![]() |
|
Plagegeister aller Art und deren Bekämpfung: GVU Trojaner Befall, Windows 7. Vermutlich nach Installation von infizierter SoftwareWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
![]() | #1 |
![]() | ![]() GVU Trojaner Befall, Windows 7. Vermutlich nach Installation von infizierter Software Ok, also hier mal der Befall-Werdegang. Infektion durch: Installierte Software Wahrscheinlich das Desktop Geodreieck (falls genaue Bezeichnung wichtig, recherchier ich das nochmal) Danach sperrte der Trojaner den Zugriff auf die Oberfläche. Entsperrt mit Kaspersky Windows Unlocker [Kaspersky_Windows_Unlocker_log.txt]. Bevor der Trojaner sein häßliches Gesicht zeigte [Screenshots_Gvu_Trojaner.zip], habe ich mit Avira das System gescanned. Avira hat ne Menge gefunden, konnte den Virus scheinbar trotzdem nicht unschädlich machen. Hier sind die Detailinfos der Malware aus Avira [quarantaene.txt]. Hier ist der OTL Log: Code:
ATTFilter OTL logfile created on: 14.08.2012 16:33:07 - Run 1 OTL by OldTimer - Version 3.2.57.0 Folder = C:\Users\Alexander\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,71 Gb Available Physical Memory | 67,87% Memory free 8,00 Gb Paging File | 6,63 Gb Available in Paging File | 82,88% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 186,21 Gb Total Space | 15,87 Gb Free Space | 8,52% Space Free | Partition Type: NTFS Drive D: | 264,28 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: ALEXANDER-PC | User Name: Alexander | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Alexander\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\ipmgui.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Lingoes\Translator2\Lingoes.exe (Lingoes Project) PRC - C:\Program Files (x86)\SteelSeries\World of Warcraft Cataclysm MMO Gaming Mouse\WoWMHID2.exe (SteelSeries) PRC - C:\Program Files (x86)\SteelSeries\World of Warcraft Cataclysm MMO Gaming Mouse\WoWMTray2.exe (SteelSeries) PRC - C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG) PRC - C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe () PRC - C:\Program Files (x86)\Timerle\Timerle.exe (JFSoftware) ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll () MOD - C:\Program Files (x86)\Lingoes\Translator2\opentext22.dll () ========== Win32 Services (SafeList) ========== SRV:64bit: - (TabletServiceWacom) -- C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe (Wacom Technology, Corp.) SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV - (SearchAnonymizer) -- C:\Users\Alexander\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe () SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (Akamai) -- c:\program files (x86)\common files\akamai/netsession_win_4f7fccd.dll () SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (Hamachi2Svc) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (DAUpdaterSvc) -- C:\Program Files (x86)\Dragon Age\bin_ship\daupdatersvc.service.exe (BioWare) SRV - (Fabs) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (AAV UpdateService) -- C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe () SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe (MAGIX®) ========== Driver Services (SafeList) ========== DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH) DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (DRHMSR64) -- C:\Windows\SysNative\drivers\DRHMSR64.sys () DRV:64bit: - (DRHARD64) -- C:\Windows\SysNative\drivers\DRHARD64.sys (Licensed for Gebhard Software) DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd) DRV:64bit: - (atksgt) -- C:\Windows\SysNative\drivers\atksgt.sys () DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\drivers\lirsgt.sys () DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (SSMO3v2Filter) -- C:\Windows\SysNative\drivers\MO3v2Driver.sys (Sagatek Co. Ltd.) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (wacmoumonitor) -- C:\Windows\SysNative\drivers\wacmoumonitor.sys (Wacom Technology) DRV:64bit: - (wacommousefilter) -- C:\Windows\SysNative\drivers\wacommousefilter.sys (Wacom Technology) DRV:64bit: - (wacomvhid) -- C:\Windows\SysNative\drivers\wacomvhid.sys (Wacom Technology) DRV:64bit: - (androidusb) -- C:\Windows\SysNative\drivers\androidusb.sys (Google Inc) DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (irda) -- C:\Windows\SysNative\drivers\irda.sys (Microsoft Corporation) DRV:64bit: - (LUsbFilt) -- C:\Windows\SysNative\drivers\LUsbFilt.sys (Logitech, Inc.) DRV:64bit: - (LMouKE) -- C:\Windows\SysNative\drivers\LMouKE.Sys (Logitech, Inc.) DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.) DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.) DRV:64bit: - (L8042mou) -- C:\Windows\SysNative\drivers\L8042mou.Sys (Logitech, Inc.) DRV:64bit: - (L8042Kbd) -- C:\Windows\SysNative\drivers\L8042Kbd.sys (Logitech, Inc.) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek Corporation ) DRV:64bit: - (s0016mdm) -- C:\Windows\SysNative\drivers\s0016mdm.sys (MCCI Corporation) DRV:64bit: - (s0016unic) -- C:\Windows\SysNative\drivers\s0016unic.sys (MCCI Corporation) DRV:64bit: - (s0016mgmt) -- C:\Windows\SysNative\drivers\s0016mgmt.sys (MCCI Corporation) DRV:64bit: - (s0016obex) -- C:\Windows\SysNative\drivers\s0016obex.sys (MCCI Corporation) DRV:64bit: - (s0016nd5) -- C:\Windows\SysNative\drivers\s0016nd5.sys (MCCI Corporation) DRV:64bit: - (s0016mdfl) -- C:\Windows\SysNative\drivers\s0016mdfl.sys (MCCI Corporation) DRV:64bit: - (s0016bus) -- C:\Windows\SysNative\drivers\s0016bus.sys (MCCI Corporation) DRV:64bit: - (irsir) -- C:\Windows\SysNative\drivers\irsir.sys (Microsoft Corporation) DRV:64bit: - (UsbFltr) -- C:\Windows\SysNative\drivers\UsbFltr.sys (Waytech Development, Inc.) DRV - (DRHMSR64) -- C:\Windows\SysWOW64\drivers\DRHMSR64.sys () DRV - (DRHARD64) -- C:\Windows\SysWOW64\drivers\DRHARD64.sys (Licensed for Gebhard Software) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=ddr&s={searchTerms}&f=4 IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 78 8C 66 6D BE 6F CB 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {0D7562AE-8EF6-416d-A838-AB665251703A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com.anonymize-me.de/?anonymto=687474703A2F2F7777772E62696E672E636F6D2F7365617263683F713D7B7365617263685465726D737D267372633D49452D536561726368426F7826464F524D3D494538535243&st={searchTerms}&clid=43e3f9ae-e059-4716-a00b-a8524fb4023e&pid=freewarede&k=0 IE - HKCU\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = hxxp://start.facemoods.com.anonymize-me.de/?anonymto=687474703A2F2F73746172742E666163656D6F6F64732E636F6D2F3F613D64647226733D7B7365617263685465726D737D26663D34&st={searchTerms}&clid=43e3f9ae-e059-4716-a00b-a8524fb4023e&pid=freewarede&k=0 IE - HKCU\..\SearchScopes\{62405F7F-AA9E-48D1-B5A3-81E97DC29562}: "URL" = hxxp://search.ebay.de.anonymize-me.de/?to=656261792E6465&st={searchTerms}&clid=43e3f9ae-e059-4716-a00b-a8524fb4023e&pid=freewarede&mode=bounce&k=0 IE - HKCU\..\SearchScopes\{7335A2E9-0889-4C97-852A-2DD5527B7B74}: "URL" = hxxp://www.myvideo.de.anonymize-me.de/?to=6D79766964656F2E6465&st={searchTerms}&clid=43e3f9ae-e059-4716-a00b-a8524fb4023e&pid=freewarede&mode=bounce&k=0 IE - HKCU\..\SearchScopes\{7F66A6CF-C178-4B87-9E18-447FF81AF0CA}: "URL" = hxxp://www.google.de.anonymize-me.de/?anonymto=687474703A2F2F7777772E676F6F676C652E64652F7365617263683F713D7B7365617263685465726D737D&st={searchTerms}&clid=43e3f9ae-e059-4716-a00b-a8524fb4023e&pid=freewarede&k=0 IE - HKCU\..\SearchScopes\{972A7DD6-D21D-4AA3-99F1-B6907ADB10B5}: "URL" = hxxp://www.pricerunner.de.anonymize-me.de/?to=707269636572756E6E65722E6465&st={searchTerms}&clid=43e3f9ae-e059-4716-a00b-a8524fb4023e&pid=freewarede&mode=bounce&k=0 IE - HKCU\..\SearchScopes\{9F424BF0-E932-43D5-8B91-9BC7F7C542D5}: "URL" = hxxp://www.amazon.de.anonymize-me.de/?to=616D617A6F6E2E6465&st={searchTerms}&clid=43e3f9ae-e059-4716-a00b-a8524fb4023e&pid=freewarede&mode=bounce&k=0 IE - HKCU\..\SearchScopes\{D63F4B23-2084-4C0E-A541-B26AABDD955C}: "URL" = hxxp://de.wikipedia.org.anonymize-me.de/?to=64652E77696B6970656469612E6F7267&st={searchTerms}&clid=43e3f9ae-e059-4716-a00b-a8524fb4023e&pid=freewarede&mode=bounce&k=0 IE - HKCU\..\SearchScopes\{DC60E062-FF95-4F4D-9F63-53E8B30D4A5E}: "URL" = hxxp://www.otto.de.anonymize-me.de/?to=6F74746F2E6465&st={searchTerms}&clid=43e3f9ae-e059-4716-a00b-a8524fb4023e&pid=freewarede&mode=bounce&k=0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "Scroogle (SSL)" FF - prefs.js..browser.search.update: false FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "www.google.de" FF - prefs.js..extensions.enabledItems: {2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}:2.1.106 FF - prefs.js..extensions.enabledItems: firegestures@xuldev.org:1.6.5 FF - prefs.js..extensions.enabledItems: grwatcher@ajnasz.hu:1.5.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: dictlookup@arnhold.com:0.0.4 FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.7.3 FF - prefs.js..extensions.enabledItems: {59c81df5-4b7a-477b-912d-4e0fdf64e5f2}:0.9.87 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.8 FF - prefs.js..extensions.enabledItems: {6BFD307A-C040-11DA-9749-FB1C850B47DF}:2.5.0.2 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: {02450954-cdd9-410f-b1da-db804e18c671}:0.96.3 FF - prefs.js..extensions.enabledItems: tiletabs@DW-dev:4.10 FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.6 FF - prefs.js..extensions.enabledItems: yyginstantplay@yoyogames.com:1.1.0.24 FF - prefs.js..extensions.ybookmarks@yahoo.original.keyword.conflicts.warn: false FF - prefs.js..keyword.URL: "hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=" FF - prefs.js..network.proxy.autoconfig_url: "file:///C:\\Users\\ALEXAN~1\\AppData\\Local\\Temp\\proxtube.pac" FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_270.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\system32\npDeployJava1.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team) FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.5: C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.18 20:38:13 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.04.30 11:41:24 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.03.29 18:34:27 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\inlinetranslate@inlinetranslate.com: C:\Users\Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\cwp55av2.default\extensions\inlinetranslate@inlinetranslate.com [2012.08.04 15:14:59 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\extension@preispilot.com: C:\Users\Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\cwp55av2.default\extensions\extension@preispilot.com [2010.10.09 17:44:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alexander\AppData\Roaming\Mozilla\Extensions [2012.08.05 14:06:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\cwp55av2.default\extensions [2011.06.28 13:40:44 | 000,000,000 | ---D | M] (Delicious Extension) -- C:\Users\Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\cwp55av2.default\extensions\delicious@vjkarunapg.com [2010.10.18 16:25:37 | 000,000,000 | ---D | M] (Dictionary (EN/DE)) -- C:\Users\Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\cwp55av2.default\extensions\dictlookup@arnhold.com [2012.05.17 21:24:58 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\cwp55av2.default\extensions\ich@maltegoetz.de [2012.08.04 15:14:59 | 000,000,000 | ---D | M] (Translator) -- C:\Users\Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\cwp55av2.default\extensions\inlinetranslate@inlinetranslate.com [2012.07.30 17:34:15 | 000,000,000 | ---D | M] (Print pages to PDF) -- C:\Users\Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\cwp55av2.default\extensions\printPages2Pdf@reinhold.ripper [2012.08.04 15:15:05 | 000,001,819 | ---- | M] () -- C:\Users\Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\cwp55av2.default\searchplugins\scroogle-ssl-german-search.xml [2012.08.04 15:15:05 | 000,001,382 | ---- | M] () -- C:\Users\Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\cwp55av2.default\searchplugins\scroogle-ssl.xml [2012.08.04 15:15:05 | 000,001,870 | ---- | M] () -- C:\Users\Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\cwp55av2.default\searchplugins\{1A560199-E6AE-4E89-922C-D036DF3081CB}.xml [2012.08.04 15:15:05 | 000,002,188 | ---- | M] () -- C:\Users\Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\cwp55av2.default\searchplugins\{34E64A6B-8666-4EE3-A859-767AA69D948E}.xml [2012.08.04 15:15:05 | 000,002,077 | ---- | M] () -- C:\Users\Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\cwp55av2.default\searchplugins\{F226A978-CB94-4980-A382-1E0F65502212}.xml [2012.06.17 19:38:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2012.03.17 14:09:32 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012.04.03 18:46:18 | 000,140,964 | ---- | M] () (No name found) -- C:\USERS\ALEXANDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\CWP55AV2.DEFAULT\EXTENSIONS\FIREGESTURES@XULDEV.ORG.XPI [2012.08.01 01:48:46 | 000,214,920 | ---- | M] () (No name found) -- C:\USERS\ALEXANDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\CWP55AV2.DEFAULT\EXTENSIONS\GMAILWATCHER@SONTHAKIT.XPI [2012.02.14 13:35:18 | 000,029,003 | ---- | M] () (No name found) -- C:\USERS\ALEXANDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\CWP55AV2.DEFAULT\EXTENSIONS\GROOVESHARKUNLOCKER@OVERLORD1337.XPI [2012.07.18 20:38:13 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.04.29 19:09:06 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2010.12.09 12:47:06 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll [2012.08.04 15:15:05 | 000,001,684 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.08.04 15:15:05 | 000,001,935 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.08.04 15:15:05 | 000,001,271 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.08.04 15:15:05 | 000,001,611 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrchddr.xml [2012.08.04 15:15:05 | 000,007,051 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.08.04 15:15:05 | 000,001,278 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.08.04 15:15:05 | 000,001,170 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2010.10.29 17:38:18 | 000,000,881 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 tictactoe.localhost O1 - Hosts: 127.0.0.1 jquery.localhost O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O4 - HKLM..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui File not found O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.) O4 - HKLM..\Run: [SteelSeries World of Warcraft Cataclysm MMO Gaming Mouse] C:\Program Files (x86)\SteelSeries\World of Warcraft Cataclysm MMO Gaming Mouse\WoWMHID2.exe (SteelSeries) O4 - HKCU..\Run: [Badoo Desktop] C:\ProgramData\Badoo\Badoo Desktop\1.6.55.1183\Badoo.Desktop.exe File not found O4 - HKCU..\Run: [Lingoes] C:\Program Files (x86)\Lingoes\Translator2\Lingoes.exe (Lingoes Project) O4 - HKCU..\Run: [Timerle] C:\Program Files (x86)\Timerle\Timerle.exe (JFSoftware) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Alexander\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O8 - Extra context menu item: Free YouTube Download - C:\Users\Alexander\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9E886633-3C63-4DB1-8DC6-E9BD28CCE249}: NameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKCU Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{59b68bf2-daef-11e1-94df-0019663167d0}\Shell - "" = AutoRun O33 - MountPoints2\{59b68bf2-daef-11e1-94df-0019663167d0}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a O33 - MountPoints2\F\Shell - "" = AutoRun O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.08.14 18:07:26 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0 [2012.08.14 16:31:45 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\Alexander\Desktop\OTL.exe [2012.08.10 13:21:37 | 000,000,000 | -HSD | C] -- C:\Windows\SysNative\%APPDATA% [2012.08.08 21:31:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MB-Ruler [2012.08.05 21:46:14 | 000,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Roaming\kock [2012.08.04 16:00:23 | 000,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Roaming\Lingoes [2012.08.04 16:00:23 | 000,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Local\Lingoes [2012.08.04 16:00:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lingoes [2012.08.04 16:00:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Lingoes [2012.08.04 16:00:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lingoes [2012.08.04 15:30:54 | 000,218,624 | ---- | C] (Nar Dictionary) -- C:\Windows\SysWow64\WCapture.dll [2012.08.04 15:30:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nar Dictionary [2012.08.04 15:15:05 | 000,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Roaming\Opera [2012.08.04 15:15:00 | 000,493,056 | ---- | C] ( datenhaus GmbH) -- C:\Windows\SysWow64\dhRichClient3.dll [2012.08.04 15:14:58 | 000,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Roaming\OCS [2012.08.01 14:15:42 | 000,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Roaming\CAD-KAS [2012.08.01 14:15:34 | 000,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PDF Editor 3.3 [2012.08.01 14:15:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Editor 3.3 [2012.08.01 14:15:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PDF Editor 3 [2012.07.31 20:35:32 | 000,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Roaming\WinRAR [2012.07.31 11:17:01 | 000,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 USB DVD Download Tool [2012.07.31 11:16:35 | 000,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Roaming\Canneverbe Limited [2012.07.31 11:16:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Canneverbe Limited [2012.07.31 11:16:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CDBurnerXP [2012.07.24 22:27:38 | 000,000,000 | ---D | C] -- C:\Users\Alexander\Documents\Games for Windows - LIVE Demos [2012.07.24 17:00:11 | 000,000,000 | ---D | C] -- C:\Users\Alexander\.m2 [2012.07.24 13:41:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\android-sdk [2012.07.24 13:39:00 | 000,000,000 | ---D | C] -- C:\Users\Alexander\.android [2012.07.24 13:25:08 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle [2012.07.24 13:01:51 | 000,955,800 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll [2012.07.24 13:01:51 | 000,268,680 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe [2012.07.24 13:01:45 | 000,189,424 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe [2012.07.24 13:01:45 | 000,188,912 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\java.exe [2012.07.24 12:51:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\android-sdk-windows [2012.07.21 00:08:34 | 000,000,000 | ---D | C] -- C:\Users\Alexander\Documents\Square Enix [2012.07.19 01:50:04 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\directx [2012.07.17 18:26:23 | 000,530,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_6.dll [2012.07.17 18:26:23 | 000,176,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_6.dll [2012.07.17 18:26:23 | 000,078,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_4.dll [2012.07.15 18:59:22 | 000,033,856 | -H-- | C] (LogMeIn, Inc.) -- C:\Windows\SysNative\hamachi.sys [2012.07.15 18:59:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi [2012.07.15 18:59:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Hamachi [2012.07.15 18:58:58 | 000,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Local\LogMeIn Hamachi [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.08.14 16:34:52 | 000,021,984 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.08.14 16:34:52 | 000,021,984 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.08.14 16:31:45 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Alexander\Desktop\OTL.exe [2012.08.14 16:26:53 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.08.14 16:26:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.08.14 16:25:54 | 3220,676,608 | -HS- | M] () -- C:\hiberfil.sys [2012.08.10 13:21:39 | 000,000,045 | ---- | M] () -- C:\Users\Alexander\AppData\Roaming\msconfig.ini [2012.08.10 13:09:07 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.08.10 12:50:08 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.08.05 17:18:18 | 000,007,638 | ---- | M] () -- C:\Users\Alexander\AppData\Local\Resmon.ResmonCfg [2012.08.04 18:50:17 | 000,320,176 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.08.04 15:58:47 | 000,000,067 | ---- | M] () -- C:\ProgramData\claude.ini [2012.08.03 17:09:23 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2012.08.03 17:09:23 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2012.08.01 14:15:33 | 000,075,776 | ---- | M] () -- C:\Windows\cadkasdeinst01e.exe [2012.07.31 11:17:50 | 000,779,306 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.07.31 11:17:50 | 000,652,166 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.07.31 11:17:50 | 000,121,098 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.07.24 18:23:22 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_androidusb_01009.Wdf [2012.07.24 13:01:41 | 000,189,424 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe [2012.07.24 13:01:41 | 000,188,912 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\java.exe [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.08.10 13:17:00 | 000,023,552 | ---- | C] () -- C:\Windows\Installer\{d5b241b7-7bab-debf-fe39-4ba4cb791627}\U\800000cb.@ [2012.08.10 13:17:00 | 000,016,896 | ---- | C] () -- C:\Windows\Installer\{d5b241b7-7bab-debf-fe39-4ba4cb791627}\U\80000000.@ [2012.08.10 13:16:55 | 000,001,712 | ---- | C] () -- C:\Windows\Installer\{d5b241b7-7bab-debf-fe39-4ba4cb791627}\U\00000001.@ [2012.08.10 10:18:59 | 000,000,045 | ---- | C] () -- C:\Users\Alexander\AppData\Roaming\msconfig.ini [2012.08.04 16:00:23 | 000,002,053 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lingoes.lnk [2012.08.04 15:45:32 | 000,000,067 | ---- | C] () -- C:\ProgramData\claude.ini [2012.08.04 15:15:00 | 000,338,432 | ---- | C] () -- C:\Windows\SysWow64\sqlite36_engine.dll [2012.08.01 14:15:33 | 000,075,776 | ---- | C] () -- C:\Windows\cadkasdeinst01e.exe [2012.07.31 11:16:20 | 000,001,899 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP.lnk [2012.07.24 18:23:22 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_androidusb_01009.Wdf [2012.07.13 15:24:46 | 000,764,774 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.02.23 14:16:37 | 000,000,616 | ---- | C] () -- C:\Users\Alexander\.xmaximarc [2012.02.06 20:35:49 | 000,001,536 | ---- | C] () -- C:\Users\Alexander\.recently-used.xbel [2012.01.15 14:39:15 | 000,180,224 | ---- | C] () -- C:\Users\Alexander\AppData\Roaming\msconfig.dat [2012.01.15 14:39:15 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{d5b241b7-7bab-debf-fe39-4ba4cb791627}\@ [2012.01.15 14:39:15 | 000,002,048 | -HS- | C] () -- C:\Users\Alexander\AppData\Local\{d5b241b7-7bab-debf-fe39-4ba4cb791627}\@ [2012.01.15 03:43:40 | 000,000,037 | -HS- | C] () -- C:\Users\Alexander\AppData\Local\1754111884ee9ab5277ca00.95260103 [2011.12.26 15:40:13 | 000,014,760 | ---- | C] () -- C:\Windows\SysWow64\drivers\DRHMSR64.sys [2011.12.17 02:00:42 | 000,000,000 | ---- | C] () -- C:\Users\Alexander\AppData\Local\{4E64938B-E563-4B7E-ABB8-779D385288CE} [2011.12.07 01:01:39 | 000,017,408 | ---- | C] () -- C:\Users\Alexander\AppData\Local\WebpageIcons.db [2011.11.25 22:05:52 | 000,000,036 | ---- | C] () -- C:\Users\Alexander\.org.eclipse.epp.usagedata.recording.userId [2011.09.28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2011.06.15 18:48:40 | 000,004,608 | ---- | C] () -- C:\Users\Alexander\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.05.29 00:21:45 | 000,000,001 | ---- | C] () -- C:\Windows\SysWow64\SI.bin [2011.05.15 16:03:57 | 000,000,331 | ---- | C] () -- C:\Windows\game.ini [2010.12.27 18:50:24 | 000,000,760 | ---- | C] () -- C:\Users\Alexander\AppData\Roaming\setup_ldm.iss [2010.10.27 00:36:29 | 000,007,638 | ---- | C] () -- C:\Users\Alexander\AppData\Local\Resmon.ResmonCfg [2010.10.18 22:33:26 | 000,000,600 | ---- | C] () -- C:\Users\Alexander\AppData\Roaming\winscp.rnd [2010.10.14 21:57:02 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll [2010.10.09 18:59:15 | 000,120,200 | ---- | C] () -- C:\Windows\SysWow64\DLLDEV32i.dll [2010.10.09 18:02:23 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat < End of report > Könnt ihr mir helfen? Was kann ich noch machen? Gruss, Alexander |
Themen zu GVU Trojaner Befall, Windows 7. Vermutlich nach Installation von infizierter Software |
akamai, antivir, avast, avg, avira, bho, desktop, explorer, firefox, flash player, format, google, google earth, gvu trojaner, inline, installation, kaspersky, langs, locker, logfile, malware, mozilla, plug-in, realtek, registry, software, system, temp, trojaner, virus, windows |