Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
GVU Trojaner Befall, Windows 7. Vermutlich nach Installation von infizierter Software

GVU Trojaner Befall, Windows 7. Vermutlich nach Installation von infizierter Software


Plagegeister aller Art und deren Bekämpfung: GVU Trojaner Befall, Windows 7. Vermutlich nach Installation von infizierter Software

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 14.08.2012, 16:11   #1
Allbande
 
GVU Trojaner Befall, Windows 7. Vermutlich nach Installation von infizierter Software - Standard

GVU Trojaner Befall, Windows 7. Vermutlich nach Installation von infizierter Software


Ok,
also hier mal der Befall-Werdegang.

Infektion durch: Installierte Software
Wahrscheinlich das Desktop Geodreieck (falls genaue Bezeichnung wichtig, recherchier ich das nochmal)

Danach sperrte der Trojaner den Zugriff auf die Oberfläche.
Entsperrt mit Kaspersky Windows Unlocker [Kaspersky_Windows_Unlocker_log.txt].

Bevor der Trojaner sein häßliches Gesicht zeigte [Screenshots_Gvu_Trojaner.zip], habe ich mit Avira das System gescanned. Avira hat ne Menge gefunden, konnte den Virus scheinbar trotzdem nicht unschädlich machen. Hier sind die Detailinfos der Malware aus Avira [quarantaene.txt].

Hier ist der OTL Log:
Code:
ATTFilter
OTL logfile created on: 14.08.2012 16:33:07 - Run 1
OTL by OldTimer - Version 3.2.57.0     Folder = C:\Users\Alexander\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,71 Gb Available Physical Memory | 67,87% Memory free
8,00 Gb Paging File | 6,63 Gb Available in Paging File | 82,88% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 186,21 Gb Total Space | 15,87 Gb Free Space | 8,52% Space Free | Partition Type: NTFS
Drive D: | 264,28 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: ALEXANDER-PC | User Name: Alexander | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Alexander\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\ipmgui.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Lingoes\Translator2\Lingoes.exe (Lingoes Project)
PRC - C:\Program Files (x86)\SteelSeries\World of Warcraft Cataclysm MMO Gaming Mouse\WoWMHID2.exe (SteelSeries)
PRC - C:\Program Files (x86)\SteelSeries\World of Warcraft Cataclysm MMO Gaming Mouse\WoWMTray2.exe (SteelSeries)
PRC - C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
PRC - C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe ()
PRC - C:\Program Files (x86)\Timerle\Timerle.exe (JFSoftware)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files (x86)\Lingoes\Translator2\opentext22.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (TabletServiceWacom) -- C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe (Wacom Technology, Corp.)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (SearchAnonymizer) -- C:\Users\Alexander\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe ()
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (Akamai) -- c:\program files (x86)\common files\akamai/netsession_win_4f7fccd.dll ()
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (Hamachi2Svc) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (DAUpdaterSvc) -- C:\Program Files (x86)\Dragon Age\bin_ship\daupdatersvc.service.exe (BioWare)
SRV - (Fabs) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (AAV UpdateService) -- C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe ()
SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe (MAGIX®)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (DRHMSR64) -- C:\Windows\SysNative\drivers\DRHMSR64.sys ()
DRV:64bit: - (DRHARD64) -- C:\Windows\SysNative\drivers\DRHARD64.sys (Licensed for Gebhard Software)
DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV:64bit: - (atksgt) -- C:\Windows\SysNative\drivers\atksgt.sys ()
DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\drivers\lirsgt.sys ()
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (SSMO3v2Filter) -- C:\Windows\SysNative\drivers\MO3v2Driver.sys (Sagatek Co. Ltd.)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (wacmoumonitor) -- C:\Windows\SysNative\drivers\wacmoumonitor.sys (Wacom Technology)
DRV:64bit: - (wacommousefilter) -- C:\Windows\SysNative\drivers\wacommousefilter.sys (Wacom Technology)
DRV:64bit: - (wacomvhid) -- C:\Windows\SysNative\drivers\wacomvhid.sys (Wacom Technology)
DRV:64bit: - (androidusb) -- C:\Windows\SysNative\drivers\androidusb.sys (Google Inc)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (irda) -- C:\Windows\SysNative\drivers\irda.sys (Microsoft Corporation)
DRV:64bit: - (LUsbFilt) -- C:\Windows\SysNative\drivers\LUsbFilt.sys (Logitech, Inc.)
DRV:64bit: - (LMouKE) -- C:\Windows\SysNative\drivers\LMouKE.Sys (Logitech, Inc.)
DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV:64bit: - (L8042mou) -- C:\Windows\SysNative\drivers\L8042mou.Sys (Logitech, Inc.)
DRV:64bit: - (L8042Kbd) -- C:\Windows\SysNative\drivers\L8042Kbd.sys (Logitech, Inc.)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek Corporation                                            )
DRV:64bit: - (s0016mdm) -- C:\Windows\SysNative\drivers\s0016mdm.sys (MCCI Corporation)
DRV:64bit: - (s0016unic) -- C:\Windows\SysNative\drivers\s0016unic.sys (MCCI Corporation)
DRV:64bit: - (s0016mgmt) -- C:\Windows\SysNative\drivers\s0016mgmt.sys (MCCI Corporation)
DRV:64bit: - (s0016obex) -- C:\Windows\SysNative\drivers\s0016obex.sys (MCCI Corporation)
DRV:64bit: - (s0016nd5) -- C:\Windows\SysNative\drivers\s0016nd5.sys (MCCI Corporation)
DRV:64bit: - (s0016mdfl) -- C:\Windows\SysNative\drivers\s0016mdfl.sys (MCCI Corporation)
DRV:64bit: - (s0016bus) -- C:\Windows\SysNative\drivers\s0016bus.sys (MCCI Corporation)
DRV:64bit: - (irsir) -- C:\Windows\SysNative\drivers\irsir.sys (Microsoft Corporation)
DRV:64bit: - (UsbFltr) -- C:\Windows\SysNative\drivers\UsbFltr.sys (Waytech Development, Inc.)
DRV - (DRHMSR64) -- C:\Windows\SysWOW64\drivers\DRHMSR64.sys ()
DRV - (DRHARD64) -- C:\Windows\SysWOW64\drivers\DRHARD64.sys (Licensed for Gebhard Software)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=ddr&s={searchTerms}&f=4
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 78 8C 66 6D BE 6F CB 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0D7562AE-8EF6-416d-A838-AB665251703A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com.anonymize-me.de/?anonymto=687474703A2F2F7777772E62696E672E636F6D2F7365617263683F713D7B7365617263685465726D737D267372633D49452D536561726368426F7826464F524D3D494538535243&st={searchTerms}&clid=43e3f9ae-e059-4716-a00b-a8524fb4023e&pid=freewarede&k=0
IE - HKCU\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = hxxp://start.facemoods.com.anonymize-me.de/?anonymto=687474703A2F2F73746172742E666163656D6F6F64732E636F6D2F3F613D64647226733D7B7365617263685465726D737D26663D34&st={searchTerms}&clid=43e3f9ae-e059-4716-a00b-a8524fb4023e&pid=freewarede&k=0
IE - HKCU\..\SearchScopes\{62405F7F-AA9E-48D1-B5A3-81E97DC29562}: "URL" = hxxp://search.ebay.de.anonymize-me.de/?to=656261792E6465&st={searchTerms}&clid=43e3f9ae-e059-4716-a00b-a8524fb4023e&pid=freewarede&mode=bounce&k=0
IE - HKCU\..\SearchScopes\{7335A2E9-0889-4C97-852A-2DD5527B7B74}: "URL" = hxxp://www.myvideo.de.anonymize-me.de/?to=6D79766964656F2E6465&st={searchTerms}&clid=43e3f9ae-e059-4716-a00b-a8524fb4023e&pid=freewarede&mode=bounce&k=0
IE - HKCU\..\SearchScopes\{7F66A6CF-C178-4B87-9E18-447FF81AF0CA}: "URL" = hxxp://www.google.de.anonymize-me.de/?anonymto=687474703A2F2F7777772E676F6F676C652E64652F7365617263683F713D7B7365617263685465726D737D&st={searchTerms}&clid=43e3f9ae-e059-4716-a00b-a8524fb4023e&pid=freewarede&k=0
IE - HKCU\..\SearchScopes\{972A7DD6-D21D-4AA3-99F1-B6907ADB10B5}: "URL" = hxxp://www.pricerunner.de.anonymize-me.de/?to=707269636572756E6E65722E6465&st={searchTerms}&clid=43e3f9ae-e059-4716-a00b-a8524fb4023e&pid=freewarede&mode=bounce&k=0
IE - HKCU\..\SearchScopes\{9F424BF0-E932-43D5-8B91-9BC7F7C542D5}: "URL" = hxxp://www.amazon.de.anonymize-me.de/?to=616D617A6F6E2E6465&st={searchTerms}&clid=43e3f9ae-e059-4716-a00b-a8524fb4023e&pid=freewarede&mode=bounce&k=0
IE - HKCU\..\SearchScopes\{D63F4B23-2084-4C0E-A541-B26AABDD955C}: "URL" = hxxp://de.wikipedia.org.anonymize-me.de/?to=64652E77696B6970656469612E6F7267&st={searchTerms}&clid=43e3f9ae-e059-4716-a00b-a8524fb4023e&pid=freewarede&mode=bounce&k=0
IE - HKCU\..\SearchScopes\{DC60E062-FF95-4F4D-9F63-53E8B30D4A5E}: "URL" = hxxp://www.otto.de.anonymize-me.de/?to=6F74746F2E6465&st={searchTerms}&clid=43e3f9ae-e059-4716-a00b-a8524fb4023e&pid=freewarede&mode=bounce&k=0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "Scroogle (SSL)"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledItems: {2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}:2.1.106
FF - prefs.js..extensions.enabledItems: firegestures@xuldev.org:1.6.5
FF - prefs.js..extensions.enabledItems: grwatcher@ajnasz.hu:1.5.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: dictlookup@arnhold.com:0.0.4
FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.7.3
FF - prefs.js..extensions.enabledItems: {59c81df5-4b7a-477b-912d-4e0fdf64e5f2}:0.9.87
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.8
FF - prefs.js..extensions.enabledItems: {6BFD307A-C040-11DA-9749-FB1C850B47DF}:2.5.0.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {02450954-cdd9-410f-b1da-db804e18c671}:0.96.3
FF - prefs.js..extensions.enabledItems: tiletabs@DW-dev:4.10
FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.6
FF - prefs.js..extensions.enabledItems: yyginstantplay@yoyogames.com:1.1.0.24
FF - prefs.js..extensions.ybookmarks@yahoo.original.keyword.conflicts.warn: false
FF - prefs.js..keyword.URL: "hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q="
FF - prefs.js..network.proxy.autoconfig_url: "file:///C:\\Users\\ALEXAN~1\\AppData\\Local\\Temp\\proxtube.pac"
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_270.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\system32\npDeployJava1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.5: C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.18 20:38:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.04.30 11:41:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.03.29 18:34:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\inlinetranslate@inlinetranslate.com: C:\Users\Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\cwp55av2.default\extensions\inlinetranslate@inlinetranslate.com [2012.08.04 15:14:59 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\extension@preispilot.com: C:\Users\Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\cwp55av2.default\extensions\extension@preispilot.com
 
[2010.10.09 17:44:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alexander\AppData\Roaming\Mozilla\Extensions
[2012.08.05 14:06:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\cwp55av2.default\extensions
[2011.06.28 13:40:44 | 000,000,000 | ---D | M] (Delicious Extension) -- C:\Users\Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\cwp55av2.default\extensions\delicious@vjkarunapg.com
[2010.10.18 16:25:37 | 000,000,000 | ---D | M] (Dictionary (EN/DE)) -- C:\Users\Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\cwp55av2.default\extensions\dictlookup@arnhold.com
[2012.05.17 21:24:58 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\cwp55av2.default\extensions\ich@maltegoetz.de
[2012.08.04 15:14:59 | 000,000,000 | ---D | M] (Translator) -- C:\Users\Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\cwp55av2.default\extensions\inlinetranslate@inlinetranslate.com
[2012.07.30 17:34:15 | 000,000,000 | ---D | M] (Print pages to PDF) -- C:\Users\Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\cwp55av2.default\extensions\printPages2Pdf@reinhold.ripper
[2012.08.04 15:15:05 | 000,001,819 | ---- | M] () -- C:\Users\Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\cwp55av2.default\searchplugins\scroogle-ssl-german-search.xml
[2012.08.04 15:15:05 | 000,001,382 | ---- | M] () -- C:\Users\Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\cwp55av2.default\searchplugins\scroogle-ssl.xml
[2012.08.04 15:15:05 | 000,001,870 | ---- | M] () -- C:\Users\Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\cwp55av2.default\searchplugins\{1A560199-E6AE-4E89-922C-D036DF3081CB}.xml
[2012.08.04 15:15:05 | 000,002,188 | ---- | M] () -- C:\Users\Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\cwp55av2.default\searchplugins\{34E64A6B-8666-4EE3-A859-767AA69D948E}.xml
[2012.08.04 15:15:05 | 000,002,077 | ---- | M] () -- C:\Users\Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\cwp55av2.default\searchplugins\{F226A978-CB94-4980-A382-1E0F65502212}.xml
[2012.06.17 19:38:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012.03.17 14:09:32 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.04.03 18:46:18 | 000,140,964 | ---- | M] () (No name found) -- C:\USERS\ALEXANDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\CWP55AV2.DEFAULT\EXTENSIONS\FIREGESTURES@XULDEV.ORG.XPI
[2012.08.01 01:48:46 | 000,214,920 | ---- | M] () (No name found) -- C:\USERS\ALEXANDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\CWP55AV2.DEFAULT\EXTENSIONS\GMAILWATCHER@SONTHAKIT.XPI
[2012.02.14 13:35:18 | 000,029,003 | ---- | M] () (No name found) -- C:\USERS\ALEXANDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\CWP55AV2.DEFAULT\EXTENSIONS\GROOVESHARKUNLOCKER@OVERLORD1337.XPI
[2012.07.18 20:38:13 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.04.29 19:09:06 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010.12.09 12:47:06 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2012.08.04 15:15:05 | 000,001,684 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.08.04 15:15:05 | 000,001,935 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.08.04 15:15:05 | 000,001,271 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.08.04 15:15:05 | 000,001,611 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrchddr.xml
[2012.08.04 15:15:05 | 000,007,051 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.08.04 15:15:05 | 000,001,278 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.08.04 15:15:05 | 000,001,170 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010.10.29 17:38:18 | 000,000,881 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 tictactoe.localhost
O1 - Hosts: 127.0.0.1 jquery.localhost
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O4 - HKLM..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [SteelSeries World of Warcraft Cataclysm MMO Gaming Mouse] C:\Program Files (x86)\SteelSeries\World of Warcraft Cataclysm MMO Gaming Mouse\WoWMHID2.exe (SteelSeries)
O4 - HKCU..\Run: [Badoo Desktop] C:\ProgramData\Badoo\Badoo Desktop\1.6.55.1183\Badoo.Desktop.exe File not found
O4 - HKCU..\Run: [Lingoes] C:\Program Files (x86)\Lingoes\Translator2\Lingoes.exe (Lingoes Project)
O4 - HKCU..\Run: [Timerle] C:\Program Files (x86)\Timerle\Timerle.exe (JFSoftware)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Alexander\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube Download - C:\Users\Alexander\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9E886633-3C63-4DB1-8DC6-E9BD28CCE249}: NameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKCU Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{59b68bf2-daef-11e1-94df-0019663167d0}\Shell - "" = AutoRun
O33 - MountPoints2\{59b68bf2-daef-11e1-94df-0019663167d0}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.08.14 18:07:26 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0
[2012.08.14 16:31:45 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\Alexander\Desktop\OTL.exe
[2012.08.10 13:21:37 | 000,000,000 | -HSD | C] -- C:\Windows\SysNative\%APPDATA%
[2012.08.08 21:31:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MB-Ruler
[2012.08.05 21:46:14 | 000,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Roaming\kock
[2012.08.04 16:00:23 | 000,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Roaming\Lingoes
[2012.08.04 16:00:23 | 000,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Local\Lingoes
[2012.08.04 16:00:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lingoes
[2012.08.04 16:00:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Lingoes
[2012.08.04 16:00:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lingoes
[2012.08.04 15:30:54 | 000,218,624 | ---- | C] (Nar Dictionary) -- C:\Windows\SysWow64\WCapture.dll
[2012.08.04 15:30:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nar Dictionary
[2012.08.04 15:15:05 | 000,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Roaming\Opera
[2012.08.04 15:15:00 | 000,493,056 | ---- | C] ( datenhaus GmbH) -- C:\Windows\SysWow64\dhRichClient3.dll
[2012.08.04 15:14:58 | 000,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Roaming\OCS
[2012.08.01 14:15:42 | 000,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Roaming\CAD-KAS
[2012.08.01 14:15:34 | 000,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PDF Editor 3.3
[2012.08.01 14:15:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Editor 3.3
[2012.08.01 14:15:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PDF Editor 3
[2012.07.31 20:35:32 | 000,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Roaming\WinRAR
[2012.07.31 11:17:01 | 000,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 USB DVD Download Tool
[2012.07.31 11:16:35 | 000,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Roaming\Canneverbe Limited
[2012.07.31 11:16:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Canneverbe Limited
[2012.07.31 11:16:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CDBurnerXP
[2012.07.24 22:27:38 | 000,000,000 | ---D | C] -- C:\Users\Alexander\Documents\Games for Windows - LIVE Demos
[2012.07.24 17:00:11 | 000,000,000 | ---D | C] -- C:\Users\Alexander\.m2
[2012.07.24 13:41:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\android-sdk
[2012.07.24 13:39:00 | 000,000,000 | ---D | C] -- C:\Users\Alexander\.android
[2012.07.24 13:25:08 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle
[2012.07.24 13:01:51 | 000,955,800 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll
[2012.07.24 13:01:51 | 000,268,680 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe
[2012.07.24 13:01:45 | 000,189,424 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe
[2012.07.24 13:01:45 | 000,188,912 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\java.exe
[2012.07.24 12:51:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\android-sdk-windows
[2012.07.21 00:08:34 | 000,000,000 | ---D | C] -- C:\Users\Alexander\Documents\Square Enix
[2012.07.19 01:50:04 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\directx
[2012.07.17 18:26:23 | 000,530,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_6.dll
[2012.07.17 18:26:23 | 000,176,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_6.dll
[2012.07.17 18:26:23 | 000,078,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_4.dll
[2012.07.15 18:59:22 | 000,033,856 | -H-- | C] (LogMeIn, Inc.) -- C:\Windows\SysNative\hamachi.sys
[2012.07.15 18:59:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
[2012.07.15 18:59:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Hamachi
[2012.07.15 18:58:58 | 000,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Local\LogMeIn Hamachi
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.08.14 16:34:52 | 000,021,984 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.08.14 16:34:52 | 000,021,984 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.08.14 16:31:45 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Alexander\Desktop\OTL.exe
[2012.08.14 16:26:53 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.08.14 16:26:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.08.14 16:25:54 | 3220,676,608 | -HS- | M] () -- C:\hiberfil.sys
[2012.08.10 13:21:39 | 000,000,045 | ---- | M] () -- C:\Users\Alexander\AppData\Roaming\msconfig.ini
[2012.08.10 13:09:07 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.08.10 12:50:08 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.08.05 17:18:18 | 000,007,638 | ---- | M] () -- C:\Users\Alexander\AppData\Local\Resmon.ResmonCfg
[2012.08.04 18:50:17 | 000,320,176 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.08.04 15:58:47 | 000,000,067 | ---- | M] () -- C:\ProgramData\claude.ini
[2012.08.03 17:09:23 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.08.03 17:09:23 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.08.01 14:15:33 | 000,075,776 | ---- | M] () -- C:\Windows\cadkasdeinst01e.exe
[2012.07.31 11:17:50 | 000,779,306 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.07.31 11:17:50 | 000,652,166 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.07.31 11:17:50 | 000,121,098 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.07.24 18:23:22 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_androidusb_01009.Wdf
[2012.07.24 13:01:41 | 000,189,424 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe
[2012.07.24 13:01:41 | 000,188,912 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\java.exe
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.08.10 13:17:00 | 000,023,552 | ---- | C] () -- C:\Windows\Installer\{d5b241b7-7bab-debf-fe39-4ba4cb791627}\U\800000cb.@
[2012.08.10 13:17:00 | 000,016,896 | ---- | C] () -- C:\Windows\Installer\{d5b241b7-7bab-debf-fe39-4ba4cb791627}\U\80000000.@
[2012.08.10 13:16:55 | 000,001,712 | ---- | C] () -- C:\Windows\Installer\{d5b241b7-7bab-debf-fe39-4ba4cb791627}\U\00000001.@
[2012.08.10 10:18:59 | 000,000,045 | ---- | C] () -- C:\Users\Alexander\AppData\Roaming\msconfig.ini
[2012.08.04 16:00:23 | 000,002,053 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lingoes.lnk
[2012.08.04 15:45:32 | 000,000,067 | ---- | C] () -- C:\ProgramData\claude.ini
[2012.08.04 15:15:00 | 000,338,432 | ---- | C] () -- C:\Windows\SysWow64\sqlite36_engine.dll
[2012.08.01 14:15:33 | 000,075,776 | ---- | C] () -- C:\Windows\cadkasdeinst01e.exe
[2012.07.31 11:16:20 | 000,001,899 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP.lnk
[2012.07.24 18:23:22 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_androidusb_01009.Wdf
[2012.07.13 15:24:46 | 000,764,774 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.02.23 14:16:37 | 000,000,616 | ---- | C] () -- C:\Users\Alexander\.xmaximarc
[2012.02.06 20:35:49 | 000,001,536 | ---- | C] () -- C:\Users\Alexander\.recently-used.xbel
[2012.01.15 14:39:15 | 000,180,224 | ---- | C] () -- C:\Users\Alexander\AppData\Roaming\msconfig.dat
[2012.01.15 14:39:15 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{d5b241b7-7bab-debf-fe39-4ba4cb791627}\@
[2012.01.15 14:39:15 | 000,002,048 | -HS- | C] () -- C:\Users\Alexander\AppData\Local\{d5b241b7-7bab-debf-fe39-4ba4cb791627}\@
[2012.01.15 03:43:40 | 000,000,037 | -HS- | C] () -- C:\Users\Alexander\AppData\Local\1754111884ee9ab5277ca00.95260103
[2011.12.26 15:40:13 | 000,014,760 | ---- | C] () -- C:\Windows\SysWow64\drivers\DRHMSR64.sys
[2011.12.17 02:00:42 | 000,000,000 | ---- | C] () -- C:\Users\Alexander\AppData\Local\{4E64938B-E563-4B7E-ABB8-779D385288CE}
[2011.12.07 01:01:39 | 000,017,408 | ---- | C] () -- C:\Users\Alexander\AppData\Local\WebpageIcons.db
[2011.11.25 22:05:52 | 000,000,036 | ---- | C] () -- C:\Users\Alexander\.org.eclipse.epp.usagedata.recording.userId
[2011.09.28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011.06.15 18:48:40 | 000,004,608 | ---- | C] () -- C:\Users\Alexander\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.05.29 00:21:45 | 000,000,001 | ---- | C] () -- C:\Windows\SysWow64\SI.bin
[2011.05.15 16:03:57 | 000,000,331 | ---- | C] () -- C:\Windows\game.ini
[2010.12.27 18:50:24 | 000,000,760 | ---- | C] () -- C:\Users\Alexander\AppData\Roaming\setup_ldm.iss
[2010.10.27 00:36:29 | 000,007,638 | ---- | C] () -- C:\Users\Alexander\AppData\Local\Resmon.ResmonCfg
[2010.10.18 22:33:26 | 000,000,600 | ---- | C] () -- C:\Users\Alexander\AppData\Roaming\winscp.rnd
[2010.10.14 21:57:02 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2010.10.09 18:59:15 | 000,120,200 | ---- | C] () -- C:\Windows\SysWow64\DLLDEV32i.dll
[2010.10.09 18:02:23 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

< End of report >
Im Anhang befindet sich noch die Extras.txt.

Könnt ihr mir helfen?

Was kann ich noch machen?

Gruss,
Alexander

 

Themen zu GVU Trojaner Befall, Windows 7. Vermutlich nach Installation von infizierter Software
akamai, antivir, avast, avg, avira, bho, desktop, explorer, firefox, flash player, format, google, google earth, gvu trojaner, inline, installation, kaspersky, langs, locker, logfile, malware, mozilla, plug-in, realtek, registry, software, system, temp, trojaner, virus, windows


« Security Shield Virus und Malwarebytes findet keine Viren | "Dieses Programm kann nicht die Webseite anzeigen" Windows 7 »


Ähnliche Themen: GVU Trojaner Befall, Windows 7. Vermutlich nach Installation von infizierter Software


  1. Scanner findet nach öffnen von infizierter Datei keinen Trojaner
    Log-Analyse und Auswertung - 01.03.2015 (6)
  2. Positive Finds infizierter PC nach Installation von Youtube to MP3 Converter
    Plagegeister aller Art und deren Bekämpfung - 25.02.2015 (19)
  3. Windows 7: Computer ist langsam, Installation von Antiviren/Spam-Software nicht möglich, Werbung auf Webseiten
    Log-Analyse und Auswertung - 04.01.2015 (14)
  4. keine Internetconnektivität nach Anschluss externer Festplatte und gleichzeitiger Software-Installation auf neuem win7-rechner
    Plagegeister aller Art und deren Bekämpfung - 03.01.2015 (15)
  5. Trojaner-Befall nach Installation von Free Youtube to mp3 Converter
    Log-Analyse und Auswertung - 22.08.2014 (13)
  6. Windows 7 Trojaner infektion nach Plugin installation
    Log-Analyse und Auswertung - 15.04.2014 (15)
  7. Microsoft löscht Tor-Software nach Trojaner-Befall
    Nachrichten - 17.01.2014 (0)
  8. GVU Trojaner-Befall, vermutlich V2.07. WIN7pro 32Bit
    Log-Analyse und Auswertung - 02.09.2013 (3)
  9. Befall durch Web Cake nach Installation von qtrax
    Log-Analyse und Auswertung - 14.08.2013 (5)
  10. Blue Screens nach Installation der Software ILEMI
    Log-Analyse und Auswertung - 13.06.2013 (7)
  11. IncrediBar-Befall nach Software-Download mit Infizierung von Registrierungsdatei
    Plagegeister aller Art und deren Bekämpfung - 31.12.2012 (16)
  12. kein Internetzugang, vermutlich nach Befall von sirefef.? (=diverse Buchstaben)
    Plagegeister aller Art und deren Bekämpfung - 19.04.2012 (34)
  13. Mehrere Trojaner gefunden in windows/assembly/tmp/u vermutlich nach OTR Benutzung
    Plagegeister aller Art und deren Bekämpfung - 09.02.2012 (47)
  14. wieder Trojaner direkt nach Windows Installation
    Log-Analyse und Auswertung - 01.12.2011 (1)
  15. Updateprobleme jeweder Software(Nach Internet Security 2011 befall)
    Plagegeister aller Art und deren Bekämpfung - 29.06.2011 (27)
  16. nach codec und software installation funkt Messenger 7.5 nicht mehr, BITTE HILFE
    Log-Analyse und Auswertung - 14.11.2007 (4)
  17. Infizierter Rechner! (Vermutlich tr spy.vbstat.b.1) Wer kann mir helfen?!?
    Mülltonne - 25.05.2007 (0)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema GVU Trojaner Befall, Windows 7. Vermutlich nach Installation von infizierter Software - Ok, also hier mal der Befall-Werdegang. Infektion durch: Installierte Software Wahrscheinlich das Desktop Geodreieck (falls genaue Bezeichnung wichtig, recherchier ich das nochmal) Danach sperrte der Trojaner den Zugriff auf die - GVU Trojaner Befall, Windows 7. Vermutlich nach Installation von infizierter Software...
Archiv
Du betrachtest: GVU Trojaner Befall, Windows 7. Vermutlich nach Installation von infizierter Software auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131