| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: GVU Trojaner auf Win7 Pro x64Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
04.08.2012, 15:28
| #1 |
| |  GVU Trojaner auf Win7 Pro x64 Hallo, der GVU-Trojaner hat es heute auf meinen Rechner geschafft... und evtl. auch schon wieder runter, aber ich weiß es nicht wirklich: Beim Rechnerstart (vor dem Auftreten) hat Comodo Internet Security die datei "srocsc.dll" für Verdächtig befunden und dann in der Sandbox laufen lassen. Dann beim Arbeiten hat der GVU Trojaner meinen Rechner gesperrt. Um den Rechner automatisch runterfahren zu lassen hab ich auf den Powerknopf gedrückt und siehe da: Dank "nicht reagierender Programme" wurde der Rechner entsperrt und das Herunterfahren konnte ich abbrechen und noch meine Arbeit speichern  .Nach dem MBAM-Scan und darauf folgendem Neustart war "srocsc.dll" wohl die oder eine der ausschlaggebenden Dateien (Rundll-Fehler: srocsc.dll wurde nicht gefunden -weil durch MBAM gelöscht- und keine Symptome mehr). Jetzt glaube ich aber nicht wirklich, dass der Rechner wieder Sauber ist, da immerhin noch danach gefragt wurde... Also die eigentlichen Fragen: 1. Ist mein Rechner wieder gesund, oder ist noch etwas zu tun? 2. Wie soll ich mit den Rechnern im Netzwerk verfahren? Bis jetzt ist noch keiner betroffen, alle laufen mit Comodo Internet Security. Hier die Logs von MBAM und OTL: MBAM beim Fund: Code:
ATTFilter Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.08.04.04 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 8.0.7601.17514 Suri :: SURIDT [Administrator] 04.08.2012 15:43:01 mbam-log-2012-08-04 (15-43-01).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 213107 Laufzeit: 1 Minute(n), 47 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 1 C:\Users\Suri\AppData\Roaming\srocsc.dll (Trojan.Midhos) -> Löschen bei Neustart. Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 3 C:\Users\Suri\AppData\Roaming\srocsc.dll (Trojan.Midhos) -> Löschen bei Neustart. C:\Users\Suri\AppData\Local\Temp\deo0_sar.exe (Spyware.Zeus) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Suri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk (Trojan.Ransom.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Code:
ATTFilter Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.08.04.04 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 8.0.7601.17514 Suri :: SURIDT [Administrator] 04.08.2012 15:50:09 mbam-log-2012-08-04 (15-50-09).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 212094 Laufzeit: 2 Minute(n), 13 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter OTL logfile created on: 04.08.2012 15:53:16 - Run 3 OTL by OldTimer - Version 3.2.43.0 Folder = C:\Users\Suri\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 8,00 Gb Total Physical Memory | 6,22 Gb Available Physical Memory | 77,73% Memory free 15,99 Gb Paging File | 14,18 Gb Available in Paging File | 88,65% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 68,26 Gb Total Space | 15,75 Gb Free Space | 23,08% Space Free | Partition Type: NTFS Drive D: | 116,34 Gb Total Space | 63,61 Gb Free Space | 54,67% Space Free | Partition Type: NTFS Drive E: | 150,00 Gb Total Space | 12,24 Gb Free Space | 8,16% Space Free | Partition Type: NTFS Drive F: | 150,00 Gb Total Space | 36,16 Gb Free Space | 24,10% Space Free | Partition Type: NTFS Drive G: | 397,40 Gb Total Space | 29,38 Gb Free Space | 7,39% Space Free | Partition Type: NTFS Drive H: | 25,00 Gb Total Space | 24,91 Gb Free Space | 99,64% Space Free | Partition Type: NTFS Drive I: | 24,41 Gb Total Space | 8,29 Gb Free Space | 33,95% Space Free | Partition Type: NTFS Drive S: | 146,48 Gb Total Space | 43,55 Gb Free Space | 29,73% Space Free | Partition Type: NTFS Drive T: | 785,03 Gb Total Space | 19,54 Gb Free Space | 2,49% Space Free | Partition Type: NTFS Computer Name: SURIDT | User Name: Suri | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Suri\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) PRC - C:\Tools\Kies\External\FirmwareUpdate\KiesPDLR.exe () PRC - C:\Tools\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) PRC - C:\Arbeit\Adobe\Acrobat 10.0\Acrobat\acrotray.exe (Adobe Systems Inc.) PRC - C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) PRC - C:\Programme\Logitech\GamePanel Software\Applets\LCDMedia.exe (Logitech Inc.) ========== Modules (No Company Name) ========== MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e717a230496832656b05b515eb9f3bc5\PresentationFramework.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\14a87218ea49639f38097e278b98a3da\PresentationCore.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\dfd33f59a5803a3c73cf408362e6e0b7\System.Core.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\9b2f17fb61b7197f2a04108f5d1a1cc6\System.Management.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8e56489276063ededde74e597a121df3\PresentationFramework.Aero.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll () MOD - C:\Users\Suri\AppData\Local\Temp\ae201572-4813-4010-9ed2-ee29ddec066a\CliSecureRT.dll () MOD - C:\Tools\Kies\External\FirmwareUpdate\KiesPDLR.exe () MOD - C:\Tools\Kies\External\FirmwareUpdate\CommonModule.dll () MOD - C:\Tools\Kies\External\FirmwareUpdate\FirmwareUpdateAgent.Common.dll () MOD - C:\Tools\Kies\External\FirmwareUpdate\IPCServer.dll () MOD - C:\Tools\Kies\External\FirmwareUpdate\ISharedIPCInterface.dll () MOD - C:\Arbeit\Adobe\Acrobat 10.0\Acrobat\Locale\de_DE\AcroTray.DEU () ========== Win32 Services (SafeList) ========== SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (cmdAgent) -- C:\Tools\COMODO\COMODO Internet Security\cmdagent.exe (COMODO) SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) SRV - (HPSLPSVC) -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL (Hewlett-Packard Co.) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (cmderd) -- C:\Windows\SysNative\drivers\cmderd.sys (COMODO) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (ssadmdm) -- C:\Windows\SysNative\drivers\ssadmdm.sys (MCCI Corporation) DRV:64bit: - (ssadbus) SAMSUNG Android USB Composite Device driver (WDM) -- C:\Windows\SysNative\drivers\ssadbus.sys (MCCI Corporation) DRV:64bit: - (ssadmdfl) SAMSUNG Android USB Modem (Filter) -- C:\Windows\SysNative\drivers\ssadmdfl.sys (MCCI Corporation) DRV:64bit: - (androidusb) -- C:\Windows\SysNative\drivers\ssadadb.sys (Google Inc) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation) DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\drivers\usbfilter.sys (Advanced Micro Devices) DRV:64bit: - (LGVirHid) -- C:\Windows\SysNative\drivers\LGVirHid.sys (Logitech Inc.) DRV:64bit: - (LGBusEnum) -- C:\Windows\SysNative\drivers\LGBusEnum.sys (Logitech Inc.) DRV:64bit: - (WmXlCore) -- C:\Windows\SysNative\drivers\WmXlCore.sys (Logitech Inc.) DRV:64bit: - (WmVirHid) -- C:\Windows\SysNative\drivers\WmVirHid.sys (Logitech Inc.) DRV:64bit: - (WmFilter) -- C:\Windows\SysNative\drivers\WmFilter.sys (Logitech Inc.) DRV:64bit: - (WmBEnum) -- C:\Windows\SysNative\drivers\WmBEnum.sys (Logitech Inc.) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\drivers\WSDPrint.sys (Microsoft Corporation) DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation) DRV:64bit: - (usb_rndisx) -- C:\Windows\SysNative\drivers\usb8023x.sys (Microsoft Corporation) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek Corporation ) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (AtiPcie) AMD PCI Express (3GIO) -- C:\Windows\SysNative\drivers\AtiPcie.sys (Advanced Micro Devices Inc.) DRV - (etdrv) -- C:\Windows\etdrv.sys (Windows (R) Server 2003 DDK provider) DRV - (GVTDrv64) -- C:\Windows\GVTDrv64.sys () DRV - (gdrv) -- C:\Windows\gdrv.sys (Windows (R) Server 2003 DDK provider) DRV - (UnlockerDriver5) -- C:\Tools\Unlocker\UnlockerDriver5.sys () DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) DRV - (ISODrive) -- C:\Tools\UltraISO\drivers\ISODrv64.sys (EZB Systems, Inc.) DRV - (zlportio) -- G:\Spiele\UltraStar\zlportio.sys (SpecoSoft) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2319825 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-4155572933-657980158-4089475342-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2319825 IE - HKU\S-1-5-21-4155572933-657980158-4089475342-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-4155572933-657980158-4089475342-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKU\S-1-5-21-4155572933-657980158-4089475342-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 05 6C 99 08 54 EF CC 01 [binary data] IE - HKU\S-1-5-21-4155572933-657980158-4089475342-1000\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - No CLSID value found IE - HKU\S-1-5-21-4155572933-657980158-4089475342-1000\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b} IE - HKU\S-1-5-21-4155572933-657980158-4089475342-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-4155572933-657980158-4089475342-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2319825 IE - HKU\S-1-5-21-4155572933-657980158-4089475342-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Tools\Java\bin\new_plugin\npjp2.dll File not found FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\Users\Suri\AppData\LocalLow\Sony Online Entertainment\npsoe.dll () FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.0: C:\Tools\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Arbeit\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Suri\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Suri\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Arbeit\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012.02.26 17:15:58 | 000,000,000 | ---D | M] ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}, CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Suri\AppData\Local\Google\Chrome\Application\21.0.1180.60\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Suri\AppData\Local\Google\Chrome\Application\21.0.1180.60\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Suri\AppData\Local\Google\Chrome\Application\21.0.1180.60\gcswf32.dll CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Suri\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Arbeit\Adobe\Acrobat 10.0\Acrobat\Browser\nppdf32.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Tools\QuickTime\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Tools\QuickTime\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Tools\QuickTime\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Tools\QuickTime\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Tools\QuickTime\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Tools\QuickTime\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Tools\QuickTime\plugins\npqtplugin7.dll CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll CHR - plugin: VLC Web Plugin (Enabled) = C:\Tools\VideoLAN\VLC\npvlc.dll CHR - plugin: Google Update (Enabled) = C:\Users\Suri\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - Extension: Click to activate/deactivate ProxTube = C:\Users\Suri\AppData\Local\Google\Chrome\User Data\Default\Extensions\aakchaleigkohafkfjfjbblobjifikek\1.1.2_0\ CHR - Extension: Angry Birds = C:\Users\Suri\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_0\ CHR - Extension: Session Manager = C:\Users\Suri\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbcnbpafconjjigibnhbfmmgdbbkcjfi\0.4_0\ CHR - Extension: Chrome Tips Beta (by Google) = C:\Users\Suri\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdmbgfhokojnnaliemjgbahnfeggocpe\1.0.6_0\ CHR - Extension: Adblock Plus (Beta) = C:\Users\Suri\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.2_0\ CHR - Extension: AdBlock+ = C:\Users\Suri\AppData\Local\Google\Chrome\User Data\Default\Extensions\chmimgmjdabgiilljdjfbonifbhiglao\1.1.9.18_0\ CHR - Extension: Search by Image (by Google) = C:\Users\Suri\AppData\Local\Google\Chrome\User Data\Default\Extensions\dajedkncpodkggklbegccjpmnglmnflm\1.1.1_0\ CHR - Extension: AdBlock = C:\Users\Suri\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.38_0\ CHR - Extension: JDownloader Integration = C:\Users\Suri\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmochcijbhgjfdmojjenfabpafelhgdc\1.0_0\ CHR - Extension: Chrome to Mobile = C:\Users\Suri\AppData\Local\Google\Chrome\User Data\Default\Extensions\idknbmbdnapjicclomlijcgfpikmndhd\1.0.0_0\ CHR - Extension: JDownloader Integration for Google Chrome\u2122 = C:\Users\Suri\AppData\Local\Google\Chrome\User Data\Default\Extensions\laeghehalempfenbefbjbhccjcoakpmm\1.2.3_0\ CHR - Extension: Google Dictionary (by Google) = C:\Users\Suri\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgijmajocgfcbeboacabfgobmjgjcoja\3.0.15_0\ CHR - Extension: Bookmark = C:\Users\Suri\AppData\Local\Google\Chrome\User Data\Default\Extensions\naghkjogakhpimmejjmakpmnbdeccinm\0.9.0_0\ CHR - Extension: ScriptNo = C:\Users\Suri\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiigbmnaadbkfbmpbfijlflahbdbdgdf\1.0.6.2_0\ CHR - Extension: LEO W\u00F6rterbuchsuche = C:\Users\Suri\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojniiiidjmoaiehegaedmfdclmgmmpdp\1.2_0\ O1 HOSTS File: ([2012.02.26 15:41:48 | 000,007,388 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 activate.adobe.com O1 - Hosts: 127.0.0.1 ereg.adobe.com O1 - Hosts: 127.0.0.1 3dns-2.adobe.com O1 - Hosts: 127.0.0.1 3dns-3.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com O1 - Hosts: 127.0.0.1 activate-sea.adobe.com O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com O1 - Hosts: 127.0.0.1 wip3.adobe.com O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com O1 - Hosts: 127.0.0.1 wip4.adobe.com O1 - Hosts: 127.0.0.1 activate.wip4.adobe.com O1 - Hosts: 127.0.0.1 3dns-2.adobe.com #192.150.22.22 O1 - Hosts: 127.0.0.1 3dns-3.adobe.com #192.150.14.21 O1 - Hosts: 127.0.0.1 3dns-4.adobe.com #192.150.18.247 O1 - Hosts: 127.0.0.1 3dns-5.adobe.com #192.150.22.46 O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com #192.150.11.30 O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com #192.150.11.247 O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com #192.150.22.30 O1 - Hosts: 127.0.0.1 adobe.activate.com #69.175.22.26 O1 - Hosts: 127.0.0.1 activate.adobe.com #192.150.22.40 O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com #192.150.22.40 O1 - Hosts: 110 more lines... O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Tools\Java\bin\jp2ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (loadtbs) - {DFEFCDEE-CF1A-4FC8-88AD-129872198372} - C:\Users\Suri\AppData\Roaming\loadtbs\toolbar.dll (InfiniAd GmbH) O3 - HKU\S-1-5-21-4155572933-657980158-4089475342-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [COMODO Internet Security] C:\Tools\COMODO\COMODO Internet Security\cfp.exe (COMODO) O4:64bit: - HKLM..\Run: [Launch LCDMon] C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.) O4:64bit: - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.) O4:64bit: - HKLM..\Run: [Launch LgDeviceAgent] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.) O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [srocsc] rundll32.exe "C:\Users\Suri\AppData\Roaming\srocsc.dll",CchFileTimeToDateTimeW File not found O4:64bit: - HKLM..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Arbeit\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.) O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Arbeit\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [KiesHelper] C:\Tools\Kies\KiesHelper.exe (Samsung) O4 - HKLM..\Run: [KiesTrayAgent] C:\Tools\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [UnlockerAssistant] "C:\Tools\Unlocker\UnlockerAssistant.exe" File not found O4 - HKLM..\Run: [XSECVA] "C:\Users\Suri\AppData\Roaming\xsecva\xsecva.exe" -s File not found O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-4155572933-657980158-4089475342-1000..\Run: [EVEREST AutoStart] C:\Tools\EVEREST Ultimate Edition\everest_start.exe () O4 - HKU\S-1-5-21-4155572933-657980158-4089475342-1000..\Run: [KiesPDLR] C:\Tools\Kies\External\FirmwareUpdate\KiesPDLR.exe () O4 - HKU\S-1-5-21-4155572933-657980158-4089475342-1000..\Run: [XSECVA] "C:\Users\Suri\AppData\Roaming\xsecva\xsecva.exe" -s File not found O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKU\S-1-5-21-4155572933-657980158-4089475342-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8:64bit: - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKU\.DEFAULT\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites) O15 - HKU\.DEFAULT\..Trusted Domains: freerealms.com ([]* in Trusted sites) O15 - HKU\.DEFAULT\..Trusted Domains: soe.com ([]* in Trusted sites) O15 - HKU\.DEFAULT\..Trusted Domains: sony.com ([]* in Trusted sites) O15 - HKU\S-1-5-18\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites) O15 - HKU\S-1-5-18\..Trusted Domains: freerealms.com ([]* in Trusted sites) O15 - HKU\S-1-5-18\..Trusted Domains: soe.com ([]* in Trusted sites) O15 - HKU\S-1-5-18\..Trusted Domains: sony.com ([]* in Trusted sites) O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in ) O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in ) O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in ) O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in ) O15 - HKU\S-1-5-20\..Trusted Domains: clonewarsadventures.com ([]* in ) O15 - HKU\S-1-5-20\..Trusted Domains: freerealms.com ([]* in ) O15 - HKU\S-1-5-20\..Trusted Domains: soe.com ([]* in ) O15 - HKU\S-1-5-20\..Trusted Domains: sony.com ([]* in ) O15 - HKU\S-1-5-21-4155572933-657980158-4089475342-1000\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites) O15 - HKU\S-1-5-21-4155572933-657980158-4089475342-1000\..Trusted Domains: freerealms.com ([]* in Trusted sites) O15 - HKU\S-1-5-21-4155572933-657980158-4089475342-1000\..Trusted Domains: soe.com ([]* in Trusted sites) O15 - HKU\S-1-5-21-4155572933-657980158-4089475342-1000\..Trusted Domains: sony.com ([]* in Trusted sites) O16 - DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} hxxp://download.gigabyte.com.tw/object/Dldrv.ocx (Dldrv2 Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1DCCC1DE-DC72-47D7-BDC0-EDD5A35FD3F3}: DhcpNameServer = 192.168.42.129 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{236213FA-A66B-470F-8B65-E050994C8013}: DhcpNameServer = 192.168.178.1 O20:64bit: - AppInit_DLLs: (C:\Windows\system32\guard64.dll) - C:\Windows\SysNative\guard64.dll (COMODO) O20 - AppInit_DLLs: (C:\Windows\SysWOW64\guard32.dll) - C:\Windows\SysWOW64\guard32.dll (COMODO) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe"C:\Users\Suri\AppData\Roaming\xsecva\xsecva.exe" -s) - File not found O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.08.04 15:37:25 | 000,000,000 | ---D | C] -- C:\Users\Suri\AppData\Roaming\Malwarebytes [2012.08.04 15:37:13 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.08.04 15:37:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.08.04 15:05:35 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Users\Suri\Desktop\OTL.exe [2012.08.03 21:22:39 | 000,000,000 | ---D | C] -- C:\Users\Suri\AppData\Roaming\xsecva [2012.08.03 21:06:10 | 000,000,000 | ---D | C] -- C:\Windows\Sun [2012.08.03 21:00:15 | 000,719,872 | ---- | C] (Abysmal Software) -- C:\Windows\SysWow64\devil.dll [2012.08.03 21:00:15 | 000,369,152 | ---- | C] (The Public) -- C:\Windows\SysWow64\avisynth.dll [2012.08.03 21:00:15 | 000,070,656 | ---- | C] (www.helixcommunity.org) -- C:\Windows\SysWow64\yv12vfw.dll [2012.08.03 21:00:15 | 000,070,656 | ---- | C] (www.helixcommunity.org) -- C:\Windows\SysWow64\i420vfw.dll [2012.08.03 21:00:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AviSynth 2.5 [2012.08.03 20:59:18 | 000,327,749 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\SysWow64\drvc.dll [2012.08.03 20:59:18 | 000,278,528 | ---- | C] (Real Networks, Inc) -- C:\Windows\SysWow64\pncrt.dll [2012.08.03 20:59:18 | 000,216,064 | RHS- | C] (MONOGRAM Multimedia, s.r.o.) -- C:\Windows\SysWow64\nbDX.dll [2012.08.03 20:59:18 | 000,186,880 | RHS- | C] (RadLight) -- C:\Windows\SysWow64\RLOgg.ax [2012.08.03 20:59:18 | 000,179,200 | RHS- | C] (Gabest) -- C:\Windows\SysWow64\DiracSplitter.ax [2012.08.03 20:59:18 | 000,163,328 | RHS- | C] (Gabest) -- C:\Windows\SysWow64\flvDX.dll [2012.08.03 20:59:18 | 000,161,792 | RHS- | C] (Gabest) -- C:\Windows\SysWow64\RealMediaDX.ax [2012.08.03 20:59:18 | 000,123,904 | RHS- | C] (CoreCodec) -- C:\Windows\SysWow64\AVCDX.ax [2012.08.03 20:59:18 | 000,092,672 | RHS- | C] (RadLight) -- C:\Windows\SysWow64\RLVorbisDec.ax [2012.08.03 20:59:18 | 000,090,112 | RHS- | C] (-) -- C:\Windows\SysWow64\TTADSSplitter.ax [2012.08.03 20:59:18 | 000,090,112 | RHS- | C] (-) -- C:\Windows\SysWow64\TTADSDecoder.ax [2012.08.03 20:59:18 | 000,067,584 | RHS- | C] (RadLight, LLC) -- C:\Windows\SysWow64\RLTheoraDec.ax [2012.08.03 20:59:18 | 000,031,232 | RHS- | C] (Hans Mayerl) -- C:\Windows\SysWow64\msfDX.dll [2012.08.03 20:58:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\eRightSoft [2012.07.28 22:02:01 | 000,527,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_7.dll [2012.07.28 22:02:01 | 000,518,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_7.dll [2012.07.28 22:02:01 | 000,077,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_5.dll [2012.07.28 22:02:01 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_5.dll [2012.07.28 22:02:00 | 002,526,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_43.dll [2012.07.28 22:02:00 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_43.dll [2012.07.28 22:02:00 | 001,907,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dcsx_43.dll [2012.07.28 22:02:00 | 001,868,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dcsx_43.dll [2012.07.28 22:02:00 | 000,276,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx11_43.dll [2012.07.28 22:02:00 | 000,248,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx11_43.dll [2012.07.28 22:02:00 | 000,239,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_7.dll [2012.07.28 22:02:00 | 000,176,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_7.dll [2012.07.28 22:01:59 | 002,401,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_43.dll [2012.07.28 22:01:59 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_43.dll [2012.07.28 22:01:59 | 000,511,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_43.dll [2012.07.28 22:01:59 | 000,470,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_43.dll [2012.07.28 22:00:40 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\directx [2012.07.27 01:09:39 | 000,000,000 | ---D | C] -- C:\Users\Suri\Documents\Prototype [2012.07.19 13:52:15 | 000,000,000 | ---D | C] -- C:\Users\Suri\AppData\Roaming\dvdcss [2012.07.14 20:29:12 | 000,000,000 | ---D | C] -- C:\Users\Suri\Documents\The Lord of the Rings - Conquest [2012.07.10 23:44:27 | 001,133,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdosys.dll [2012.07.10 23:44:27 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cdosys.dll [2012.07.10 23:44:23 | 001,462,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll [2012.07.10 23:44:23 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll [2012.07.10 23:44:04 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll [2012.07.10 23:44:02 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll [2012.07.10 23:44:02 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll [2012.07.10 22:30:13 | 000,000,000 | ---D | C] -- C:\Users\Suri\Desktop\Baurecht ========== Files - Modified Within 30 Days ========== [2012.08.04 15:48:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.08.04 15:48:41 | 2145,558,527 | -HS- | M] () -- C:\hiberfil.sys [2012.08.04 15:48:37 | 001,474,832 | ---- | M] () -- C:\Windows\SysNative\drivers\sfi.dat [2012.08.04 15:42:00 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4155572933-657980158-4089475342-1000UA.job [2012.08.04 15:37:14 | 000,000,814 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.08.04 15:26:14 | 000,000,000 | ---- | M] () -- C:\Users\Suri\defogger_reenable [2012.08.04 15:09:33 | 000,015,088 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.08.04 15:09:33 | 000,015,088 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.08.04 15:05:37 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Suri\Desktop\OTL.exe [2012.08.04 14:54:42 | 004,503,728 | ---- | M] () -- C:\ProgramData\ras_0oed.pad [2012.08.03 21:42:00 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4155572933-657980158-4089475342-1000Core.job [2012.07.31 22:31:55 | 001,472,002 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.07.31 22:31:55 | 000,643,628 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.07.31 22:31:55 | 000,606,992 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.07.31 22:31:55 | 000,126,188 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.07.31 22:31:55 | 000,103,370 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.07.15 15:17:22 | 000,011,554 | ---- | M] () -- C:\Windows\vpd.properties [2012.07.11 16:52:56 | 004,866,336 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT ========== Files Created - No Company Name ========== [2012.08.04 15:37:14 | 000,000,814 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.08.04 15:26:14 | 000,000,000 | ---- | C] () -- C:\Users\Suri\defogger_reenable [2012.08.04 14:49:28 | 004,503,728 | ---- | C] () -- C:\ProgramData\ras_0oed.pad [2012.08.03 21:00:15 | 000,032,256 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll [2012.08.03 20:59:18 | 000,227,328 | RHS- | C] () -- C:\Windows\SysWow64\ac3DX.ax [2012.08.03 20:59:18 | 000,195,584 | RHS- | C] () -- C:\Windows\SysWow64\MatroskaDX.ax [2012.08.03 20:59:18 | 000,175,104 | RHS- | C] () -- C:\Windows\SysWow64\CoreAAC.ax [2012.08.03 20:59:18 | 000,121,344 | RHS- | C] () -- C:\Windows\SysWow64\TAKDSDecoder.ax [2012.08.03 20:59:18 | 000,120,832 | RHS- | C] () -- C:\Windows\SysWow64\MPCDx.ax [2012.08.03 20:59:18 | 000,107,520 | RHS- | C] () -- C:\Windows\SysWow64\TAKDSDecoder.dll [2012.08.03 20:59:18 | 000,107,520 | RHS- | C] () -- C:\Windows\SysWow64\RLMPCDec.ax [2012.08.03 20:59:18 | 000,097,280 | RHS- | C] () -- C:\Windows\SysWow64\FLACDX.ax [2012.08.03 20:59:18 | 000,081,920 | RHS- | C] () -- C:\Windows\SysWow64\aac_parser.ax [2012.08.03 20:59:18 | 000,070,656 | RHS- | C] () -- C:\Windows\SysWow64\RLAPEDec.ax [2012.08.03 20:59:18 | 000,051,712 | RHS- | C] () -- C:\Windows\SysWow64\RLSpeexDec.ax [2012.07.02 16:54:30 | 000,000,132 | ---- | C] () -- C:\Users\Suri\AppData\Roaming\Adobe PNG Format CS5 Prefs [2012.05.23 21:07:25 | 000,182,884 | ---- | C] () -- C:\Windows\hpoins47.dat [2012.05.23 21:07:25 | 000,000,601 | ---- | C] () -- C:\Windows\hpomdl47.dat [2012.05.23 18:13:55 | 000,007,604 | ---- | C] () -- C:\Users\Suri\AppData\Local\Resmon.ResmonCfg [2012.05.15 02:21:50 | 000,423,744 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe [2012.02.22 13:19:11 | 000,011,776 | ---- | C] () -- C:\Users\Suri\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.02.19 23:01:52 | 000,030,528 | ---- | C] () -- C:\Windows\GVTDrv64.sys [2012.02.19 21:42:00 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini [2011.09.16 12:54:48 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe [2011.09.16 12:54:44 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll [2011.09.16 12:54:44 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll [2011.09.16 12:54:44 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll [2011.09.16 12:54:44 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll ========== LOP Check ========== [2012.03.07 23:06:58 | 000,000,000 | ---D | M] -- C:\Users\Suri\AppData\Roaming\Abvent [2012.03.11 13:09:41 | 000,000,000 | ---D | M] -- C:\Users\Suri\AppData\Roaming\Abvent_Artlantis3 [2012.03.15 22:40:22 | 000,000,000 | ---D | M] -- C:\Users\Suri\AppData\Roaming\Abvent_Artlantis4 [2012.02.22 13:17:01 | 000,000,000 | ---D | M] -- C:\Users\Suri\AppData\Roaming\ACD Systems [2012.05.08 22:59:32 | 000,000,000 | ---D | M] -- C:\Users\Suri\AppData\Roaming\AllDup [2012.08.04 14:35:26 | 000,000,000 | ---D | M] -- C:\Users\Suri\AppData\Roaming\Audacity [2012.02.25 23:42:24 | 000,000,000 | ---D | M] -- C:\Users\Suri\AppData\Roaming\bizarre creations [2012.03.10 01:28:46 | 000,000,000 | ---D | M] -- C:\Users\Suri\AppData\Roaming\Blender Foundation [2012.05.23 18:37:07 | 000,000,000 | ---D | M] -- C:\Users\Suri\AppData\Roaming\FreeFileSync [2012.02.22 12:25:49 | 000,000,000 | ---D | M] -- C:\Users\Suri\AppData\Roaming\GHISLER [2012.02.27 12:56:31 | 000,000,000 | ---D | M] -- C:\Users\Suri\AppData\Roaming\Graphisoft [2012.03.13 10:39:25 | 000,000,000 | ---D | M] -- C:\Users\Suri\AppData\Roaming\ImgBurn [2012.07.15 15:17:05 | 000,000,000 | ---D | M] -- C:\Users\Suri\AppData\Roaming\Install.GS [2012.05.08 22:55:11 | 000,000,000 | ---D | M] -- C:\Users\Suri\AppData\Roaming\loadtbs [2012.05.08 22:55:43 | 000,000,000 | ---D | M] -- C:\Users\Suri\AppData\Roaming\OpenCandy [2012.03.15 17:42:08 | 000,000,000 | ---D | M] -- C:\Users\Suri\AppData\Roaming\OpenOffice.org [2012.03.10 01:14:14 | 000,000,000 | ---D | M] -- C:\Users\Suri\AppData\Roaming\Refractive Software [2012.02.25 22:12:47 | 000,000,000 | ---D | M] -- C:\Users\Suri\AppData\Roaming\Samsung [2012.08.04 13:43:46 | 000,000,000 | ---D | M] -- C:\Users\Suri\AppData\Roaming\xsecva [2012.07.16 23:16:16 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 04.08.2012 15:53:16 - Run 3
OTL by OldTimer - Version 3.2.43.0 Folder = C:\Users\Suri\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
8,00 Gb Total Physical Memory | 6,22 Gb Available Physical Memory | 77,73% Memory free
15,99 Gb Paging File | 14,18 Gb Available in Paging File | 88,65% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 68,26 Gb Total Space | 15,75 Gb Free Space | 23,08% Space Free | Partition Type: NTFS
Drive D: | 116,34 Gb Total Space | 63,61 Gb Free Space | 54,67% Space Free | Partition Type: NTFS
Drive E: | 150,00 Gb Total Space | 12,24 Gb Free Space | 8,16% Space Free | Partition Type: NTFS
Drive F: | 150,00 Gb Total Space | 36,16 Gb Free Space | 24,10% Space Free | Partition Type: NTFS
Drive G: | 397,40 Gb Total Space | 29,38 Gb Free Space | 7,39% Space Free | Partition Type: NTFS
Drive H: | 25,00 Gb Total Space | 24,91 Gb Free Space | 99,64% Space Free | Partition Type: NTFS
Drive I: | 24,41 Gb Total Space | 8,29 Gb Free Space | 33,95% Space Free | Partition Type: NTFS
Drive S: | 146,48 Gb Total Space | 43,55 Gb Free Space | 29,73% Space Free | Partition Type: NTFS
Drive T: | 785,03 Gb Total Space | 19,54 Gb Free Space | 2,49% Space Free | Partition Type: NTFS
Computer Name: SURIDT | User Name: Suri | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDSee 10.0.Browse] -- "C:\Tools\ACD Systems\ACDSee\10.0\ACDSeeQV10.exe" "%1" (ACD Systems)
Directory [AddToPlaylistVLC] -- "C:\Tools\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Arbeit\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [Browse with &IrfanView] -- "C:\Tools\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Tools\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDSee 10.0.Browse] -- "C:\Tools\ACD Systems\ACDSee\10.0\ACDSeeQV10.exe" "%1" (ACD Systems)
Directory [AddToPlaylistVLC] -- "C:\Tools\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Arbeit\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [Browse with &IrfanView] -- "C:\Tools\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Tools\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1277CFAA-7822-4BEB-A7AB-D65E0769A620}" = rport=10243 | protocol=6 | dir=out | app=system |
"{167D0F40-E0E9-49D1-882B-1BE42D596A0F}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{22E23DAA-63F1-4D3E-BBF9-08D9E904F11F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3187BF46-C008-4D15-9E76-7090014DDF41}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{381B60E8-EC67-4D50-BE9B-F1CD82B3FFA0}" = lport=138 | protocol=17 | dir=in | app=system |
"{3F299923-5498-4072-82B9-C47F0786C539}" = lport=137 | protocol=17 | dir=in | app=system |
"{4B56297A-5A81-4A5E-AAAA-169319695F01}" = lport=2869 | protocol=6 | dir=in | app=system |
"{4F202002-DF74-40C2-87F4-ECB7F007B415}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7F90D1F5-348F-4B37-A571-390DB73AB1E9}" = rport=139 | protocol=6 | dir=out | app=system |
"{88E9E046-65D1-4203-805E-E74DB574D093}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8C21D185-9067-4C65-9B8F-FC9DFCCBB53C}" = rport=137 | protocol=17 | dir=out | app=system |
"{8C6EEFA4-FB65-414B-87F3-C62B4FA909EE}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{95ADB971-C195-468D-8109-325DE34605AF}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{A293980E-B7B5-4784-8D43-822B92121D3D}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A3347F1D-50BA-458D-88CB-1211912D2B2D}" = rport=445 | protocol=6 | dir=out | app=system |
"{A3E4012B-5C34-4718-BCBF-9456B2CAF275}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe |
"{CBED4714-B245-4C48-A7FD-6F266E506F24}" = rport=138 | protocol=17 | dir=out | app=system |
"{D2922C94-FD6E-49C6-86E2-3EB5B8861C9D}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D9EBF759-FD25-4433-BDAF-C197967BAB23}" = lport=10243 | protocol=6 | dir=in | app=system |
"{E6E54BCA-09A9-417C-B3B2-3D7002CE145A}" = lport=139 | protocol=6 | dir=in | app=system |
"{F9D503F3-73D6-4A75-B929-E7EF9FB355AA}" = lport=445 | protocol=6 | dir=in | app=system |
"{FEC551EB-C7EE-4200-AA2B-17B35255607F}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0DB0598F-A2DC-41B4-916F-3F7A158FE3DC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{2FA41E66-BC46-427A-8962-4A7A537F102B}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe |
"{39B4A9CA-D896-4C32-A7B9-C96E98089EBD}" = dir=in | app=c:\users\suri\appdata\local\temp\7zs31f2\setup\hpznui40.exe |
"{3AB0B21D-30E2-41DD-8F35-A9A55C8797B9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4F913935-5ECB-406E-AC1B-98DE396643CC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4FF45EC8-043E-4998-B14F-39F14001CC7A}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{510C3F7E-9E20-4EF4-A44A-98B37A2D801C}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{5EA410D2-D54D-49AF-9FB4-1620A4F4DA17}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{62167C31-7F71-491E-8A5E-4F57C2E27869}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe |
"{62349CFD-5820-4145-8193-CBCA54881B76}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{75F77037-65A4-4B53-9E19-CC499161D1A3}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{76C513C6-EF5A-45EC-B5BB-52AC1718FB58}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7C8CAF8A-241C-4BD5-AA2F-4AE33511B13B}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{7E997403-7CED-437E-9CC6-FEFDDEEF1486}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{7FF6A077-E6DD-4B72-B4A2-FBBFC94BC1CE}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{8A54E4F3-3423-4709-AEB4-D92D87A30FBF}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{9A1EA47A-D9F0-482D-9647-783D456BB4DD}" = protocol=17 | dir=in | app=g:\spiele\prototype\prototypef.exe |
"{A28FB04F-7EA5-42EF-8DDC-C6C61A22ACCF}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{A88FD392-B1A3-4A96-A2B2-8F5EF0284970}" = protocol=6 | dir=out | app=system |
"{AA2F34D4-1111-4F44-ADD6-FC4AAF46728E}" = protocol=6 | dir=in | app=g:\spiele\need for speed hot pursuit\launcher.exe |
"{AF4C998A-8997-4F9F-B743-9661FFCF3BEF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B15DCB82-F5F3-425B-B316-96057052EDDD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{BE5B64B1-8073-42A1-B110-2D7D9DFB8C73}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{CBCB5618-D606-4B59-B337-73C2B5412F54}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D1D8EAB5-82FF-4807-A395-D45E34C4A397}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{DC85A1F3-AE49-4AD2-8201-D07C9B6C60F2}" = protocol=6 | dir=in | app=g:\spiele\prototype\prototypef.exe |
"{E6373EAD-51B0-4437-96FF-8C4B133E8EE0}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe |
"{ED5977A0-458B-4DB9-B201-F85AF9D23A1F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{F6D85F42-BC82-4327-AFD4-CF5F92D6CFA3}" = protocol=17 | dir=in | app=g:\spiele\need for speed hot pursuit\launcher.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{014E482A-0C27-47E3-BA82-307E9DCA2F47}" = HP Photosmart Wireless B110 All-In-One Driver 14.0 Rel. 7
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{96F1BA99-300F-4DD5-A26B-788EF63B53B1}" = Logitech Gaming Software 5.08
"{A1E85B9A-AFAD-4D38-AF01-6B020DD5213A}" = Logitech GamePanel Software 3.06.109
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0213
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.8.15
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{BE930E38-7BB3-45B6-85B2-5251F374F844}" = 64 Bit HP CIO Components Installer
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{CE47BA54-78AC-409F-9151-BDF5BE15A804}" = Network64
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{FD8E178D-8B4E-42DA-B434-EFF270329B1C}" = COMODO Internet Security
"001FFF2FFF15FF00FF0201F01F02F000-R1" = ArchiCAD 15 R1 GER
"Artlantis Studio 4" = Artlantis Studio 4.0
"Blender" = Blender
"Unlocker" = Unlocker 1.9.1-x64
"WinRAR archiver" = WinRAR 4.10 (64-Bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1BBD8D70-721A-41AD-AC8F-7308A0C8FA92}" = Adobe Creative Suite 5 Master Collection
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{3EE1008C-11A1-4F4F-8DB7-27573924DE78}" = DMIView B8.0717.01
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83A606F5-BF6F-42ED-9F33-B9F74297CDED}" = Need for Speed(TM) Hot Pursuit
"{8F311E2E-C275-4CF0-8154-B63991832668}_is1" = SUPER © v2012.build.52 (July 7, 2012) Version v2012.build.52
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{9322A850-9091-4D0E-B252-3E82EDA3D94A}" = Prototype(TM)
"{987B04C4-B5AC-4AD6-A7E9-8D681085B850}" = AMD USB Filter Driver
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A57D86AF-DE8E-4B26-972E-A1A28FFF7742}" = FlatOut
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{AC76BA86-1033-F400-7760-000000000005}" = Adobe Acrobat X Pro - English, Français, Deutsch
"{BBFB2E59-B0DB-42C8-8F4D-CF4E85471667}" = Toolbox
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F88E2E04-7EF5-488C-8E38-C94EB808458E}" = PS_AIO_07_B110_SW_Min
"{F8B98EB6-FC06-45BF-87D4-9784E0408611}" = ACDSee 10 Photo Manager
"063FFFFFFF15FF00FF0201F00F02F000-R1" = 3DStudio Import 15 GER
"065FFFFFFF15FF00FF0201F00F02F000-R1" = Doppelte Elemente 15 GER
"074FFFFFFF15FF00FF0201F00F02F000-R1" = Polygonzähler 15 GER
"5513-1208-7298-9440" = JDownloader 0.9
"Adobe AIR" = Adobe AIR
"AllDup_is1" = AllDup 3.4.0
"Audacity_is1" = Audacity 2.0
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v5.00
"FreeFileSync" = FreeFileSync v5.3
"Guild Wars" = GUILD WARS
"ImgBurn" = ImgBurn
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{9322A850-9091-4D0E-B252-3E82EDA3D94A}" = Prototype(TM)
"IrfanView" = IrfanView (remove only)
"loadtbs-2.1" = loadtbs-2.1
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Octane Render 1.022 x64" = Octane Render 1.022 x64 (remove only)
"Totalcmd" = Total Commander (Remove or Repair)
"UltraISO_is1" = UltraISO Premium V9.33
"UltraStar" = UltraStar 0.5.2
"VLC media player" = VLC media player 2.0.0
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-4155572933-657980158-4089475342-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"SOE-DC Universe Online Live" = DC Universe Online Live
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 14.07.2012 15:17:34 | Computer Name = SuriDT | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
Richtliniendatei "C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
des "version"-Attributs im assemblyIdentity-Element ist ungültig.
Error - 15.07.2012 05:54:51 | Computer Name = SuriDT | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
Richtliniendatei "C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
des "version"-Attributs im assemblyIdentity-Element ist ungültig.
Error - 16.07.2012 11:15:29 | Computer Name = SuriDT | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
Richtliniendatei "C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
des "version"-Attributs im assemblyIdentity-Element ist ungültig.
Error - 19.07.2012 15:52:40 | Computer Name = SuriDT | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
Richtliniendatei "C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
des "version"-Attributs im assemblyIdentity-Element ist ungültig.
Error - 24.07.2012 18:29:15 | Computer Name = SuriDT | Source = Application Hang | ID = 1002
Description = Programm DCGame.exe, Version 0.0.16693.5982 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in
der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: 10cc Startzeit: 01cd69eb578d7d00 Endzeit: 118 Anwendungspfad:
G:\Spiele\DC Universe Online Live\Unreal3\Binaries\Win32\DCGame.exe Berichts-ID:
Error - 26.07.2012 16:13:12 | Computer Name = SuriDT | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
Richtliniendatei "C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
des "version"-Attributs im assemblyIdentity-Element ist ungültig.
Error - 26.07.2012 18:59:37 | Computer Name = SuriDT | Source = MsiInstaller | ID = 1013
Description =
Error - 02.08.2012 07:13:23 | Computer Name = SuriDT | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
Richtliniendatei "C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
des "version"-Attributs im assemblyIdentity-Element ist ungültig.
Error - 03.08.2012 06:49:38 | Computer Name = SuriDT | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
Richtliniendatei "C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
des "version"-Attributs im assemblyIdentity-Element ist ungültig.
Error - 03.08.2012 16:55:16 | Computer Name = SuriDT | Source = Application Hang | ID = 1002
Description = Programm SUPER.exe, Version 2.0.12.52 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: fc8 Startzeit:
01cd71aa1aff5ae7 Endzeit: 20 Anwendungspfad: C:\Tools\eRightSoft\SUPER\SUPER.exe Berichts-ID:
82cda8a2-ddad-11e1-b4c6-1c6f6581d117
[ System Events ]
Error - 04.08.2012 08:35:15 | Computer Name = SuriDT | Source = bowser | ID = 8003
Description =
Error - 04.08.2012 08:47:17 | Computer Name = SuriDT | Source = bowser | ID = 8003
Description =
Error - 04.08.2012 08:59:17 | Computer Name = SuriDT | Source = bowser | ID = 8003
Description =
Error - 04.08.2012 09:11:19 | Computer Name = SuriDT | Source = bowser | ID = 8003
Description =
Error - 04.08.2012 09:23:22 | Computer Name = SuriDT | Source = bowser | ID = 8003
Description =
Error - 04.08.2012 09:26:41 | Computer Name = SuriDT | Source = WMPNetworkSvc | ID = 866333
Description =
Error - 04.08.2012 09:35:23 | Computer Name = SuriDT | Source = bowser | ID = 8003
Description =
Error - 04.08.2012 09:47:24 | Computer Name = SuriDT | Source = bowser | ID = 8003
Description =
Error - 04.08.2012 09:51:21 | Computer Name = SuriDT | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%1330 Vergewissern
Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
Management Console (MMC).
Error - 04.08.2012 09:51:21 | Computer Name = SuriDT | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1069
< End of report >
|
|
04.08.2012, 16:11
| #2 |
| /// Helfer-Team  | GVU Trojaner auf Win7 Pro x64 Fixen mit OTL Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).
Code:
ATTFilter
:OTL
MOD - C:\Users\Suri\AppData\Local\Temp\ae201572-4813-4010-9ed2-ee29ddec066a\CliSecureRT.dll ()
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2319825
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4155572933-657980158-4089475342-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2319825
IE - HKU\S-1-5-21-4155572933-657980158-4089475342-1000\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - No CLSID value found
IE - HKU\S-1-5-21-4155572933-657980158-4089475342-1000\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKU\S-1-5-21-4155572933-657980158-4089475342-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-4155572933-657980158-4089475342-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2319825
IE - HKU\S-1-5-21-4155572933-657980158-4089475342-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Tools\Java\bin\new_plugin\npjp2.dll File not found
CHR - plugin: Google Update (Enabled) = C:\Users\Suri\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
O4:64bit: - HKLM..\Run: [srocsc] rundll32.exe "C:\Users\Suri\AppData\Roaming\srocsc.dll",CchFileTimeToDateTimeW File not found
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [UnlockerAssistant] "C:\Tools\Unlocker\UnlockerAssistant.exe" File not found
O4 - HKLM..\Run: [XSECVA] "C:\Users\Suri\AppData\Roaming\xsecva\xsecva.exe" -s File not found
O4 - HKU\S-1-5-21-4155572933-657980158-4089475342-1000..\Run: [KiesPDLR] C:\Tools\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - HKU\S-1-5-21-4155572933-657980158-4089475342-1000..\Run: [XSECVA] "C:\Users\Suri\AppData\Roaming\xsecva\xsecva.exe" -s File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-4155572933-657980158-4089475342-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O15 - HKU\.DEFAULT\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-4155572933-657980158-4089475342-1000\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-4155572933-657980158-4089475342-1000\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-4155572933-657980158-4089475342-1000\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-4155572933-657980158-4089475342-1000\..Trusted Domains: sony.com ([]* in Trusted sites)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: UserInit - (userinit.exe"C:\Users\Suri\AppData\Roaming\xsecva\xsecva.exe" -s) - File not found
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
[2012.08.04 14:54:42 | 004,503,728 | ---- | M] () -- C:\ProgramData\ras_0oed.pad
[2012.08.04 15:42:00 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4155572933-657980158-4089475342-1000UA.job
[2012.08.03 21:42:00 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4155572933-657980158-4089475342-1000Core.job
[2011.09.16 12:54:48 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
:Files
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[emptyflash]
Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden. Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!
__________________ |
|
04.08.2012, 16:44
| #3 |
| | GVU Trojaner auf Win7 Pro x64 Vielen Dank für die schnelle Hilfe!
__________________Super, Neustart ohne jegliche Fehlermeldungen!! OTL-Log nach dem Fix: Code:
ATTFilter All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\S-1-5-21-4155572933-657980158-4089475342-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-4155572933-657980158-4089475342-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{40c3cc16-7269-4b32-9531-17f2950fb06f} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{40c3cc16-7269-4b32-9531-17f2950fb06f}\ not found.
HKEY_USERS\S-1-5-21-4155572933-657980158-4089475342-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-4155572933-657980158-4089475342-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_USERS\S-1-5-21-4155572933-657980158-4089475342-1000\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
HKU\S-1-5-21-4155572933-657980158-4089475342-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@java.com/JavaPlugin\ deleted successfully.
File C:\Users\Suri\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\srocsc deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\UnlockerAssistant deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\XSECVA deleted successfully.
Registry value HKEY_USERS\S-1-5-21-4155572933-657980158-4089475342-1000\Software\Microsoft\Windows\CurrentVersion\Run\\KiesPDLR deleted successfully.
C:\Tools\Kies\External\FirmwareUpdate\KiesPDLR.exe moved successfully.
Registry value HKEY_USERS\S-1-5-21-4155572933-657980158-4089475342-1000\Software\Microsoft\Windows\CurrentVersion\Run\\XSECVA deleted successfully.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableLUA deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\PromptOnSecureDesktop deleted successfully.
Registry value HKEY_USERS\S-1-5-21-4155572933-657980158-4089475342-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clonewarsadventures.com\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\freerealms.com\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\soe.com\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sony.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clonewarsadventures.com\ not found.
Registry key HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\freerealms.com\ not found.
Registry key HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\soe.com\ not found.
Registry key HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sony.com\ not found.
Registry key HKEY_USERS\S-1-5-21-4155572933-657980158-4089475342-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clonewarsadventures.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-4155572933-657980158-4089475342-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\freerealms.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-4155572933-657980158-4089475342-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\soe.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-4155572933-657980158-4089475342-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sony.com\ deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:userinit.exe"C:\Users\Suri\AppData\Roaming\xsecva\xsecva.exe" -s deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\ProgramData\ras_0oed.pad moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4155572933-657980158-4089475342-1000UA.job moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4155572933-657980158-4089475342-1000Core.job moved successfully.
C:\Windows\MusiccityDownload.exe moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Suri\Desktop\cmd.bat deleted successfully.
C:\Users\Suri\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 41620 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Public
User: Suri
->Temp folder emptied: 681786773 bytes
->Temporary Internet Files folder emptied: 36617575 bytes
->Java cache emptied: 76319 bytes
->Google Chrome cache emptied: 318194012 bytes
->Flash cache emptied: 33278 bytes
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 41620 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 4804828 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50434 bytes
RecycleBin emptied: 21845563 bytes
Total Files Cleaned = 1.014,00 mb
[EMPTYFLASH]
User: All Users
User: Default
->Flash cache emptied: 0 bytes
User: Default User
->Flash cache emptied: 0 bytes
User: Public
User: Suri
->Flash cache emptied: 0 bytes
User: UpdatusUser
->Flash cache emptied: 0 bytes
Total Flash Files Cleaned = 0,00 mb
OTL by OldTimer - Version 3.2.43.0 log created on 08042012_172419
Files\Folders moved on Reboot...
C:\Users\Suri\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
Registry entries deleted on Reboot...
|
|
04.08.2012, 17:59
| #4 |
| /// Helfer-Team | GVU Trojaner auf Win7 Pro x64 Sehr gut!  1. Schritt Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.danach: 2. Schritt Downloade Dir bitte AdwCleaner auf deinen Desktop.
|
|
05.08.2012, 13:36
| #5 |
| | GVU Trojaner auf Win7 Pro x64 Den Vollscan hab ich mal über Nacht laufen lassen. Also irgendwas war wohl noch drauf. MBAM Komplett: Code:
ATTFilter Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.08.04.05 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 8.0.7601.17514 Suri :: SURIDT [Administrator] 04.08.2012 19:10:51 mbam-log-2012-08-04 (19-10-51).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|G:\|H:\|I:\|S:\|T:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 820563 Laufzeit: 2 Stunde(n), 1 Minute(n), 30 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 2 D:\System Volume Information\_restore{9F1867E1-765A-438B-9F16-38231EC5E6D6}\RP72\A0040806.sys (Trojan.Sirefef) -> Erfolgreich gelöscht und in Quarantäne gestellt. T:\$RECYCLE.BIN\S-1-5-21-2641374345-1836133999-554063938-1001\$RL261V0.exe (Trojan.Agent.CK) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Code:
ATTFilter # AdwCleaner v1.800 - Logfile created 08/05/2012 at 14:31:15
# Updated 01/08/2012 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (64 bits)
# User : Suri - SURIDT
# Running from : C:\Users\Suri\Downloads\adwcleaner.exe
# Option [Search]
***** [Services] *****
***** [Files / Folders] *****
Folder Found : C:\Users\Suri\AppData\Local\Conduit
Folder Found : C:\Users\Suri\AppData\LocalLow\Conduit
Folder Found : C:\Users\Suri\AppData\Roaming\loadtbs
Folder Found : C:\Users\Suri\AppData\Roaming\OpenCandy
Folder Found : C:\Program Files (x86)\Conduit
***** [Registry] *****
[*] Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2319825
Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKLM\SOFTWARE\Conduit
[x64] Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
[x64] Key Found : HKCU\Software\AppDataLow\Software\SmartBar
***** [Registre - GUID] *****
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DFEFCDEE-CF1A-4FC8-88AD-129872198372}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DFEFCDEE-CF1A-4FC8-88AD-129872198372}
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{DFEFCDEE-CF1A-4FC8-88AD-129872198372}]
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DFEFCDEE-CF1A-4FC8-88AD-129872198372}
***** [Internet Browsers] *****
-\\ Internet Explorer v8.0.7601.17514
[OK] Registry is clean.
-\\ Google Chrome v21.0.1180.60
File : C:\Users\Suri\AppData\Local\Google\Chrome\User Data\Default\Preferences
Found : "update_url": "hxxp://autoupdate.chromewebtb.conduit-services.com/?productId=CT231982[...]
*************************
AdwCleaner[R1].txt - [1796 octets] - [05/08/2012 14:31:15]
########## EOF - C:\AdwCleaner[R1].txt - [1924 octets] ##########
|
|
05.08.2012, 13:57
| #6 |
| /// Helfer-Team | GVU Trojaner auf Win7 Pro x64 Sehr gut!
danach: Malware-Scan mit Emsisoft Anti-Malware Lade die Gratisversion von => Emsisoft Anti-Malware herunter und installiere das Programm. Lade über Jetzt Updaten die aktuellen Signaturen herunter. Wähle den Freeware-Modus aus. Wähle Detail Scan und starte über den Button Scan die Überprüfung des Computers. Am Ende des Scans nichts loeschen lassen!. Mit Klick auf Bericht speichern das Logfile auf dem Desktop speichern und hier in den Thread posten. Anleitung: http://www.trojaner-board.de/103809-...i-malware.html
__________________ --> GVU Trojaner auf Win7 Pro x64 |
|
05.08.2012, 18:30
| #7 |
| | GVU Trojaner auf Win7 Pro x64 Emisoft AM hat wieder gedauert... Adwcleaner: Code:
ATTFilter # AdwCleaner v1.800 - Logfile created 08/05/2012 at 16:15:09
# Updated 01/08/2012 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (64 bits)
# User : Suri - SURIDT
# Running from : C:\Users\Suri\Desktop\PC Cleaning\adwcleaner.exe
# Option [Delete]
***** [Services] *****
***** [Files / Folders] *****
Folder Deleted : C:\Users\Suri\AppData\Local\Conduit
Folder Deleted : C:\Users\Suri\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Suri\AppData\Roaming\loadtbs
Folder Deleted : C:\Users\Suri\AppData\Roaming\OpenCandy
Folder Deleted : C:\Program Files (x86)\Conduit
***** [Registry] *****
[*] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2319825
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKLM\SOFTWARE\Conduit
***** [Registre - GUID] *****
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DFEFCDEE-CF1A-4FC8-88AD-129872198372}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DFEFCDEE-CF1A-4FC8-88AD-129872198372}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{DFEFCDEE-CF1A-4FC8-88AD-129872198372}]
***** [Internet Browsers] *****
-\\ Internet Explorer v8.0.7601.17514
[OK] Registry is clean.
-\\ Google Chrome v21.0.1180.60
File : C:\Users\Suri\AppData\Local\Google\Chrome\User Data\Default\Preferences
Deleted : "update_url": "hxxp://autoupdate.chromewebtb.conduit-services.com/?productId=CT231982[...]
*************************
AdwCleaner[R1].txt - [1919 octets] - [05/08/2012 14:31:15]
AdwCleaner[R2].txt - [1989 octets] - [05/08/2012 16:14:57]
AdwCleaner[S1].txt - [1693 octets] - [05/08/2012 16:15:09]
########## EOF - C:\AdwCleaner[S1].txt - [1821 octets] ##########
Code:
ATTFilter Emsisoft Anti-Malware - Version 6.6
Letztes Update: 05.08.2012 16:19:23
Scan Einstellungen:
Scan Methode: Detail Scan
Objekte: Rootkits, Speicher, Traces, C:\, D:\, E:\, F:\, G:\, H:\, I:\, S:\, T:\
Archiv Scan: An
ADS Scan: An
Scan Beginn: 05.08.2012 16:19:57
Value: hkey_local_machine\system\controlset001\services\zlportio --> displayname gefunden: Trace.Registry.winkeeper!E1
Value: hkey_local_machine\system\controlset001\services\zlportio --> type gefunden: Trace.Registry.winkeeper!E1
Value: hkey_local_machine\system\controlset001\services\zlportio --> start gefunden: Trace.Registry.winkeeper!E1
Value: hkey_local_machine\system\currentcontrolset\services\zlportio --> errorcontrol gefunden: Trace.Registry.winkeeper!E1
Value: hkey_local_machine\system\controlset001\services\zlportio --> imagepath gefunden: Trace.Registry.winkeeper!E1
Value: hkey_local_machine\system\currentcontrolset\services\zlportio --> displayname gefunden: Trace.Registry.winkeeper!E1
Value: hkey_local_machine\system\controlset001\services\zlportio --> errorcontrol gefunden: Trace.Registry.winkeeper!E1
Value: hkey_local_machine\system\currentcontrolset\services\zlportio --> imagepath gefunden: Trace.Registry.winkeeper!E1
Value: hkey_local_machine\system\currentcontrolset\services\zlportio --> start gefunden: Trace.Registry.winkeeper!E1
Value: hkey_local_machine\system\currentcontrolset\services\zlportio --> type gefunden: Trace.Registry.winkeeper!E1
C:\Users\Suri\Desktop\PC Cleaning\Unlocker1.9.1-x64.exe gefunden: Adware.Win32.ADON!E1
Gescannt 1054967
Gefunden 11
Scan Ende: 05.08.2012 19:24:37
Scan Zeit: 3:04:40
|
|
05.08.2012, 20:21
| #8 |
| /// Helfer-Team | GVU Trojaner auf Win7 Pro x64 Sehr gut! Deinstalliere: Emsisoft Anti-Malware ESET Online Scanner Vorbereitung
|
|
06.08.2012, 10:59
| #9 |
| | GVU Trojaner auf Win7 Pro x64 Sodale, ESET Online Scanner lief auch über Nacht: Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=6fa74d317cc3e4448d138c2c5a73b855
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-08-06 07:23:45
# local_time=2012-08-06 09:23:45 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=3073 16777213 80 71 5121 19896748 0 0
# compatibility_mode=5893 16776574 100 94 14392627 95844182 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=620656
# found=0
# cleaned=0
# scan_time=23493
|
|
06.08.2012, 14:40
| #10 |
| /// Helfer-Team | GVU Trojaner auf Win7 Pro x64 Malware mit Combofix beseitigen Lade Combofix von einem der folgenden Download-Spiegel herunter: BleepingComputer.com - ForoSpyware.com und speichere das Programm auf den Desktop, nicht woanders hin, das ist wichtig! Beachte die ausführliche Original-Anleitung. Zurzeit ist Combofix auf folgenden Windows-Versionen lauffähig:
Vorbereitung und wichtige Hinweise
Combofix nicht auf eigene Faust einsetzen. Wenn keine entsprechende Infektion vorliegt, kann das den Rechner lahmlegen und/oder nachhaltig schädigen! |
|
07.08.2012, 20:34
| #11 |
| | GVU Trojaner auf Win7 Pro x64 Ich bin jetzt 2 Wochen im Urlaub und kann grad nichts am Rechner machen, aber mal so im voraus, wozu jetzt eigentlich Combofix? Oder woher weiß ich, dass eine "entsprechende Infektion vorliegt"? Nochmal vielen Dank für die Mühe! |
|
07.08.2012, 23:56
| #12 |
| /// Helfer-Team | GVU Trojaner auf Win7 Pro x64 Alles klar. Siehe erstes Log, da ist noch ein Infekt der noch nicht vollstaendig weg ist. Melde dich nach dem Urlaub wieder  |
|
09.09.2012, 02:26
| #13 |
| /// Helfer-Team | GVU Trojaner auf Win7 Pro x64 Fehlende Rückmeldung Gibt es Probleme beim Abarbeiten obiger Anleitung? Um Kapazitäten für andere Hilfesuchende freizumachen, lösche ich dieses Thema aus meinen Benachrichtigungen. Solltest Du weitermachen wollen, schreibe mir eine PN oder eröffne ein neues Thema. http://www.trojaner-board.de/69886-a...-beachten.html Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner sauber ist. |
|
| Themen zu GVU Trojaner auf Win7 Pro x64 |
| adblock, administrator, adobe, bho, browser, device driver, error, explorer, firefox, format, frage, google, helper, herunterfahren, hängen, install.exe, internet, jdownloader, langs, launch, logfile, msiinstaller, netzwerk, neustart, nvidia update, plug-in, realtek, registry, richtlinie, security, software, spyware.zeus, super, svchost.exe, temp, total commander, trojan.midhos, trojaner, usb |
Linear-Darstellung
