation) DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.) DRV:64bit: - (TVALZFL) -- C:\Windows\SysNative\drivers\TVALZFL.sys (TOSHIBA Corporation) DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (RTHDMIAzAudService) -- C:\Windows\SysNative\drivers\RtHDMIVX.sys (Realtek Semiconductor Corp.) DRV:64bit: - (pccsmcfd) -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys (Nokia) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSEH&bmod=TSEH IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ IE - HKCU\..\URLSearchHook: - No CLSID value found IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{462618EE-33E3-4F33-92C6-C186FC006A59}: "URL" = hxxp://go.web.de/tb/ie_searchplugin/?su={searchTerms} IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7TSEH_de IE - HKCU\..\SearchScopes\{A351372F-61EC-467A-8833-4DFA176057EA}: "URL" = hxxp://go.mail.com/tb/en-us/ie_searchplugin/?su={searchTerms} IE - HKCU\..\SearchScopes\{ABAC6BE8-11BE-442D-8613-BED1C9783B2B}: "URL" = hxxp://go.web.de/tb/ie_lastminute_sp/?searchText={searchTerms} IE - HKCU\..\SearchScopes\{B0329659-CC2B-41FD-B974-47C17C62439F}: "URL" = hxxp://go.gmx.net/tb/ie_searchplugin/?su={searchTerms} IE - HKCU\..\SearchScopes\{B351DFE8-E1CE-4A42-9BA5-78ADAFDC37EC}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=B8E98982-DE32-4655-AD67-F759C40C8EEF&apn_sauid=E24D1022-BA49-42C5-9B8D-9932CC2A9ADD IE - HKCU\..\SearchScopes\{CC80C4BC-85C6-4141-A1DF-194F887079D9}: "URL" = hxxp://search.gmx.com/web?q={searchTerms}&origin=tb_splugin_ie IE - HKCU\..\SearchScopes\{CD0957BA-E502-425F-AD61-444C517378ED}: "URL" = hxxp://go.web.de/tb/ie_ebay_sp/?su={searchTerms} IE - HKCU\..\SearchScopes\{F0681D39-C498-4B22-BC52-7A4A6B5AD28E}: "URL" = hxxp://go.1und1.de/tb/ie_searchplugin/?su={searchTerms} IE - HKCU\..\SearchScopes\{F25BD3A5-DB5C-463F-B2F4-A8E86E4B0FD3}: "URL" = hxxp://www.amazon.de/gp/search?ie=UTF8&keywords={searchTerms}&tag=tochibade-win7-ie-search-21&index=blended&linkCode=ur2 IE - HKCU\..\SearchScopes\{F4045A81-88BB-414B-B07D-C15BAF4041E8}: "URL" = hxxp://go.web.de/tb/ie_amazon_sp/?field-keywords={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2011.10.18 13:32:35 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2011.10.18 13:32:35 | 000,000,000 | ---D | M] O1 HOSTS File: ([2010.04.19 20:46:10 | 000,001,304 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 activate.adobe.com O1 - Hosts: 127.0.0.1 practivate.adobe.com O1 - Hosts: 127.0.0.1 ereg.adobe.com O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com O1 - Hosts: 127.0.0.1 wip3.adobe.com O1 - Hosts: 127.0.0.1 3dns-3.adobe.com O1 - Hosts: 127.0.0.1 3dns-2.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com O1 - Hosts: 127.0.0.1 activate-sea.adobe.com O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.7227.1100\swg64.dll (Google Inc.) O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Programme\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4:64bit: - HKLM..\Run: [Eraser] C:\Programme\Eraser\Eraser.exe (The Eraser Project) O4:64bit: - HKLM..\Run: [HSON] C:\Programme\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [SmartFaceVWatcher] C:\Programme\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [SmoothView] C:\Programme\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [Toshiba TEMPRO] C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe (Toshiba Europe GmbH) O4:64bit: - HKLM..\Run: [TosNC] C:\Programme\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Programme\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [TosSENotify] C:\Programme\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [TosWaitSrv] C:\Programme\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [TPwrMain] C:\Programme\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [avast] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe (TOSHIBA Electronics, Inc.) O4 - HKLM..\Run: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA CORPORATION) O4 - HKLM..\Run: [NokiaMServer] C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA) O4 - HKCU..\Run: [] File not found O4 - Startup: C:\Users\FLORIAN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\FLORIAN\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\FLORIAN\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Computer, Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32) O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{04099566-036B-4BB4-A3F9-4C7333218AD3}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F6556F80-DEDB-4C79-BEDB-9EB447F983CF}: DhcpNameServer = 192.168.1.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2011.05.10 10:16:02 | 000,000,084 | ---- | M] () - G:\Autorun.inf -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.07.25 19:58:23 | 000,000,000 | ---D | C] -- C:\Users\FLORIAN\AppData\Roaming\Malwarebytes [2012.07.25 19:58:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.07.25 19:58:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.07.25 19:58:08 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.07.25 19:58:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.07.18 16:00:58 | 000,000,000 | ---D | C] -- C:\Users\FLORIAN\AppData\Roaming\DVDVideoSoftIEHelpers [2012.07.18 16:00:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft [2012.07.18 16:00:53 | 000,405,144 | ---- | C] (Newtonsoft) -- C:\Windows\SysWow64\Newtonsoft.Json.Net20.dll [2012.07.18 16:00:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDVideoSoft [2012.07.18 16:00:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DVDVideoSoft [2012.07.18 15:59:49 | 000,000,000 | ---D | C] -- C:\Users\FLORIAN\AppData\Roaming\DVDVideoSoft [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.08.13 22:45:28 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.08.13 22:45:28 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.08.13 22:45:27 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.08.13 22:45:25 | 000,000,396 | ---- | M] () -- C:\Windows\tasks\FinalTorrent Update Checker.job [2012.08.13 22:45:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.08.13 16:35:23 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2012.08.13 16:35:23 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2012.08.13 15:42:38 | 000,016,080 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.08.13 15:42:38 | 000,016,080 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.08.13 15:31:42 | 000,000,502 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for FLORIAN.job [2012.07.29 14:10:18 | 3193,602,048 | -HS- | M] () -- C:\hiberfil.sys [2012.07.25 21:23:27 | 000,016,518 | ---- | M] () -- C:\Users\FLORIAN\Documents\trojboard.odt [2012.07.25 18:42:19 | 000,001,859 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk [2012.07.25 18:42:17 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt [2012.07.25 18:25:26 | 004,503,728 | ---- | M] () -- C:\ProgramData\z7_0ytr.pad [2012.07.18 16:00:54 | 000,001,369 | ---- | M] () -- C:\Users\FLORIAN\Desktop\Free YouTube to MP3 Converter.lnk [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.07.25 21:23:24 | 000,016,518 | ---- | C] () -- C:\Users\FLORIAN\Documents\trojboard.odt [2012.07.25 18:14:12 | 004,503,728 | ---- | C] () -- C:\ProgramData\z7_0ytr.pad [2012.07.18 16:00:54 | 000,001,369 | ---- | C] () -- C:\Users\FLORIAN\Desktop\Free YouTube to MP3 Converter.lnk < End of report > |
14.08.2012, 05:43 | #5 |
/// Helfer-Team | GVU-Trojaner, Win7, 64bit Fixen mit OTL Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).
Code:
ATTFilter :OTL IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\..\URLSearchHook: - No CLSID value found IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{462618EE-33E3-4F33-92C6-C186FC006A59}: "URL" = http://go.web.de/tb/ie_searchplugin/?su={searchTerms} IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = http://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7TSEH_de IE - HKCU\..\SearchScopes\{A351372F-61EC-467A-8833-4DFA176057EA}: "URL" = http://go.mail.com/tb/en-us/ie_searchplugin/?su={searchTerms} IE - HKCU\..\SearchScopes\{ABAC6BE8-11BE-442D-8613-BED1C9783B2B}: "URL" = http://go.web.de/tb/ie_lastminute_sp/?searchText={searchTerms} IE - HKCU\..\SearchScopes\{B0329659-CC2B-41FD-B974-47C17C62439F}: "URL" = http://go.gmx.net/tb/ie_searchplugin/?su={searchTerms} IE - HKCU\..\SearchScopes\{B351DFE8-E1CE-4A42-9BA5-78ADAFDC37EC}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=B8E98982-DE32-4655-AD67-F759C40C8EEF&apn_sauid=E24D1022-BA49-42C5-9B8D-9932CC2A9ADD IE - HKCU\..\SearchScopes\{CC80C4BC-85C6-4141-A1DF-194F887079D9}: "URL" = http://search.gmx.com/web?q={searchTerms}&origin=tb_splugin_ie IE - HKCU\..\SearchScopes\{CD0957BA-E502-425F-AD61-444C517378ED}: "URL" = http://go.web.de/tb/ie_ebay_sp/?su={searchTerms} IE - HKCU\..\SearchScopes\{F0681D39-C498-4B22-BC52-7A4A6B5AD28E}: "URL" = http://go.1und1.de/tb/ie_searchplugin/?su={searchTerms} IE - HKCU\..\SearchScopes\{F25BD3A5-DB5C-463F-B2F4-A8E86E4B0FD3}: "URL" = http://www.amazon.de/gp/search?ie=UTF8&keywords={searchTerms}&tag=tochibade-win7-ie-search-21&index=blended&linkCode=ur2 IE - HKCU\..\SearchScopes\{F4045A81-88BB-414B-B07D-C15BAF4041E8}: "URL" = http://go.web.de/tb/ie_amazon_sp/?field-keywords={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () O4 - HKCU..\Run: [] File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32) O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2011.05.10 10:16:02 | 000,000,084 | ---- | M] () - G:\Autorun.inf -- [ NTFS ] [2012.07.25 18:42:17 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt [2012.07.25 18:25:26 | 004,503,728 | ---- | M] () -- C:\ProgramData\z7_0ytr.pad [2012.08.13 22:45:28 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.08.13 22:45:28 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.08.13 22:45:27 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.08.13 22:45:25 | 000,000,396 | ---- | M] () -- C:\Windows\tasks\FinalTorrent Update Checker.job [2012.08.13 15:31:42 | 000,000,502 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for FLORIAN.job :Files ipconfig /flushdns /c :Commands [purity] [emptytemp] [emptyflash]
Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden. Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen! |
14.08.2012, 11:40 | #6 |
| GVU-Trojaner, Win7, 64bitCode:
ATTFilter All processes killed ========== OTL ========== HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found. Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{462618EE-33E3-4F33-92C6-C186FC006A59}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{462618EE-33E3-4F33-92C6-C186FC006A59}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A351372F-61EC-467A-8833-4DFA176057EA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A351372F-61EC-467A-8833-4DFA176057EA}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{ABAC6BE8-11BE-442D-8613-BED1C9783B2B}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ABAC6BE8-11BE-442D-8613-BED1C9783B2B}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B0329659-CC2B-41FD-B974-47C17C62439F}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B0329659-CC2B-41FD-B974-47C17C62439F}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B351DFE8-E1CE-4A42-9BA5-78ADAFDC37EC}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B351DFE8-E1CE-4A42-9BA5-78ADAFDC37EC}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CC80C4BC-85C6-4141-A1DF-194F887079D9}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CC80C4BC-85C6-4141-A1DF-194F887079D9}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CD0957BA-E502-425F-AD61-444C517378ED}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CD0957BA-E502-425F-AD61-444C517378ED}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{F0681D39-C498-4B22-BC52-7A4A6B5AD28E}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F0681D39-C498-4B22-BC52-7A4A6B5AD28E}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{F25BD3A5-DB5C-463F-B2F4-A8E86E4B0FD3}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F25BD3A5-DB5C-463F-B2F4-A8E86E4B0FD3}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{F4045A81-88BB-414B-B07D-C15BAF4041E8}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F4045A81-88BB-414B-B07D-C15BAF4041E8}\ not found. HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully! HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully! Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\DivXUpdate deleted successfully. C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe moved successfully. Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully. Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93} Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully. Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found. Starting removal of ActiveX control {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}\ not found. Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found. Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7} C:\Windows\Downloaded Program Files\gp.inf not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found. 64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully. 64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully! G:\Autorun.inf moved successfully. C:\Windows\SysWOW64\config.nt moved successfully. C:\ProgramData\z7_0ytr.pad moved successfully. C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job moved successfully. C:\Windows\Tasks\Adobe Flash Player Updater.job moved successfully. C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job moved successfully. C:\Windows\Tasks\FinalTorrent Update Checker.job moved successfully. C:\Windows\Tasks\Norton Security Scan for FLORIAN.job moved successfully. ========== FILES ========== < ipconfig /flushdns /c > Windows-IP-Konfiguration Der DNS-Aufl”sungscache wurde geleert. C:\Users\FLORIAN\Desktop\cmd.bat deleted successfully. C:\Users\FLORIAN\Desktop\cmd.txt deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 41044 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: FLORIAN ->Temp folder emptied: 44137068 bytes ->Temporary Internet Files folder emptied: 292717588 bytes ->Java cache emptied: 17435257 bytes ->Flash cache emptied: 88210 bytes User: Gast ->Temp folder emptied: 71282 bytes ->Temporary Internet Files folder emptied: 49403868 bytes ->Java cache emptied: 0 bytes ->Flash cache emptied: 41500 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 12063422 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 85163 bytes RecycleBin emptied: 537819100 bytes Total Files Cleaned = 910,00 mb [EMPTYFLASH] User: All Users User: Default ->Flash cache emptied: 0 bytes User: Default User ->Flash cache emptied: 0 bytes User: FLORIAN ->Flash cache emptied: 0 bytes User: Gast ->Flash cache emptied: 0 bytes User: Public Total Flash Files Cleaned = 0,00 mb OTL by OldTimer - Version 3.2.57.0 log created on 08142012_120839 Files\Folders moved on Reboot... C:\Users\FLORIAN\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. C:\Users\FLORIAN\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XXSN1YU3\tick-blue[1].png moved successfully. C:\Users\FLORIAN\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SG3F16GS\background-banner-middle-v9[1].jpg moved successfully. C:\Users\FLORIAN\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SG3F16GS\background-banner-right-v9[1].jpg moved successfully. C:\Users\FLORIAN\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C7M6CEMS\api[1].htm moved successfully. C:\Users\FLORIAN\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C7M6CEMS\background_banner_7_de[1].jpg moved successfully. C:\Users\FLORIAN\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BJESKWKN\api[1].htm moved successfully. C:\Users\FLORIAN\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BJESKWKN\button-flex-blue2[1].png moved successfully. File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot. PendingFileRenameOperations files... File C:\Users\FLORIAN\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found! File C:\Users\FLORIAN\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XXSN1YU3\tick-blue[1].png not found! File C:\Users\FLORIAN\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SG3F16GS\background-banner-middle-v9[1].jpg not found! File C:\Users\FLORIAN\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SG3F16GS\background-banner-right-v9[1].jpg not found! File C:\Users\FLORIAN\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C7M6CEMS\api[1].htm not found! File C:\Users\FLORIAN\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C7M6CEMS\background_banner_7_de[1].jpg not found! File C:\Users\FLORIAN\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BJESKWKN\api[1].htm not found! File C:\Users\FLORIAN\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BJESKWKN\button-flex-blue2[1].png not found! [2012.08.14 12:30:21 | 000,000,000 | ---- | M] () C:\Windows\temp\_avast_\Webshlock.txt : Unable to obtain MD5 Registry entries deleted on Reboot... Ceremony |
14.08.2012, 11:56 | #7 |
/// Helfer-Team | GVU-Trojaner, Win7, 64bit Sehr gut! Wie laeuft der Rechner? 1. Schritt Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.danach: 2. Schritt Downloade Dir bitte AdwCleaner auf deinen Desktop.
|
14.08.2012, 21:24 | #8 |
| GVU-Trojaner, Win7, 64bitCode:
ATTFilter Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.08.14.03 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 FLORIAN :: FLORIAN-TOSH [Administrator] 14.08.2012 16:00:25 mbam-log-2012-08-14 (16-00-25).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|G:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 411536 Laufzeit: 1 Stunde(n), 13 Minute(n), 22 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\Program Files (x86)\Adobe\Adobe Photoshop CS3\Adobe PhotoShop CS3 EXTENDED.ExE (PUP.Hacktool.Patcher) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Code:
ATTFilter # AdwCleaner v1.801 - Logfile created 08/14/2012 at 22:04:03 # Updated 14/08/2012 by Xplode # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits) # User : FLORIAN - FLORIAN-TOSH # Boot Mode : Normal # Running from : C:\Users\FLORIAN\Desktop\adwcleaner.exe # Option [Search] ***** [Services] ***** ***** [Files / Folders] ***** Folder Found : C:\ProgramData\Ask Folder Found : C:\ProgramData\Partner ***** [Registry] ***** Key Found : HKCU\Software\Surf Canyon Key Found : HKLM\SOFTWARE\Freeze.com Key Found : HKLM\SOFTWARE\Software [x64] Key Found : HKCU\Software\Surf Canyon [x64] Key Found : HKLM\SOFTWARE\Software ***** [Registre - GUID] ***** Key Found : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D} Key Found : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93} Key Found : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48} Key Found : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE} Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}] [x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48} [x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5} [x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE} [x64] Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}] ***** [Internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16421 [OK] Registry is clean. ************************* AdwCleaner[R1].txt - [1931 octets] - [14/08/2012 22:04:03] ########## EOF - C:\AdwCleaner[R1].txt - [2059 octets] ########## |
15.08.2012, 08:49 | #9 |
/// Helfer-Team | GVU-Trojaner, Win7, 64bit Sehr gut!
danach: Malware-Scan mit Emsisoft Anti-Malware Lade die Gratisversion von => Emsisoft Anti-Malware herunter und installiere das Programm. Lade über Jetzt Updaten die aktuellen Signaturen herunter. Wähle den Freeware-Modus aus. Wähle Detail Scan und starte über den Button Scan die Überprüfung des Computers. Am Ende des Scans nichts loeschen lassen!. Mit Klick auf Bericht speichern das Logfile auf dem Desktop speichern und hier in den Thread posten. Anleitung: http://www.trojaner-board.de/103809-...i-malware.html |
15.08.2012, 15:24 | #10 |
| GVU-Trojaner, Win7, 64bitCode:
ATTFilter # AdwCleaner v1.801 - Logfile created 08/15/2012 at 14:25:43 # Updated 14/08/2012 by Xplode # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits) # User : FLORIAN - FLORIAN-TOSH # Boot Mode : Normal # Running from : C:\Users\FLORIAN\Desktop\adwcleaner.exe # Option [Delete] ***** [Services] ***** ***** [Files / Folders] ***** Folder Deleted : C:\ProgramData\Ask Folder Deleted : C:\ProgramData\Partner ***** [Registry] ***** Key Deleted : HKCU\Software\Surf Canyon Key Deleted : HKLM\SOFTWARE\Freeze.com Key Deleted : HKLM\SOFTWARE\Software [x64] Key Deleted : HKLM\SOFTWARE\Software ***** [Registre - GUID] ***** Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE} Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}] [x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48} [x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5} ***** [Internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16421 [OK] Registry is clean. ************************* AdwCleaner[R1].txt - [2048 octets] - [14/08/2012 22:04:03] AdwCleaner[S1].txt - [1732 octets] - [15/08/2012 14:25:43] ########## EOF - C:\AdwCleaner[S1].txt - [1860 octets] ########## Code:
ATTFilter Emsisoft Anti-Malware - Version 6.6 Letztes Update: 15.08.2012 14:45:54 Scan Einstellungen: Scan Methode: Detail Scan Objekte: Rootkits, Speicher, Traces, C:\, D:\, G:\ Archiv Scan: An ADS Scan: An Scan Beginn: 15.08.2012 14:46:13 c:\program files (x86)\ace zip gefunden: Trace.File.ace zip 3.2!E1 c:\program files (x86)\ace zip\icons gefunden: Trace.File.ace zip 3.2!E1 c:\program files (x86)\ace zip\aceziprun.exe gefunden: Trace.File.ace zip 3.2!E1 c:\program files (x86)\ace zip\aceziphelp.chm gefunden: Trace.File.ace zip 3.2!E1 c:\program files (x86)\ace zip\aceziprun.exe.manifest gefunden: Trace.File.ace zip 3.2!E1 c:\program files (x86)\ace zip\icons\azicon.ico gefunden: Trace.File.ace zip 3.2!E1 Value: hkey_local_machine\software\acezipsoft\manifestmaker\manifests\aceziprun.exe --> filename gefunden: Trace.Registry.ace zip 3.2!E1 Value: hkey_local_machine\software\microsoft\windows\currentversion\uninstall\ace zip v 3.2_is1 --> helplink gefunden: Trace.Registry.ace zip 3.2!E1 Value: hkey_local_machine\software\microsoft\windows\currentversion\uninstall\ace zip v 3.2_is1 --> inno setup: app path gefunden: Trace.Registry.ace zip 3.2!E1 Value: hkey_local_machine\software\microsoft\windows\currentversion\uninstall\ace zip v 3.2_is1 --> inno setup: deselected tasks gefunden: Trace.Registry.ace zip 3.2!E1 Value: hkey_local_machine\software\microsoft\windows\currentversion\uninstall\ace zip v 3.2_is1 --> inno setup: icon group gefunden: Trace.Registry.ace zip 3.2!E1 Value: hkey_local_machine\software\microsoft\windows\currentversion\uninstall\ace zip v 3.2_is1 --> inno setup: selected tasks gefunden: Trace.Registry.ace zip 3.2!E1 Value: hkey_local_machine\software\microsoft\windows\currentversion\uninstall\ace zip v 3.2_is1 --> inno setup: setup version gefunden: Trace.Registry.ace zip 3.2!E1 Value: hkey_local_machine\software\microsoft\windows\currentversion\uninstall\ace zip v 3.2_is1 --> inno setup: user gefunden: Trace.Registry.ace zip 3.2!E1 Value: hkey_local_machine\software\microsoft\windows\currentversion\uninstall\ace zip v 3.2_is1 --> installdate gefunden: Trace.Registry.ace zip 3.2!E1 Value: hkey_local_machine\software\microsoft\windows\currentversion\uninstall\ace zip v 3.2_is1 --> nomodify gefunden: Trace.Registry.ace zip 3.2!E1 Value: hkey_local_machine\software\microsoft\windows\currentversion\uninstall\ace zip v 3.2_is1 --> norepair gefunden: Trace.Registry.ace zip 3.2!E1 Value: hkey_local_machine\software\microsoft\windows\currentversion\uninstall\ace zip v 3.2_is1 --> publisher gefunden: Trace.Registry.ace zip 3.2!E1 Value: hkey_local_machine\software\microsoft\windows\currentversion\uninstall\ace zip v 3.2_is1 --> quietuninstallstring gefunden: Trace.Registry.ace zip 3.2!E1 Value: hkey_local_machine\software\microsoft\windows\currentversion\uninstall\ace zip v 3.2_is1 --> uninstallstring gefunden: Trace.Registry.ace zip 3.2!E1 Value: hkey_local_machine\software\microsoft\windows\currentversion\uninstall\ace zip v 3.2_is1 --> urlinfoabout gefunden: Trace.Registry.ace zip 3.2!E1 Value: hkey_local_machine\software\microsoft\windows\currentversion\uninstall\ace zip v 3.2_is1 --> urlupdateinfo gefunden: Trace.Registry.ace zip 3.2!E1 Value: hkey_local_machine\software\acezipsoft\manifestmaker\manifests\aceziprun.exe --> filepath gefunden: Trace.Registry.ace zip 3.2!E1 Value: hkey_local_machine\software\acezipsoft\manifestmaker --> contxmenu gefunden: Trace.Registry.ace zip 3.2!E1 Value: hkey_local_machine\software\microsoft\windows\currentversion\uninstall\ace zip v 3.2_is1 --> displayname gefunden: Trace.Registry.ace zip 3.2!E1 Gescannt 646698 Gefunden 25 Scan Ende: 15.08.2012 16:18:55 Scan Zeit: 1:32:42 |
15.08.2012, 15:33 | #11 |
/// Helfer-Team | GVU-Trojaner, Win7, 64bit Sehr gut! Deinstalliere: Emsisoft Anti-Malware ESET Online Scanner Vorbereitung
|
16.08.2012, 02:43 | #12 |
| GVU-Trojaner, Win7, 64bit Ich habe den Scan mit ESET durchgeführt und mir wurde angezeigt, dass keine Bedrohung gefunden wurde. Den Logfile konnte ich auf keinem der angegebenen Wege aufrufen. MfG, ceremony |
16.08.2012, 12:32 | #13 |
/// Helfer-Team | GVU-Trojaner, Win7, 64bit Malware mit Combofix beseitigen Lade Combofix von einem der folgenden Download-Spiegel herunter: BleepingComputer.com - ForoSpyware.com und speichere das Programm auf den Desktop, nicht woanders hin, das ist wichtig! Beachte die ausführliche Original-Anleitung. Zurzeit ist Combofix auf folgenden Windows-Versionen lauffähig:
Vorbereitung und wichtige Hinweise
Combofix nicht auf eigene Faust einsetzen. Wenn keine entsprechende Infektion vorliegt, kann das den Rechner lahmlegen und/oder nachhaltig schädigen! |
28.09.2012, 14:46 | #14 |
/// Helfer-Team | GVU-Trojaner, Win7, 64bit Fehlende Rückmeldung Gibt es Probleme beim Abarbeiten obiger Anleitung? Um Kapazitäten für andere Hilfesuchende freizumachen, lösche ich dieses Thema aus meinen Benachrichtigungen. Solltest Du weitermachen wollen, schreibe mir eine PN oder eröffne ein neues Thema. http://www.trojaner-board.de/69886-a...-beachten.html Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner sauber ist. |
Themen zu GVU-Trojaner, Win7, 64bit |
abgesicherten, administrator, adobe, aktion, anleitung, anti-malware, autostart, chip.de, cs3, dateien, ergebnis, explorer, files, gelöscht, gvu entfernen, gvu trojaner, gvu ukash, heute, malwarebytes, modus, neustart, photoshop, quarantäne, scan, service, speicher, version, win, win7 |