|
Plagegeister aller Art und deren Bekämpfung: GVU-Trojaner v2.07 (Windows XP)Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
19.08.2012, 20:49 | #1 |
| GVU-Trojaner v2.07 (Windows XP) Hallo zusammen! Seit gesten Abend habe ich den GVU-Trojaner v2.07 auf dem PC nebenan. Nach einem Versuch mit "Windows Unlocker" wieder Zugriff auf den Computer zu bekommen, konnte ich ihn sogar zeitweilen wieder benutzen, jedoch nur bis eine Internetverbindung hergestellt wurde. Dann schaltete sich promt wieder der bekannte "Zahlungsbildschirm" ein. Auch durch Antivirprogramme wurd ich den Trojaner nicht los. Ich gehe davon aus, dass ich zuerst ein Scanprogramm auf dem infizierten Computer installieren muss. Ich bin mir allerdings nicht sicher ob der Zahlungsbildschirm nicht auch erscheint, wenn der PC keine Internetverbindung hat. (Dann müsste ich erst wieder den WindowsUnlocker laufen lassen) Und gleich eine weitere Frage: wenn ich die installationsdatei auf einen USB-stick ziehe, der Verbindung zum infizierten Computer hatte, besteht dann nicht das Risiko, dass ich auch diesen PC infiziere? Geändert von pphps (19.08.2012 um 20:56 Uhr) |
19.08.2012, 21:14 | #2 |
/// Helfer-Team | GVU-Trojaner v2.07 (Windows XP)Von einem sauberen PC OTL.exe runterladen auf USB Stick. Infizierten Rechner ohne Internet starten. OTL.exe auf Desktop kopieren und Log erstellen. Systemscan mit OTL (bebilderte Anleitung)
__________________ |
20.08.2012, 10:53 | #3 |
| GVU-Trojaner v2.07 (Windows XP) Guten Morgen!
__________________Als ich die OTL logfiles auf den Usb-stick kopiert habe, fand Avira einen Virus namens "SVS". Diesen habe ich daraufhin gelöscht. Besteht jetzt keine Gefahr, dass ich diesen Virus beim Einstecken des USB-sticks auf den sauberen Computer übertrage? Hab bei solchen Angelegenheiten immer ziemlich Angst |
20.08.2012, 13:40 | #4 |
/// Helfer-Team | GVU-Trojaner v2.07 (Windows XP) Nein, so uebertraegt er sich nicht. |
20.08.2012, 14:55 | #5 |
| GVU-Trojaner v2.07 (Windows XP) Ach ja, ich weiß nicht ob das in irgendeiner Weise wichtig ist, aber ich hab auf dem USB-stick ein neues Textdukoment erstellt und darein die Log-daten gespeichert und nicht die Log-dateien rübergezogen. Ich wusste nicht, dass diese gespeichert werden. (nach der Anfrage ob ich die Änderungen speichern möchte kam dann die Meldung eines potenziellen Virus) Da sich der Virus so nicht überträgt, heißt das dann auch, dass die Externe Festplatte, die angeschlossen war als der Virus auf den Computer kam, nicht infiziert wurde? Das wäre natürlich schön zu hören |
20.08.2012, 14:59 | #6 |
/// Helfer-Team | GVU-Trojaner v2.07 (Windows XP) Ohne ein Log ist das reine Spekulation.
__________________ --> GVU-Trojaner v2.07 (Windows XP) |
20.08.2012, 17:59 | #7 |
| GVU-Trojaner v2.07 (Windows XP) Hey, Hier die Logdateien von OTL: Extras: Code:
ATTFilter OTL Extras logfile created on: 20.08.2012 11:35:32 - Run 1 OTL by OldTimer - Version 3.2.58.1 Folder = C:\Dokumente und Einstellungen\User\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.5512) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,25 Gb Total Physical Memory | 2,63 Gb Available Physical Memory | 80,85% Memory free 5,08 Gb Paging File | 4,40 Gb Available in Paging File | 86,63% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 122,07 Gb Total Space | 68,41 Gb Free Space | 56,04% Space Free | Partition Type: NTFS Drive D: | 343,68 Gb Total Space | 78,45 Gb Free Space | 22,83% Space Free | Partition Type: NTFS Drive F: | 979,70 Mb Total Space | 979,11 Mb Free Space | 99,94% Space Free | Partition Type: FAT Computer Name: TUNED-0916D1BA8 | User Name: ****| Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .html [@ = ChromeHTML] -- "C:\Programme\Google\Chrome\Application\chrome.exe" -- "%1" .url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* htmlfile [edit] -- Reg Error: Key error. http [open] -- "C:\Programme\Google\Chrome\Application\chrome.exe" -- "%1" https [open] -- "C:\Programme\Google\Chrome\Application\chrome.exe" -- "%1" InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 1 "UpdatesDisableNotify" = 1 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] "DisableMonitoring" = 1 ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 4 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "56071:TCP" = 56071:TCP:*:Enabled:Pando Media Booster "56071:UDP" = 56071:UDP:*:Enabled:Pando Media Booster [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "56071:TCP" = 56071:TCP:*:Enabled:Pando Media Booster "56071:UDP" = 56071:UDP:*:Enabled:Pando Media Booster "8394:TCP" = 8394:TCP:*:Enabled:League of Legends Launcher "8394:UDP" = 8394:UDP:*:Enabled:League of Legends Launcher "8395:TCP" = 8395:TCP:*:Enabled:League of Legends Launcher "8395:UDP" = 8395:UDP:*:Enabled:League of Legends Launcher "1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008 "8396:TCP" = 8396:TCP:*:Enabled:League of Legends Launcher "8396:UDP" = 8396:UDP:*:Enabled:League of Legends Launcher "8397:TCP" = 8397:TCP:*:Enabled:League of Legends Launcher "8397:UDP" = 8397:UDP:*:Enabled:League of Legends Launcher "6953:TCP" = 6953:TCP:*:Enabled:League of Legends Launcher "6953:UDP" = 6953:UDP:*:Enabled:League of Legends Launcher "6902:TCP" = 6902:TCP:*:Enabled:League of Legends Launcher "6902:UDP" = 6902:UDP:*:Enabled:League of Legends Launcher "8398:TCP" = 8398:TCP:*:Enabled:League of Legends Launcher "8398:UDP" = 8398:UDP:*:Enabled:League of Legends Launcher "8393:TCP" = 8393:TCP:*:Enabled:League of Legends Lobby "8393:UDP" = 8393:UDP:*:Enabled:League of Legends Lobby "8390:TCP" = 8390:TCP:*:Enabled:League of Legends Game Client "8390:UDP" = 8390:UDP:*:Enabled:League of Legends Game Client "6911:TCP" = 6911:TCP:*:Enabled:League of Legends Launcher "6911:UDP" = 6911:UDP:*:Enabled:League of Legends Launcher ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "C:\Programme\Pando Networks\Media Booster\PMB.exe" = C:\Programme\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- () [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Programme\Skype\Plugin Manager\skypePM.exe" = C:\Programme\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager "D:\Programme\Electronic Arts\Die Schlacht um Mittelerde II\game.dat" = D:\Programme\Electronic Arts\Die Schlacht um Mittelerde II\game.dat:*:Enabled:Die Schlacht um Mittelerde™ II "C:\Programme\LimeWire\LimeWire.exe" = C:\Programme\LimeWire\LimeWire.exe:*:Enabled:LimeWire "C:\Programme\Pando Networks\Media Booster\PMB.exe" = C:\Programme\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- () "D:\Programme\League of Legends\Air\LolClient.exe" = D:\Programme\League of Legends\Air\LolClient.exe:*:Enabled:League of Legends Lobby "D:\Programme\League of Legends\Game\League of Legends.exe" = D:\Programme\League of Legends\Game\League of Legends.exe:*:Enabled:League of Legends Game Client "D:\Dokumente und Einstellungen\Skype\Plugin Manager\skypePM.exe" = D:\Dokumente und Einstellungen\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager "D:\Programme\Mass Effect 2\Binaries\MassEffect2.exe" = D:\Programme\Mass Effect 2\Binaries\MassEffect2.exe:*:Enabled:Mass Effect 2 -Spiel -- (BioWare) "D:\Programme\Mass Effect 2\MassEffect2Launcher.exe" = D:\Programme\Mass Effect 2\MassEffect2Launcher.exe:*:Enabled:Mass Effect 2 -Launcher -- (BioWare) "D:\Programme\League of Legends\lol.launcher.exe" = D:\Programme\League of Legends\lol.launcher.exe:*:Enabled:League of Legends Launcher -- () "D:\Programme\LucasArts\Star Wars Battlefront II\GameData\BattlefrontII.exe" = D:\Programme\LucasArts\Star Wars Battlefront II\GameData\BattlefrontII.exe:*:Enabled:BattlefrontII -- () "C:\WINDOWS\system32\ZoneLabs\vsmon.exe" = C:\WINDOWS\system32\ZoneLabs\vsmon.exe:*:Enabled:vsmon "D:\CherryDeGames\Dragon Nest\DragonNest.exe" = D:\CherryDeGames\Dragon Nest\DragonNest.exe:*:Enabled:Dragon Nest -- () "C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.) "C:\Dokumente und Einstellungen\Isa\Anwendungsdaten\Spotify\spotify.exe" = C:\Dokumente und Einstellungen\Isa\Anwendungsdaten\Spotify\spotify.exe:*:Enabled:Spotify -- (Spotify Ltd) "D:\Programme\Tunngle\TnglCtrl.exe" = D:\Programme\Tunngle\TnglCtrl.exe:*:Enabled:Tunngle Service -- (Tunngle.net GmbH) "D:\Programme\Tunngle\Tunngle.exe" = D:\Programme\Tunngle\Tunngle.exe:*:Enabled:Tunngle Client -- (Tunngle.net GmbH) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0242FA44-00A3-0069-AF0F-A780C5CF8FA8}" = AMD Catalyst Install Manager "{036138A4-CE69-54B3-EC3A-22EC160303E0}" = CCC Help Czech "{07300F01-89CA-4CF8-92BD-2A605EB83C95}" = EasySaver B9.0205.1 "{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended "{0A68C819-3333-E57F-5881-D3FE31C1F2D5}" = CCC Help Turkish "{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}" = PlayStation(R)Store "{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime "{0FB261F3-6F16-43FD-A404-F377C169B937}" = Madagascar (TM) "{11083C7A-D0D6-4DA4-8C3A-74B8389EC07B}" = ATI Catalyst Registration "{155F4A0E-76ED-45A2-91FB-FF2A2133C31A}" = Risen "{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1 "{1C9B6173-6DC9-4EEE-9EFC-6BA115CFBE43}" = Die Sims™ 3 Diesel Accessoires "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{20C3DEAF-801D-4C3E-9826-E62EE16DB7AB}" = phase6_18 "{23481C75-AA13-858C-C707-51D7744F2309}" = CCC Help English "{237CD223-1B9D-47E8-A76C-E478B83CCEA2}" = File Uploader "{23B8A91D-680B-462B-87AD-3D70F7341731}" = iTunes "{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 22 "{3179E96B-2CCF-A00A-5738-4C14DBA0DACA}" = CCC Help Chinese Traditional "{31D476EC-A1F0-47A1-BEB9-11768B0277F2}" = Sudo for Windows "{32A3A4F4-B792-11D6-A78A-00B0D0160240}" = Java(TM) SE Development Kit 6 Update 24 "{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{3566D7DB-EA10-49DE-A95B-F4AB41FC0A93}" = Dragon Nest SEA "{3BDCECE1-F7F8-81E3-EE26-AF8FD5172A56}" = CCC Help German "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3D374523-CFDE-461A-827E-2A102E2AB365}" = Star Wars Battlefront II "{41B4F085-82E5-C9C2-9AB3-65D67EF60883}" = CCC Help Italian "{5884CB45-C54B-4550-BAD5-3E060FD75D17}" = ZoneAlarm Firewall "{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth "{5DCB68D8-686F-0550-6DD3-957A366F8F99}" = CCC Help Norwegian "{63E949F6-03BC-5C40-FF1F-C8B3B9A1E18E}" = Visual C++ 8.0 CRT.Policy (x86) WinSXS MSM "{653B7F6E-F594-4B55-61BA-78F8FE6E500A}" = CCC Help Finnish "{65FBA21B-7F80-4E4E-B275-0958D2648F94}_is1" = Java-Editor 11.10, 2012.03.19 "{69101ED4-FAEB-44EE-1A0E-0602CD6458F3}" = Catalyst Control Center "{6C90C4C4-559D-4FE8-A4BF-37550E74D1FC}" = Bloodline Champions "{6E298B0A-558C-4138-0096-740677B382CD}" = HdR Die Rückkehr des Königs tm "{6E5BC38E-F22B-4197-00A2-CD8E58EF139C}" = Fussball Manager 2004 "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{75D84EF7-0D8C-4e70-B3FA-7B42A5D4E0EB}" = Mass Effect 2 "{76B0FAA5-C23B-58E8-EB51-1195A4D6BEB7}" = Catalyst Control Center Localization All "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour "{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP "{7F3AD00A-1819-4B15-BB7D-08B3586336D7}" = 3DMark06 "{7FA1DAFD-AF55-E915-FD92-F269443A2ADF}" = Media Go Video Playback Engine 1.88.110.12050 "{821CF756-EDC0-5A8C-6ECA-3F4682DEAFD1}" = CCC Help French "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar "{87441A59-5E64-4096-A170-14EFE67200C3}" = Picture Control Utility "{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo Layers Runtime 1.10.01 "{8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38}" = Microsoft .NET Framework 2.0 Language Pack - DEU "{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial "{8DE03F6E-FCD2-4497-A8FF-F6C4430618B6}" = Browser-Plug-In für BlackBerry App World "{8F295D2F-7C03-4FE6-8A97-99F8962D455B}_is1" = CLICK & LEARN DiDi 360° "{8FB7E2C1-13A7-F9A0-277F-8CFB5B198E7E}" = CCC Help Polish "{907B4640-266B-4A21-92FB-CD1A86CD0F63}" = RollerCoaster Tycoon 3 "{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195 "{93FF055C-7E0B-4E26-AAFB-2C4333E2D7D0}" = Logitech Gaming Software 8.12 "{950A97A5-F8AF-26C7-8F8B-47F7C1F03363}" = CCC Help Portuguese "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{96A092BE-173D-6824-14FD-1C8C0477C1D1}" = CCC Help Greek "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster "{98CB24AD-52FB-DB5F-FF1F-C8B3B9A1E18E}" = Visual C++ 8.0 CRT (x86) WinSXS MSM "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BA4C082-183A-4869-06DB-4F563355D33F}" = CCC Help Spanish "{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175 "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A3E8FC19-2107-49DA-967F-23E1B5210D9C}" = ZoneAlarm Security "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AA47D951-588B-48A5-8183-21C44B1EA6EA}" = VRWriter4 "{AB4FE709-7AC5-A7FF-A947-A110CEFCB074}" = CCC Help Hungarian "{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.2 - Deutsch "{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}" = PlayStation(R)Network Downloader "{B802B2D2-C777-1876-8204-C0F360CBF955}" = CCC Help Dutch "{B93E815A-ED3F-436C-8175-C0BB1AD4AA36}" = OSCAR Editor "{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}" = Die Sims™ 3 Reiseabenteuer "{BBC2068D-CE9C-48F5-A6EA-4B44B9DB14A5}" = Catalyst Control Center - Branding "{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo "{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die Sims™ 3 "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C12631C6-804D-4B32-B0DD-8A496462F106}" = Die Sims™ 3 Einfach tierisch "{C151CE54-E7EA-4804-854B-F515368B0798}" = AMD Processor Driver "{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX "{C6BD88D1-A8D3-B46F-781E-80A6A6927E09}" = CCC Help Chinese Standard "{C7DDA8E7-AD3D-4F51-AC1E-B0FF57002192}" = Microsoft IntelliPoint 6.3 "{C8616041-2802-4DE2-B3BD-6285AAD65C2A}" = Nikon RAW Codec "{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack "{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver "{CDCBF62D-8E74-44A5-91AD-44AB4C2EFD89}" = InterVideo FilterSDK for Panasonic "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center "{D3CD290C-C254-F440-962D-F9D0E60DD3F4}" = CCC Help Danish "{DA3DB4D7-429D-4292-F855-C47C6EA1AFF8}" = CCC Help Thai "{DBF1AE39-DA30-4B89-A7EB-3BDA675C5D9E}" = Media Go "{DE464235-13EC-F0E2-2608-9A8103F52DF8}" = CCC Help Japanese "{DFFC0648-BC4B-47D1-93D2-6CA6B9457641}" = OpenOffice.org 3.2 "{E045A5E3-0FC6-4AC2-BBE3-C49D68BA54DA}" = MotionSD STUDIO 1.3E "{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager "{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime "{E8AEA11B-E60A-455E-B008-E4E763604612}" = Browser Configuration Utility "{E8D9FAA2-D3DB-7FA3-3FFE-0AC935251F99}" = CCC Help Swedish "{E9757890-7EC5-46C8-99AB-B00F07B6525C}" = Nikon Transfer "{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10 "{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support "{F007CBCE-D714-4C0B-8CE9-9B0D78116468}" = ViewNX "{F012A635-8E2C-4AF2-BD46-C508D00289B2}" = ZoneAlarm Antivirus "{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony PC Companion 2.10.065 "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F748B53A-A58F-17B4-F380-08EF92B6A6F4}" = CCC Help Korean "{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{FA584B62-7ECF-A981-0D1E-A8BE67C604DB}" = Catalyst Control Center Graphics Previews Common "{FBFC6AFA-082C-CBEC-3D28-1EE9CA16D029}" = ccc-utility "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "{FF77941A-2BFA-4A18-BE2E-69B9498E4D55}" = User Profile Hive Cleanup Service "{FF9B0E3E-9D2E-2560-EEA2-BB35A369C491}" = CCC Help Russian "5513-1208-7298-9440" = JDownloader 0.9 "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Arena_0" = Arena 4.0 "ASIO4ALL" = ASIO4ALL "Audacity_is1" = Audacity 2.0 "Avira AntiVir Desktop" = Avira Free Antivirus "Diablo III" = Diablo III "Driver Genius Professional Edition_is1" = Driver Genius Professional Edition "DVD Flick_is1" = DVD Flick 1.3.0.7 "Exact Audio Copy" = Exact Audio Copy 1.0beta3 "FL Studio 10" = FL Studio 10 "FormatFactory" = FormatFactory 2.90 "Fraps" = Fraps (remove only) "Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7 "Free YouTube Download 3_is1" = Free YouTube Download 3 version 3.0.10.722 "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.5.722 "Frets on Fire" = Frets On Fire "Generic USB 106 Sound" = USB Multi-Channel Audio Device "Google Chrome" = Google Chrome "IL Download Manager" = IL Download Manager "InstallShield_{0FB261F3-6F16-43FD-A404-F377C169B937}" = Madagascar "InstallShield_{B93E815A-ED3F-436C-8175-C0BB1AD4AA36}" = OSCAR Editor "Klett Software Sicher ins Abitur" = Klett Software Sicher ins Abitur "League of Legends_is1" = League of Legends "loadtbs-2.1" = loadtbs-2.1 "Metin2_is1" = Metin2 "Microsoft .NET Framework 2.0 Language Pack - DEU" = Microsoft .NET Framework 2.0 Language Pack - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack "Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "NetLimiter 2 Monitor" = NetLimiter 2 Monitor (remove only) "OpenAL" = OpenAL "Pferd & Pony - Lass uns reiten!" = Pferd & Pony - Lass uns reiten! "Picasa 3" = Picasa 3 "PowerISO" = PowerISO "RPG Maker 2000 Yu-Gi-Oh!-Das Spiel des Schattens" = RPG Maker 2000 - Untitled "StarCraft II Demo" = StarCraft II Demo "Steamless Portal Pack" = Steamless Portal Pack "TmNationsForever_is1" = TmNationsForever Update 2010-03-15 "Trine 2_is1" = Trine 2 "Tunngle beta_is1" = Tunngle beta "Uninstall_is1" = Uninstall 1.0.0.1 "vfd-ob" = VideoFileDownload "Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9 "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "Windows XP Service Pack" = Windows XP Service Pack 3 "WinGimp-2.0_is1" = GIMP 2.6.11 "WinRAR archiver" = WinRAR "Wise Registry Cleaner_is1" = Wise Registry Cleaner 5.8.9 "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 "Xfire" = Xfire (remove only) "ZoneAlarm Free Antivirus + Firewall" = ZoneAlarm Free Antivirus + Firewall "ZoneAlarm LTD Toolbar" = ZoneAlarm LTD Toolbar "ZoneAlarm Security Toolbar" = ZoneAlarm Security Toolbar "Zoo Tycoon 1.0" = Zoo Tycoon-Erweiterungen ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-1935655697-823518204-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater "TeamSpeak 3 Client" = TeamSpeak 3 Client ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 08.08.2012 11:16:23 | Computer Name = TUNED-0916D1BA8 | Source = PerfNet | ID = 2006 Description = Die Server Queue-Leistungsinformationen konnten nicht gelesen werden. Es werden keine Server-Leistungsinformationen zurückgegeben. Der zurückgegebene Fehlercode ist DWORD 0, der IOSB.Status ist DWORD 1 und die IOSB.Information ist DWORD 2. Error - 09.08.2012 15:43:00 | Computer Name = TUNED-0916D1BA8 | Source = crypt32 | ID = 131080 Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> ist fehlgeschlagen mit dem Fehler: Der Servername oder die Serveradresse konnte nicht verarbeitet werden. . Error - 09.08.2012 15:43:00 | Computer Name = TUNED-0916D1BA8 | Source = crypt32 | ID = 131080 Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> ist fehlgeschlagen mit dem Fehler: Diese Netzwerkverbindung ist nicht vorhanden. . Error - 09.08.2012 15:43:00 | Computer Name = TUNED-0916D1BA8 | Source = crypt32 | ID = 131080 Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> ist fehlgeschlagen mit dem Fehler: Diese Netzwerkverbindung ist nicht vorhanden. . Error - 09.08.2012 15:43:00 | Computer Name = TUNED-0916D1BA8 | Source = crypt32 | ID = 131080 Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> ist fehlgeschlagen mit dem Fehler: Diese Netzwerkverbindung ist nicht vorhanden. . Error - 09.08.2012 15:43:00 | Computer Name = TUNED-0916D1BA8 | Source = crypt32 | ID = 131080 Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> ist fehlgeschlagen mit dem Fehler: Diese Netzwerkverbindung ist nicht vorhanden. . Error - 09.08.2012 15:43:00 | Computer Name = TUNED-0916D1BA8 | Source = crypt32 | ID = 131080 Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> ist fehlgeschlagen mit dem Fehler: Diese Netzwerkverbindung ist nicht vorhanden. . Error - 10.08.2012 09:12:44 | Computer Name = TUNED-0916D1BA8 | Source = PerfNet | ID = 2004 Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen werden nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0. Error - 10.08.2012 12:34:19 | Computer Name = TUNED-0916D1BA8 | Source = PerfNet | ID = 2004 Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen werden nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0. Error - 14.08.2012 06:22:50 | Computer Name = TUNED-0916D1BA8 | Source = PerfNet | ID = 2004 Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen werden nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0. [ System Events ] Error - 20.08.2012 05:41:14 | Computer Name = TUNED-0916D1BA8 | Source = Disk | ID = 262151 Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\D. Error - 20.08.2012 05:41:15 | Computer Name = TUNED-0916D1BA8 | Source = Disk | ID = 262151 Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\D. Error - 20.08.2012 05:41:17 | Computer Name = TUNED-0916D1BA8 | Source = Disk | ID = 262151 Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\D. Error - 20.08.2012 05:41:18 | Computer Name = TUNED-0916D1BA8 | Source = Disk | ID = 262151 Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\D. Error - 20.08.2012 05:41:19 | Computer Name = TUNED-0916D1BA8 | Source = Disk | ID = 262151 Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\D. Error - 20.08.2012 05:41:20 | Computer Name = TUNED-0916D1BA8 | Source = Disk | ID = 262151 Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\D. Error - 20.08.2012 05:41:21 | Computer Name = TUNED-0916D1BA8 | Source = Disk | ID = 262151 Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\D. Error - 20.08.2012 05:41:22 | Computer Name = TUNED-0916D1BA8 | Source = Disk | ID = 262151 Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\D. Error - 20.08.2012 05:41:23 | Computer Name = TUNED-0916D1BA8 | Source = Disk | ID = 262151 Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\D. Error - 20.08.2012 05:41:24 | Computer Name = TUNED-0916D1BA8 | Source = Disk | ID = 262151 Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\D. < End of report > OTL: Code:
ATTFilter OTL Extras logfile created on: 20.08.2012 11:35:32 - Run 1 OTL by OldTimer - Version 3.2.58.1 Folder = C:\Dokumente und Einstellungen\User\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.5512) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,25 Gb Total Physical Memory | 2,63 Gb Available Physical Memory | 80,85% Memory free 5,08 Gb Paging File | 4,40 Gb Available in Paging File | 86,63% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 122,07 Gb Total Space | 68,41 Gb Free Space | 56,04% Space Free | Partition Type: NTFS Drive D: | 343,68 Gb Total Space | 78,45 Gb Free Space | 22,83% Space Free | Partition Type: NTFS Drive F: | 979,70 Mb Total Space | 979,11 Mb Free Space | 99,94% Space Free | Partition Type: FAT Computer Name: TUNED-0916D1BA8 | User Name: ****| Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .html [@ = ChromeHTML] -- "C:\Programme\Google\Chrome\Application\chrome.exe" -- "%1" .url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* htmlfile [edit] -- Reg Error: Key error. http [open] -- "C:\Programme\Google\Chrome\Application\chrome.exe" -- "%1" https [open] -- "C:\Programme\Google\Chrome\Application\chrome.exe" -- "%1" InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 1 "UpdatesDisableNotify" = 1 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] "DisableMonitoring" = 1 ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 4 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "56071:TCP" = 56071:TCP:*:Enabled:Pando Media Booster "56071:UDP" = 56071:UDP:*:Enabled:Pando Media Booster [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "56071:TCP" = 56071:TCP:*:Enabled:Pando Media Booster "56071:UDP" = 56071:UDP:*:Enabled:Pando Media Booster "8394:TCP" = 8394:TCP:*:Enabled:League of Legends Launcher "8394:UDP" = 8394:UDP:*:Enabled:League of Legends Launcher "8395:TCP" = 8395:TCP:*:Enabled:League of Legends Launcher "8395:UDP" = 8395:UDP:*:Enabled:League of Legends Launcher "1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008 "8396:TCP" = 8396:TCP:*:Enabled:League of Legends Launcher "8396:UDP" = 8396:UDP:*:Enabled:League of Legends Launcher "8397:TCP" = 8397:TCP:*:Enabled:League of Legends Launcher "8397:UDP" = 8397:UDP:*:Enabled:League of Legends Launcher "6953:TCP" = 6953:TCP:*:Enabled:League of Legends Launcher "6953:UDP" = 6953:UDP:*:Enabled:League of Legends Launcher "6902:TCP" = 6902:TCP:*:Enabled:League of Legends Launcher "6902:UDP" = 6902:UDP:*:Enabled:League of Legends Launcher "8398:TCP" = 8398:TCP:*:Enabled:League of Legends Launcher "8398:UDP" = 8398:UDP:*:Enabled:League of Legends Launcher "8393:TCP" = 8393:TCP:*:Enabled:League of Legends Lobby "8393:UDP" = 8393:UDP:*:Enabled:League of Legends Lobby "8390:TCP" = 8390:TCP:*:Enabled:League of Legends Game Client "8390:UDP" = 8390:UDP:*:Enabled:League of Legends Game Client "6911:TCP" = 6911:TCP:*:Enabled:League of Legends Launcher "6911:UDP" = 6911:UDP:*:Enabled:League of Legends Launcher ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "C:\Programme\Pando Networks\Media Booster\PMB.exe" = C:\Programme\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- () [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Programme\Skype\Plugin Manager\skypePM.exe" = C:\Programme\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager "D:\Programme\Electronic Arts\Die Schlacht um Mittelerde II\game.dat" = D:\Programme\Electronic Arts\Die Schlacht um Mittelerde II\game.dat:*:Enabled:Die Schlacht um Mittelerde™ II "C:\Programme\LimeWire\LimeWire.exe" = C:\Programme\LimeWire\LimeWire.exe:*:Enabled:LimeWire "C:\Programme\Pando Networks\Media Booster\PMB.exe" = C:\Programme\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- () "D:\Programme\League of Legends\Air\LolClient.exe" = D:\Programme\League of Legends\Air\LolClient.exe:*:Enabled:League of Legends Lobby "D:\Programme\League of Legends\Game\League of Legends.exe" = D:\Programme\League of Legends\Game\League of Legends.exe:*:Enabled:League of Legends Game Client "D:\Dokumente und Einstellungen\Skype\Plugin Manager\skypePM.exe" = D:\Dokumente und Einstellungen\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager "D:\Programme\Mass Effect 2\Binaries\MassEffect2.exe" = D:\Programme\Mass Effect 2\Binaries\MassEffect2.exe:*:Enabled:Mass Effect 2 -Spiel -- (BioWare) "D:\Programme\Mass Effect 2\MassEffect2Launcher.exe" = D:\Programme\Mass Effect 2\MassEffect2Launcher.exe:*:Enabled:Mass Effect 2 -Launcher -- (BioWare) "D:\Programme\League of Legends\lol.launcher.exe" = D:\Programme\League of Legends\lol.launcher.exe:*:Enabled:League of Legends Launcher -- () "D:\Programme\LucasArts\Star Wars Battlefront II\GameData\BattlefrontII.exe" = D:\Programme\LucasArts\Star Wars Battlefront II\GameData\BattlefrontII.exe:*:Enabled:BattlefrontII -- () "C:\WINDOWS\system32\ZoneLabs\vsmon.exe" = C:\WINDOWS\system32\ZoneLabs\vsmon.exe:*:Enabled:vsmon "D:\CherryDeGames\Dragon Nest\DragonNest.exe" = D:\CherryDeGames\Dragon Nest\DragonNest.exe:*:Enabled:Dragon Nest -- () "C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.) "C:\Dokumente und Einstellungen\Isa\Anwendungsdaten\Spotify\spotify.exe" = C:\Dokumente und Einstellungen\Isa\Anwendungsdaten\Spotify\spotify.exe:*:Enabled:Spotify -- (Spotify Ltd) "D:\Programme\Tunngle\TnglCtrl.exe" = D:\Programme\Tunngle\TnglCtrl.exe:*:Enabled:Tunngle Service -- (Tunngle.net GmbH) "D:\Programme\Tunngle\Tunngle.exe" = D:\Programme\Tunngle\Tunngle.exe:*:Enabled:Tunngle Client -- (Tunngle.net GmbH) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0242FA44-00A3-0069-AF0F-A780C5CF8FA8}" = AMD Catalyst Install Manager "{036138A4-CE69-54B3-EC3A-22EC160303E0}" = CCC Help Czech "{07300F01-89CA-4CF8-92BD-2A605EB83C95}" = EasySaver B9.0205.1 "{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended "{0A68C819-3333-E57F-5881-D3FE31C1F2D5}" = CCC Help Turkish "{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}" = PlayStation(R)Store "{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime "{0FB261F3-6F16-43FD-A404-F377C169B937}" = Madagascar (TM) "{11083C7A-D0D6-4DA4-8C3A-74B8389EC07B}" = ATI Catalyst Registration "{155F4A0E-76ED-45A2-91FB-FF2A2133C31A}" = Risen "{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1 "{1C9B6173-6DC9-4EEE-9EFC-6BA115CFBE43}" = Die Sims™ 3 Diesel Accessoires "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{20C3DEAF-801D-4C3E-9826-E62EE16DB7AB}" = phase6_18 "{23481C75-AA13-858C-C707-51D7744F2309}" = CCC Help English "{237CD223-1B9D-47E8-A76C-E478B83CCEA2}" = File Uploader "{23B8A91D-680B-462B-87AD-3D70F7341731}" = iTunes "{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 22 "{3179E96B-2CCF-A00A-5738-4C14DBA0DACA}" = CCC Help Chinese Traditional "{31D476EC-A1F0-47A1-BEB9-11768B0277F2}" = Sudo for Windows "{32A3A4F4-B792-11D6-A78A-00B0D0160240}" = Java(TM) SE Development Kit 6 Update 24 "{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{3566D7DB-EA10-49DE-A95B-F4AB41FC0A93}" = Dragon Nest SEA "{3BDCECE1-F7F8-81E3-EE26-AF8FD5172A56}" = CCC Help German "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3D374523-CFDE-461A-827E-2A102E2AB365}" = Star Wars Battlefront II "{41B4F085-82E5-C9C2-9AB3-65D67EF60883}" = CCC Help Italian "{5884CB45-C54B-4550-BAD5-3E060FD75D17}" = ZoneAlarm Firewall "{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth "{5DCB68D8-686F-0550-6DD3-957A366F8F99}" = CCC Help Norwegian "{63E949F6-03BC-5C40-FF1F-C8B3B9A1E18E}" = Visual C++ 8.0 CRT.Policy (x86) WinSXS MSM "{653B7F6E-F594-4B55-61BA-78F8FE6E500A}" = CCC Help Finnish "{65FBA21B-7F80-4E4E-B275-0958D2648F94}_is1" = Java-Editor 11.10, 2012.03.19 "{69101ED4-FAEB-44EE-1A0E-0602CD6458F3}" = Catalyst Control Center "{6C90C4C4-559D-4FE8-A4BF-37550E74D1FC}" = Bloodline Champions "{6E298B0A-558C-4138-0096-740677B382CD}" = HdR Die Rückkehr des Königs tm "{6E5BC38E-F22B-4197-00A2-CD8E58EF139C}" = Fussball Manager 2004 "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{75D84EF7-0D8C-4e70-B3FA-7B42A5D4E0EB}" = Mass Effect 2 "{76B0FAA5-C23B-58E8-EB51-1195A4D6BEB7}" = Catalyst Control Center Localization All "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour "{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP "{7F3AD00A-1819-4B15-BB7D-08B3586336D7}" = 3DMark06 "{7FA1DAFD-AF55-E915-FD92-F269443A2ADF}" = Media Go Video Playback Engine 1.88.110.12050 "{821CF756-EDC0-5A8C-6ECA-3F4682DEAFD1}" = CCC Help French "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar "{87441A59-5E64-4096-A170-14EFE67200C3}" = Picture Control Utility "{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo Layers Runtime 1.10.01 "{8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38}" = Microsoft .NET Framework 2.0 Language Pack - DEU "{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial "{8DE03F6E-FCD2-4497-A8FF-F6C4430618B6}" = Browser-Plug-In für BlackBerry App World "{8F295D2F-7C03-4FE6-8A97-99F8962D455B}_is1" = CLICK & LEARN DiDi 360° "{8FB7E2C1-13A7-F9A0-277F-8CFB5B198E7E}" = CCC Help Polish "{907B4640-266B-4A21-92FB-CD1A86CD0F63}" = RollerCoaster Tycoon 3 "{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195 "{93FF055C-7E0B-4E26-AAFB-2C4333E2D7D0}" = Logitech Gaming Software 8.12 "{950A97A5-F8AF-26C7-8F8B-47F7C1F03363}" = CCC Help Portuguese "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{96A092BE-173D-6824-14FD-1C8C0477C1D1}" = CCC Help Greek "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster "{98CB24AD-52FB-DB5F-FF1F-C8B3B9A1E18E}" = Visual C++ 8.0 CRT (x86) WinSXS MSM "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BA4C082-183A-4869-06DB-4F563355D33F}" = CCC Help Spanish "{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175 "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A3E8FC19-2107-49DA-967F-23E1B5210D9C}" = ZoneAlarm Security "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AA47D951-588B-48A5-8183-21C44B1EA6EA}" = VRWriter4 "{AB4FE709-7AC5-A7FF-A947-A110CEFCB074}" = CCC Help Hungarian "{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.2 - Deutsch "{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}" = PlayStation(R)Network Downloader "{B802B2D2-C777-1876-8204-C0F360CBF955}" = CCC Help Dutch "{B93E815A-ED3F-436C-8175-C0BB1AD4AA36}" = OSCAR Editor "{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}" = Die Sims™ 3 Reiseabenteuer "{BBC2068D-CE9C-48F5-A6EA-4B44B9DB14A5}" = Catalyst Control Center - Branding "{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo "{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die Sims™ 3 "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C12631C6-804D-4B32-B0DD-8A496462F106}" = Die Sims™ 3 Einfach tierisch "{C151CE54-E7EA-4804-854B-F515368B0798}" = AMD Processor Driver "{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX "{C6BD88D1-A8D3-B46F-781E-80A6A6927E09}" = CCC Help Chinese Standard "{C7DDA8E7-AD3D-4F51-AC1E-B0FF57002192}" = Microsoft IntelliPoint 6.3 "{C8616041-2802-4DE2-B3BD-6285AAD65C2A}" = Nikon RAW Codec "{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack "{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver "{CDCBF62D-8E74-44A5-91AD-44AB4C2EFD89}" = InterVideo FilterSDK for Panasonic "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center "{D3CD290C-C254-F440-962D-F9D0E60DD3F4}" = CCC Help Danish "{DA3DB4D7-429D-4292-F855-C47C6EA1AFF8}" = CCC Help Thai "{DBF1AE39-DA30-4B89-A7EB-3BDA675C5D9E}" = Media Go "{DE464235-13EC-F0E2-2608-9A8103F52DF8}" = CCC Help Japanese "{DFFC0648-BC4B-47D1-93D2-6CA6B9457641}" = OpenOffice.org 3.2 "{E045A5E3-0FC6-4AC2-BBE3-C49D68BA54DA}" = MotionSD STUDIO 1.3E "{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager "{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime "{E8AEA11B-E60A-455E-B008-E4E763604612}" = Browser Configuration Utility "{E8D9FAA2-D3DB-7FA3-3FFE-0AC935251F99}" = CCC Help Swedish "{E9757890-7EC5-46C8-99AB-B00F07B6525C}" = Nikon Transfer "{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10 "{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support "{F007CBCE-D714-4C0B-8CE9-9B0D78116468}" = ViewNX "{F012A635-8E2C-4AF2-BD46-C508D00289B2}" = ZoneAlarm Antivirus "{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony PC Companion 2.10.065 "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F748B53A-A58F-17B4-F380-08EF92B6A6F4}" = CCC Help Korean "{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{FA584B62-7ECF-A981-0D1E-A8BE67C604DB}" = Catalyst Control Center Graphics Previews Common "{FBFC6AFA-082C-CBEC-3D28-1EE9CA16D029}" = ccc-utility "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "{FF77941A-2BFA-4A18-BE2E-69B9498E4D55}" = User Profile Hive Cleanup Service "{FF9B0E3E-9D2E-2560-EEA2-BB35A369C491}" = CCC Help Russian "5513-1208-7298-9440" = JDownloader 0.9 "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Arena_0" = Arena 4.0 "ASIO4ALL" = ASIO4ALL "Audacity_is1" = Audacity 2.0 "Avira AntiVir Desktop" = Avira Free Antivirus "Diablo III" = Diablo III "Driver Genius Professional Edition_is1" = Driver Genius Professional Edition "DVD Flick_is1" = DVD Flick 1.3.0.7 "Exact Audio Copy" = Exact Audio Copy 1.0beta3 "FL Studio 10" = FL Studio 10 "FormatFactory" = FormatFactory 2.90 "Fraps" = Fraps (remove only) "Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7 "Free YouTube Download 3_is1" = Free YouTube Download 3 version 3.0.10.722 "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.5.722 "Frets on Fire" = Frets On Fire "Generic USB 106 Sound" = USB Multi-Channel Audio Device "Google Chrome" = Google Chrome "IL Download Manager" = IL Download Manager "InstallShield_{0FB261F3-6F16-43FD-A404-F377C169B937}" = Madagascar "InstallShield_{B93E815A-ED3F-436C-8175-C0BB1AD4AA36}" = OSCAR Editor "Klett Software Sicher ins Abitur" = Klett Software Sicher ins Abitur "League of Legends_is1" = League of Legends "loadtbs-2.1" = loadtbs-2.1 "Metin2_is1" = Metin2 "Microsoft .NET Framework 2.0 Language Pack - DEU" = Microsoft .NET Framework 2.0 Language Pack - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack "Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "NetLimiter 2 Monitor" = NetLimiter 2 Monitor (remove only) "OpenAL" = OpenAL "Pferd & Pony - Lass uns reiten!" = Pferd & Pony - Lass uns reiten! "Picasa 3" = Picasa 3 "PowerISO" = PowerISO "RPG Maker 2000 Yu-Gi-Oh!-Das Spiel des Schattens" = RPG Maker 2000 - Untitled "StarCraft II Demo" = StarCraft II Demo "Steamless Portal Pack" = Steamless Portal Pack "TmNationsForever_is1" = TmNationsForever Update 2010-03-15 "Trine 2_is1" = Trine 2 "Tunngle beta_is1" = Tunngle beta "Uninstall_is1" = Uninstall 1.0.0.1 "vfd-ob" = VideoFileDownload "Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9 "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "Windows XP Service Pack" = Windows XP Service Pack 3 "WinGimp-2.0_is1" = GIMP 2.6.11 "WinRAR archiver" = WinRAR "Wise Registry Cleaner_is1" = Wise Registry Cleaner 5.8.9 "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 "Xfire" = Xfire (remove only) "ZoneAlarm Free Antivirus + Firewall" = ZoneAlarm Free Antivirus + Firewall "ZoneAlarm LTD Toolbar" = ZoneAlarm LTD Toolbar "ZoneAlarm Security Toolbar" = ZoneAlarm Security Toolbar "Zoo Tycoon 1.0" = Zoo Tycoon-Erweiterungen ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-1935655697-823518204-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater "TeamSpeak 3 Client" = TeamSpeak 3 Client ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 08.08.2012 11:16:23 | Computer Name = TUNED-0916D1BA8 | Source = PerfNet | ID = 2006 Description = Die Server Queue-Leistungsinformationen konnten nicht gelesen werden. Es werden keine Server-Leistungsinformationen zurückgegeben. Der zurückgegebene Fehlercode ist DWORD 0, der IOSB.Status ist DWORD 1 und die IOSB.Information ist DWORD 2. Error - 09.08.2012 15:43:00 | Computer Name = TUNED-0916D1BA8 | Source = crypt32 | ID = 131080 Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> ist fehlgeschlagen mit dem Fehler: Der Servername oder die Serveradresse konnte nicht verarbeitet werden. . Error - 09.08.2012 15:43:00 | Computer Name = TUNED-0916D1BA8 | Source = crypt32 | ID = 131080 Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> ist fehlgeschlagen mit dem Fehler: Diese Netzwerkverbindung ist nicht vorhanden. . Error - 09.08.2012 15:43:00 | Computer Name = TUNED-0916D1BA8 | Source = crypt32 | ID = 131080 Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> ist fehlgeschlagen mit dem Fehler: Diese Netzwerkverbindung ist nicht vorhanden. . Error - 09.08.2012 15:43:00 | Computer Name = TUNED-0916D1BA8 | Source = crypt32 | ID = 131080 Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> ist fehlgeschlagen mit dem Fehler: Diese Netzwerkverbindung ist nicht vorhanden. . Error - 09.08.2012 15:43:00 | Computer Name = TUNED-0916D1BA8 | Source = crypt32 | ID = 131080 Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> ist fehlgeschlagen mit dem Fehler: Diese Netzwerkverbindung ist nicht vorhanden. . Error - 09.08.2012 15:43:00 | Computer Name = TUNED-0916D1BA8 | Source = crypt32 | ID = 131080 Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> ist fehlgeschlagen mit dem Fehler: Diese Netzwerkverbindung ist nicht vorhanden. . Error - 10.08.2012 09:12:44 | Computer Name = TUNED-0916D1BA8 | Source = PerfNet | ID = 2004 Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen werden nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0. Error - 10.08.2012 12:34:19 | Computer Name = TUNED-0916D1BA8 | Source = PerfNet | ID = 2004 Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen werden nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0. Error - 14.08.2012 06:22:50 | Computer Name = TUNED-0916D1BA8 | Source = PerfNet | ID = 2004 Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen werden nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0. [ System Events ] Error - 20.08.2012 05:41:14 | Computer Name = TUNED-0916D1BA8 | Source = Disk | ID = 262151 Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\D. Error - 20.08.2012 05:41:15 | Computer Name = TUNED-0916D1BA8 | Source = Disk | ID = 262151 Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\D. Error - 20.08.2012 05:41:17 | Computer Name = TUNED-0916D1BA8 | Source = Disk | ID = 262151 Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\D. Error - 20.08.2012 05:41:18 | Computer Name = TUNED-0916D1BA8 | Source = Disk | ID = 262151 Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\D. Error - 20.08.2012 05:41:19 | Computer Name = TUNED-0916D1BA8 | Source = Disk | ID = 262151 Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\D. Error - 20.08.2012 05:41:20 | Computer Name = TUNED-0916D1BA8 | Source = Disk | ID = 262151 Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\D. Error - 20.08.2012 05:41:21 | Computer Name = TUNED-0916D1BA8 | Source = Disk | ID = 262151 Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\D. Error - 20.08.2012 05:41:22 | Computer Name = TUNED-0916D1BA8 | Source = Disk | ID = 262151 Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\D. Error - 20.08.2012 05:41:23 | Computer Name = TUNED-0916D1BA8 | Source = Disk | ID = 262151 Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\D. Error - 20.08.2012 05:41:24 | Computer Name = TUNED-0916D1BA8 | Source = Disk | ID = 262151 Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\D. < End of report > |
20.08.2012, 18:03 | #8 |
/// Helfer-Team | GVU-Trojaner v2.07 (Windows XP) Wo ist die OTL.txt? |
20.08.2012, 19:37 | #9 |
| GVU-Trojaner v2.07 (Windows XP) Oh, wie es scheint habe ich zweimal den gleichen Log kopiert... Hab die OTL-Datei gefunden... sorry OTL: Code:
ATTFilter OTL logfile created on: 20.08.2012 11:35:32 - Run 1 OTL by OldTimer - Version 3.2.58.1 Folder = C:\Dokumente und Einstellungen\User\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.5512) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,25 Gb Total Physical Memory | 2,63 Gb Available Physical Memory | 80,85% Memory free 5,08 Gb Paging File | 4,40 Gb Available in Paging File | 86,63% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 122,07 Gb Total Space | 68,41 Gb Free Space | 56,04% Space Free | Partition Type: NTFS Drive D: | 343,68 Gb Total Space | 78,45 Gb Free Space | 22,83% Space Free | Partition Type: NTFS Drive F: | 979,70 Mb Total Space | 979,11 Mb Free Space | 99,94% Space Free | Partition Type: FAT Computer Name: TUNED-0916D1BA8 | User Name: ****| Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Dokumente und Einstellungen\Philipp\Desktop\OTL(1).exe (OldTimer Tools) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Ask.com\Updater\Updater.exe (Ask) PRC - C:\Programme\CheckPoint\ZoneAlarm\vsmon.exe (Check Point Software Technologies LTD) PRC - C:\Programme\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD) PRC - C:\Programme\CheckPoint\ZAForceField\ISWSVC.exe (Check Point Software Technologies) PRC - C:\Programme\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies) PRC - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) PRC - C:\Programme\Windows iLivid Toolbar\Datamngr\datamngrUI.exe (Bandoo Media, inc) PRC - C:\Programme\Logitech Gaming Software\LCore.exe (Logitech Inc.) PRC - C:\Programme\CDBurnerXP\NMSAccessU.exe () PRC - C:\Programme\Gigabyte\EasySaver\essvr.exe () PRC - C:\Programme\Gemeinsame Dateien\Nikon\Monitor\NkMonitor.exe (Nikon Corporation) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - D:\Programme\NetLimiter 2 Monitor\nlsvc.exe (Locktime Software) PRC - C:\WINDOWS\system32\bgsvcgen.exe (B.H.A Corporation) PRC - C:\Programme\UPHClean\uphclean.exe (Microsoft Corporation) ========== Modules (No Company Name) ========== MOD - C:\Dokumente und Einstellungen\Philipp\Lokale Einstellungen\Temp\install_0_msi.exe () MOD - C:\Programme\Avira\AntiVir Desktop\sqlite3.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\dbc413807cb7360b3e26ef3ca1d54f9a\System.Web.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\01abbadafaf265d9f4ac9bbb247acb98\System.Windows.Forms.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\d86f2038209a4cf0d0f5b30f6375c9b2\System.Drawing.ni.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\3d5b7368bde0f65aa15d9f46b498cc89\System.Configuration.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\016444dfc5f7e3d11c776f2fbc7a4594\Accessibility.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\3bba1b8b0b5ef0be238b011cc7a0575e\System.Xml.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll () MOD - C:\Programme\Logitech Gaming Software\plugins\PnpGamePanelDevices-8.12.049\PnpGamePanelDevices.dll () MOD - C:\Programme\Logitech Gaming Software\plugins\SimInput-8.12.068\SimInput.dll () MOD - C:\Programme\Logitech Gaming Software\plugins\MainUI-8.12.179\MainUI.dll () MOD - C:\Programme\Logitech Gaming Software\plugins\G19Device-8.12.147\G19Device.dll () MOD - C:\Programme\Logitech Gaming Software\plugins\G13Device-8.12.155\G13Device.dll () MOD - C:\Programme\Logitech Gaming Software\plugins\DevBusHid-8.12.078\DevBusHid.dll () MOD - C:\Programme\Logitech Gaming Software\plugins\DevBusBulk-8.12.076\DevBusBulk.dll () MOD - C:\Programme\Logitech Gaming Software\plugins\DevMgr-8.12.077\DevMgr.dll () MOD - C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll () MOD - C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\zlib1.dll () MOD - C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\libxml2.dll () MOD - C:\Programme\ATI Technologies\ATI.ACE\Core-Static\AxInterop.WBOCXLib.dll () MOD - C:\Programme\CDBurnerXP\NMSAccessU.exe () MOD - D:\Programme\WinRAR\RarExt.dll () MOD - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\pdfshell.DEU () MOD - C:\Programme\Gigabyte\EasySaver\essvr.exe () MOD - C:\Programme\Gigabyte\EasySaver\ycc.dll () ========== Win32 Services (SafeList) ========== SRV - (Sudowin) -- D:\Programme\Sudowin\Server\Sudowin.Server.exe File not found SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe File not found SRV - (AppMgmt) -- %SystemRoot%\System32\appmgmts.dll File not found SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (TunngleService) -- D:\Programme\Tunngle\TnglCtrl.exe (Tunngle.net GmbH) SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies) SRV - (vsmon) -- C:\Programme\CheckPoint\ZoneAlarm\vsmon.exe (Check Point Software Technologies LTD) SRV - (IswSvc) -- C:\Programme\CheckPoint\ZAForceField\ISWSVC.exe (Check Point Software Technologies) SRV - (Apple Mobile Device) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) SRV - (Sony PC Companion) -- C:\Programme\Sony\Sony PC Companion\PCCService.exe (Avanquest Software) SRV - (NMSAccess) -- C:\Programme\CDBurnerXP\NMSAccessU.exe () SRV - (getPlusHelper) -- C:\Programme\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.) SRV - (ES lite Service) -- C:\Programme\Gigabyte\EasySaver\essvr.exe () SRV - (nlsvc) -- D:\Programme\NetLimiter 2 Monitor\nlsvc.exe (Locktime Software) SRV - (bgsvcgen) -- C:\WINDOWS\system32\bgsvcgen.exe (B.H.A Corporation) SRV - (UPHClean) -- C:\Programme\UPHClean\uphclean.exe (Microsoft Corporation) SRV - (IDriverT) -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation) ========== Driver Services (SafeList) ========== DRV - (WDICA) -- File not found DRV - (PDRFRAME) -- File not found DRV - (PDRELI) -- File not found DRV - (PDFRAME) -- File not found DRV - (PDCOMP) -- File not found DRV - (PCIDump) -- File not found DRV - (PciCon) -- E:\PciCon.sys File not found DRV - (lbrtfdc) -- File not found DRV - (i2omgmt) -- File not found DRV - (EagleNT) -- C:\WINDOWS\system32\drivers\EagleNT.sys File not found DRV - (cpuz130) -- C:\DOKUME~1\Philipp\LOKALE~1\Temp\cpuz130\cpuz_x32.sys File not found DRV - (Changer) -- File not found DRV - (gdrv) -- C:\WINDOWS\gdrv.sys (Windows (R) 2000 DDK provider) DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH) DRV - (avkmgr) -- C:\WINDOWS\system32\drivers\avkmgr.sys (Avira GmbH) DRV - (StarOpen) -- C:\WINDOWS\System32\drivers\StarOpen.sys () DRV - (Vsdatant) -- C:\WINDOWS\system32\vsdatant.sys (Check Point Software Technologies LTD) DRV - (ISWKL) -- C:\Programme\CheckPoint\ZAForceField\ISWKL.sys (Check Point Software Technologies) DRV - (LGBusEnum) -- C:\WINDOWS\system32\drivers\LGBusEnum.sys (Logitech Inc.) DRV - (LGVirHid) -- C:\WINDOWS\system32\drivers\LGVirHid.sys (Logitech Inc.) DRV - (LGSHidFilt) -- C:\WINDOWS\system32\drivers\LGSHidFilt.Sys (Logitech Inc.) DRV - (IntcAzAudAddService) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.) DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.) DRV - (RTLE8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation ) DRV - (KLIF) -- C:\WINDOWS\system32\drivers\klif.sys (Kaspersky Lab) DRV - (KL1) -- C:\WINDOWS\system32\drivers\kl1.sys (Kaspersky Lab ZAO) DRV - (kl2) -- C:\WINDOWS\system32\drivers\kl2.sys (Kaspersky Lab ZAO) DRV - (AtiHDAudioService) -- C:\WINDOWS\system32\drivers\AtihdXP3.sys (Advanced Micro Devices) DRV - (usbfilter) -- C:\WINDOWS\system32\drivers\usbfilter.sys (Advanced Micro Devices) DRV - (SCDEmu) -- C:\WINDOWS\System32\drivers\scdemu.sys (Power Software Ltd) DRV - (ACEDRV07) -- C:\WINDOWS\system32\drivers\ACEDRV07.sys (Protect Software GmbH) DRV - (sptd) -- C:\WINDOWS\system32\drivers\sptd.sys (Duplex Secure Ltd.) DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH) DRV - (atksgt) -- C:\WINDOWS\system32\drivers\atksgt.sys () DRV - (lirsgt) -- C:\WINDOWS\system32\drivers\lirsgt.sys () DRV - (Monfilt) -- C:\WINDOWS\system32\drivers\Monfilt.sys (Creative Technology Ltd.) DRV - (Ambfilt) -- C:\WINDOWS\system32\drivers\Ambfilt.sys (Creative) DRV - (tap0901t) -- C:\WINDOWS\system32\drivers\tap0901t.sys (Tunngle.net) DRV - (AtiHdmiService) -- C:\WINDOWS\system32\drivers\AtiHdmi.sys (ATI Research Inc.) DRV - (hamachi) -- C:\WINDOWS\system32\drivers\hamachi.sys (LogMeIn, Inc.) DRV - (RTHDMIAzAudService) -- C:\WINDOWS\system32\drivers\RtKHDMI.sys (Realtek Semiconductor Corp.) DRV - (USBMULCD) -- C:\WINDOWS\system32\drivers\CM106.sys (C-Media Electronics Inc) DRV - (nltdi) -- C:\WINDOWS\system32\drivers\nltdi.sys (Locktime Software) DRV - (AmdPPM) -- C:\WINDOWS\system32\drivers\AmdPPM.sys (Advanced Micro Devices) DRV - (cdrbsdrv) -- C:\WINDOWS\System32\drivers\cdrbsdrv.sys (B.H.A Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1935655697-823518204-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.ask.com/?l=dis&o=14597 IE - HKU\S-1-5-21-1935655697-823518204-839522115-1004\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) IE - HKU\S-1-5-21-1935655697-823518204-839522115-1004\..\URLSearchHook: {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - C:\WINDOWS\system32\dvmurl.dll (DeviceVM Inc.) IE - HKU\S-1-5-21-1935655697-823518204-839522115-1004\..\URLSearchHook: {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - No CLSID value found IE - HKU\S-1-5-21-1935655697-823518204-839522115-1004\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b} IE - HKU\S-1-5-21-1935655697-823518204-839522115-1004\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=FF&o=14594&src=crm&q={searchTerms}&locale=&apn_ptnrs=FV&apn_dtid=YYYYYYYYDE&apn_uid=b0eac37d-9b9d-4ed3-a109-2059e115e90e&apn_sauid=66A446E8-9F10-4A7E-8D2C-9590885C2638 IE - HKU\S-1-5-21-1935655697-823518204-839522115-1004\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2611275 IE - HKU\S-1-5-21-1935655697-823518204-839522115-1004\..\SearchScopes\{FD63BF63-BFFF-4B8F-9D26-4267DF7F17DD}: "URL" = hxxp://www.google.com/custom?q={searchTerms}&sa.x=0&sa.y=0&safe=active&client=pub-3794288947762788&forid=1&channel=1975384696&ie=UTF-8&oe=UTF-8&hl=de&cof=GALT%3A%23008000%3BGL%3A1%3BDIV%3A%23336699%3BVLC%3A663399%3BAH%3Acenter%3BBGC%3AFFFFFF%3BLBGC%3A336699%3BALC%3A0000FF%3BLC%3A0000FF%3BT%3A000000%3BGFNT%3A0000FF%3BGIMP%3A0000FF%3BFORID%3A1 IE - HKU\S-1-5-21-1935655697-823518204-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1935655697-823518204-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\Programme\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Programme\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: D:\Programme\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Programme\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@playstation.com/PsndlCheck,version=1.00: C:\Programme\Sony\PLAYSTATION Network Downloader\nppsndl.dll (Sony Computer Entertainment Inc.) FF - HKLM\Software\MozillaPlugins\@rim.com/npappworld: C:\Programme\Research In Motion Limited\Browser-Plug-In für BlackBerry App World\npappworld.dll () FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: C:\Programme\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Programme\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Programme\CheckPoint\ZAForceField\TrustChecker [2012.05.23 11:09:54 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.08.19 21:05:19 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012.08.15 13:55:31 | 000,000,000 | ---D | M] [2010.09.15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\mozilla firefox\plugins\npdeployJava1.dll [2012.02.15 16:48:02 | 000,378,880 | ---- | M] (InfiniAd GmbH) -- C:\Programme\mozilla firefox\plugins\npmieze.dll [2012.01.23 16:25:26 | 000,002,519 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\Search_Results.xml O1 HOSTS File: ([2006.02.28 14:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (Zonealarm Helper Object) - {2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C} - C:\Programme\Check Point Software Technologies LTD\zonealarm\1.5.23.8\bh\zonealarm.dll (Montera Technologeis LTD) O2 - BHO: (VideoFileDownload) - {82EA3E77-7BD2-4744-A8F2-670770767EC5} - C:\Programme\OApps\bho_project.dll (VideoFileDownload) O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Programme\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~1\WINDOW~4\Datamngr\ToolBar\searchqudtx.dll File not found O2 - BHO: (DataMngr) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\Programme\Windows iLivid Toolbar\Datamngr\BrowserConnection.dll (Bandoo Media, inc) O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Programme\Yontoo Layers Runtime\YontooIEClient.dll (Yontoo LLC) O3 - HKLM\..\Toolbar: (ZoneAlarm Security Toolbar) - {438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59} - C:\Programme\Check Point Software Technologies LTD\zonealarm\1.5.23.8\zonealarmTlbr.dll (Montera Technologeis LTD) O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~1\WINDOW~4\Datamngr\ToolBar\searchqudtx.dll File not found O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (loadtbs) - {DFEFCDEE-CF1A-4FC8-88AD-129872198372} - C:\Dokumente und Einstellungen\Isa\Anwendungsdaten\loadtbs\toolbar.dll (InfiniAd GmbH) O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3 - HKU\S-1-5-21-1935655697-823518204-839522115-1004\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKU\S-1-5-21-1935655697-823518204-839522115-1004\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [ApnUpdater] C:\Programme\Ask.com\Updater\Updater.exe (Ask) O4 - HKLM..\Run: [APSDaemon] C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [ATICustomerCare] C:\Programme\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [Cm106Sound] RunDll32 cm106.cpl,CMICtrlWnd File not found O4 - HKLM..\Run: [DATAMNGR] C:\Programme\Windows iLivid Toolbar\Datamngr\datamngrUI.exe (Bandoo Media, inc) O4 - HKLM..\Run: [ISW] C:\Programme\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies) O4 - HKLM..\Run: [Launch LCore] C:\Programme\Logitech Gaming Software\LCore.exe (Logitech Inc.) O4 - HKLM..\Run: [Nikon Transfer Monitor] C:\Programme\Gemeinsame Dateien\Nikon\Monitor\NkMonitor.exe (Nikon Corporation) O4 - HKLM..\Run: [StartCCC] C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [ZoneAlarm] C:\Programme\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\phase6_18_erinnerung.lnk = D:\Programme\phase6\phase6_18\WinStart\WinStart.exe (phase6) O4 - Startup: C:\Dokumente und Einstellungen\Isa\Startmenü\Programme\Autostart\OpenOffice.org 3.2.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1935655697-823518204-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Dokumente und Einstellungen\Philipp\Anwendungsdaten\DVDVideoSoftIEHelpers\youtubetomp3.htm () O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1264687029203 (WUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7B8F9256-D560-45B9-9DFC-AFC973B4D594}: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies) O20 - AppInit_DLLs: (C:\PROGRA~1\WINDOW~4\Datamngr\datamngr.dll) - C:\Programme\Windows iLivid Toolbar\Datamngr\datamngr.dll (Bandoo Media, inc) O20 - AppInit_DLLs: (C:\PROGRA~1\WINDOW~4\Datamngr\IEBHO.dll) - File not found O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010.01.28 15:14:29 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{27e8b088-3d9d-11df-aeb8-00241dd6e3ec}\Shell - "" = AutoRun O33 - MountPoints2\{27e8b088-3d9d-11df-aeb8-00241dd6e3ec}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{27e8b088-3d9d-11df-aeb8-00241dd6e3ec}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RECYCLER\S-1-5-21-1482476501-3352491937-682996330-1013\firefox.exe O33 - MountPoints2\{27e8b088-3d9d-11df-aeb8-00241dd6e3ec}\Shell\Open\command - "" = F:\RECYCLER\S-1-5-21-1482476501-3352491937-682996330-1013\firefox.exe O33 - MountPoints2\{862773d4-4aff-11df-aec8-00241dd6e3ec}\Shell\AutoRun\command - "" = F:\REcycLER\dRiVER.EXe O33 - MountPoints2\{862773d4-4aff-11df-aec8-00241dd6e3ec}\Shell\EXploRE\COmmAnD - "" = F:\rECyCLEr\drIVer.eXE O33 - MountPoints2\{862773d4-4aff-11df-aec8-00241dd6e3ec}\Shell\oPEn\coMMaNd - "" = F:\reCYCler\DrIver.exE O33 - MountPoints2\{fea5d9e9-b790-11e1-aa4e-00241dd6e3ec}\Shell - "" = AutoRun O33 - MountPoints2\{fea5d9e9-b790-11e1-aa4e-00241dd6e3ec}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{fea5d9e9-b790-11e1-aa4e-00241dd6e3ec}\Shell\AutoRun\command - "" = G:\Startme.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.08.20 11:32:36 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Philipp\Desktop\OTL(1).exe [2012.08.19 18:30:52 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Philipp\Anwendungsdaten\Avira [2012.08.19 18:27:26 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Avira [2012.08.19 18:27:18 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys [2012.08.19 18:27:17 | 000,137,928 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys [2012.08.19 18:27:17 | 000,083,392 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys [2012.08.19 18:27:17 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avkmgr.sys [2012.08.19 18:27:17 | 000,000,000 | ---D | C] -- C:\Programme\Avira [2012.08.19 18:27:17 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira [2012.08.19 18:16:25 | 000,000,000 | -HSD | C] -- C:\found.001 [2012.08.19 14:44:25 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0 [2012.08.18 23:16:29 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Philipp\Anwendungsdaten\Check Point Software Technologies LTD [2012.08.18 20:17:58 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Pferd & Pony - Lass uns reiten! [2012.08.18 20:17:58 | 000,000,000 | ---D | C] -- C:\Programme\directx [2012.08.18 20:17:54 | 000,000,000 | ---D | C] -- C:\horse_cd [2012.08.10 15:08:02 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Tunngle [2012.08.10 15:08:02 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Dokumente\Tunngle [2012.08.10 14:05:07 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Philipp\Desktop\Für mama [2012.08.10 11:02:00 | 009,826,504 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerInstaller.exe [2012.08.07 18:57:27 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Exact Audio Copy [2012.08.04 23:32:24 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Philipp\Anwendungsdaten\Audacity [2010.03.07 14:27:36 | 000,047,360 | ---- | C] (VSO Software) -- C:\Dokumente und Einstellungen\Philipp\Anwendungsdaten\pcouffin.sys [2 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ] [13 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.08.20 11:37:00 | 000,000,230 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job [2012.08.20 11:30:19 | 000,001,088 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2012.08.20 11:26:32 | 000,016,608 | ---- | M] (Windows (R) 2000 DDK provider) -- C:\WINDOWS\gdrv.sys [2012.08.20 11:21:32 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Philipp\Desktop\OTL(1).exe [2012.08.19 21:11:09 | 083,023,306 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ism_0_llatsni.pad [2012.08.19 20:01:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2012.08.19 19:52:15 | 000,001,092 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2012.08.19 18:27:26 | 000,001,671 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Avira Control Center.lnk [2012.08.19 14:57:33 | 000,000,223 | RHS- | M] () -- C:\boot.ini [2012.08.19 01:09:23 | 000,133,632 | ---- | M] () -- C:\Dokumente und Einstellungen\Philipp\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.08.18 23:18:22 | 000,141,240 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2012.08.18 23:16:22 | 000,001,624 | ---- | M] () -- C:\Dokumente und Einstellungen\Philipp\Startmenü\Programme\Autostart\ctfmon.lnk [2012.08.18 21:17:39 | 000,002,241 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Skype.lnk [2012.08.18 20:17:08 | 000,000,030 | ---- | M] () -- C:\WINDOWS\RESULT.QTW [2012.08.15 19:14:37 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2012.08.15 15:03:34 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe [2012.08.15 15:03:34 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl [2012.08.15 15:03:32 | 009,826,504 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerInstaller.exe [2012.08.15 13:55:31 | 000,001,709 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Adobe Reader 9.lnk [2012.08.12 13:32:32 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012.08.10 15:20:39 | 000,000,871 | ---- | M] () -- C:\Dokumente und Einstellungen\Philipp\.recently-used.xbel [2012.08.10 15:08:03 | 000,000,544 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Tunngle.lnk [2012.08.07 22:45:31 | 000,001,576 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\CDBurnerXP.lnk [2012.08.07 18:57:27 | 000,000,613 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Exact Audio Copy (Ripper).lnk [2012.08.06 16:19:48 | 000,000,020 | -H-- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PKP_DLdu.DAT [2012.08.06 16:19:46 | 000,000,020 | -H-- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PKP_DLdw.DAT [2012.08.01 18:47:13 | 000,000,895 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Die Sims™ 3 Diesel Accessoires.lnk [2012.07.30 09:00:01 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2012.07.29 11:59:22 | 000,000,038 | ---- | M] () -- C:\WINDOWS\AviSplitter.INI [2 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ] [13 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.08.19 18:27:26 | 000,001,671 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Avira Control Center.lnk [2012.08.18 23:16:22 | 083,023,306 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ism_0_llatsni.pad [2012.08.18 23:16:22 | 000,001,624 | ---- | C] () -- C:\Dokumente und Einstellungen\Philipp\Startmenü\Programme\Autostart\ctfmon.lnk [2012.08.18 20:17:08 | 000,000,030 | ---- | C] () -- C:\WINDOWS\RESULT.QTW [2012.08.10 15:20:39 | 000,000,871 | ---- | C] () -- C:\Dokumente und Einstellungen\Philipp\.recently-used.xbel [2012.08.10 15:08:03 | 000,000,544 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Tunngle.lnk [2012.08.10 10:25:27 | 000,000,884 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2012.08.07 18:57:27 | 000,000,613 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Exact Audio Copy (Ripper).lnk [2012.08.01 18:47:13 | 000,000,895 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Die Sims™ 3 Diesel Accessoires.lnk [2012.05.15 13:42:59 | 000,183,040 | ---- | C] () -- C:\WINDOWS\PI.EXE [2012.05.03 04:54:46 | 000,042,392 | ---- | C] () -- C:\WINDOWS\System32\xfcodec.dll [2012.04.23 19:02:05 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll [2012.04.23 19:01:19 | 000,000,273 | ---- | C] () -- C:\WINDOWS\madagascar.ini [2012.04.15 23:16:30 | 000,000,038 | ---- | C] () -- C:\WINDOWS\AviSplitter.INI [2012.04.05 12:44:35 | 000,000,028 | ---- | C] () -- C:\WINDOWS\Hmplayer.INI [2012.04.04 22:37:13 | 000,021,736 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTAIODAT.DAT [2012.02.16 10:44:18 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2011.11.19 12:28:30 | 000,000,022 | -HS- | C] () -- C:\Dokumente und Einstellungen\Philipp\Anwendungsdaten\Sys2662.Config.Repository.bin [2011.11.04 00:32:29 | 001,023,822 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-S-1-5-21-1935655697-823518204-839522115-1004-0.dat [2011.11.04 00:32:26 | 000,142,894 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-System.dat [2011.10.25 22:21:48 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\OpenVideo.dll [2011.10.25 22:21:34 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\OVDecoder.dll [2011.10.07 16:48:20 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll [2011.09.19 09:07:46 | 000,015,360 | ---- | C] () -- C:\WINDOWS\System32\bdmjpeg.dll [2011.09.19 09:07:32 | 000,058,368 | ---- | C] () -- C:\WINDOWS\System32\bdmpegv.dll [2011.07.28 17:49:12 | 000,053,760 | ---- | C] () -- C:\WINDOWS\System32\OVDecode.dll [2011.05.10 15:16:16 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\pv_c3.exe [2011.03.04 13:12:12 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat [2011.03.04 13:12:12 | 000,601,728 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat [2011.03.04 13:12:12 | 000,000,003 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat [2011.03.04 13:06:36 | 000,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI [2011.02.26 20:15:07 | 000,000,004 | ---- | C] () -- C:\Dokumente und Einstellungen\Philipp\Anwendungsdaten\steam_md4.dat [2011.02.11 15:44:49 | 000,000,032 | ---- | C] () -- C:\WINDOWS\autostart.INI [2011.02.04 17:38:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\Access.dat [2010.12.20 22:54:45 | 000,450,156 | ---- | C] () -- C:\WINDOWS\System32\prfh0407.dat [2010.12.20 22:54:45 | 000,080,762 | ---- | C] () -- C:\WINDOWS\System32\prfc0407.dat [2010.12.19 12:15:30 | 000,005,504 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys [2010.12.11 21:34:36 | 000,000,125 | ---- | C] () -- C:\WINDOWS\Cm106.ini.cfl [2010.12.11 21:34:10 | 000,001,249 | R--- | C] () -- C:\WINDOWS\Cm106.ini.cfg [2010.12.11 21:33:56 | 000,000,850 | R--- | C] () -- C:\WINDOWS\cm106.ini [2010.07.16 15:18:36 | 000,000,268 | RH-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Profiles [2010.07.16 15:18:36 | 000,000,020 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PKP_DLdw.DAT [2010.07.16 15:18:36 | 000,000,012 | RH-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Robot [2010.07.16 15:16:23 | 000,000,268 | RH-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PrintingModule [2010.07.16 15:16:23 | 000,000,020 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PKP_DLdu.DAT [2010.07.16 15:16:23 | 000,000,012 | RH-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Receipts [2010.03.07 14:27:48 | 000,001,057 | ---- | C] () -- C:\Dokumente und Einstellungen\Philipp\Anwendungsdaten\vso_ts_preview.xml [2010.03.07 14:27:36 | 000,087,608 | ---- | C] () -- C:\Dokumente und Einstellungen\Philipp\Anwendungsdaten\inst.exe [2010.03.07 14:27:36 | 000,007,887 | ---- | C] () -- C:\Dokumente und Einstellungen\Philipp\Anwendungsdaten\pcouffin.cat [2010.03.07 14:27:36 | 000,001,144 | ---- | C] () -- C:\Dokumente und Einstellungen\Philipp\Anwendungsdaten\pcouffin.inf [2010.01.29 16:40:45 | 000,133,632 | ---- | C] () -- C:\Dokumente und Einstellungen\Philipp\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.01.28 15:17:25 | 003,407,872 | -H-- | C] () -- C:\Dokumente und Einstellungen\Philipp\NTUSER.bak ========== LOP Check ========== [2012.05.26 20:31:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Battle.net [2012.01.24 11:05:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\boost_interprocess [2012.06.02 19:15:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Canneverbe Limited [2012.05.10 12:06:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CheckPoint [2010.12.20 20:04:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DAEMON Tools Lite [2012.08.12 13:30:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DriverGenius [2010.12.25 13:24:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Electronic Arts [2010.07.16 15:18:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\EnterNHelp [2012.05.11 14:04:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Locktime [2010.07.16 15:17:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Nikon [2010.01.31 11:25:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Panasonic [2012.08.18 22:14:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PMB Files [2012.06.16 20:56:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Sony [2011.11.19 12:39:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Tarma Installer [2010.03.17 23:05:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TrackMania [2012.08.10 15:14:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Tunngle [2010.07.16 15:18:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ultima_T15 [2011.06.29 12:24:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2012.05.12 10:29:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Clara\Anwendungsdaten\CheckPoint [2012.06.05 19:09:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Clara\Anwendungsdaten\DVDVideoSoft [2012.05.28 20:52:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Clara\Anwendungsdaten\Locktime [2012.04.07 13:12:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Clara\Anwendungsdaten\OpenOffice.org [2011.10.19 16:16:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Isa\Anwendungsdaten\Atari [2012.08.11 11:52:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Isa\Anwendungsdaten\Audacity [2010.12.20 08:36:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Isa\Anwendungsdaten\Canneverbe Limited [2012.05.10 12:26:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Isa\Anwendungsdaten\CheckPoint [2010.05.04 15:30:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Isa\Anwendungsdaten\Degener [2011.07.24 23:51:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Isa\Anwendungsdaten\DVDVideoSoft [2011.07.24 23:26:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Isa\Anwendungsdaten\DVDVideoSoftIEHelpers [2012.08.07 18:57:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Isa\Anwendungsdaten\EAC [2010.06.17 17:36:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Isa\Anwendungsdaten\Facebook [2012.06.11 19:51:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Isa\Anwendungsdaten\gtk-2.0 [2012.04.21 07:20:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Isa\Anwendungsdaten\loadtbs [2012.05.27 23:06:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Isa\Anwendungsdaten\Locktime [2010.08.24 00:05:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Isa\Anwendungsdaten\Nikon [2010.06.20 19:21:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Isa\Anwendungsdaten\OpenOffice.org [2011.06.15 22:20:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Isa\Anwendungsdaten\Scribus [2012.01.23 16:25:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Isa\Anwendungsdaten\searchqutoolbar [2012.08.16 17:19:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Isa\Anwendungsdaten\Spotify [2010.02.13 16:35:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Philipp\Anwendungsdaten\Atari [2012.08.04 23:37:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Philipp\Anwendungsdaten\Audacity [2012.01.29 16:12:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Philipp\Anwendungsdaten\BANDISOFT [2010.12.19 12:17:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Philipp\Anwendungsdaten\Canneverbe Limited [2012.08.18 23:16:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Philipp\Anwendungsdaten\Check Point Software Technologies LTD [2012.05.10 14:07:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Philipp\Anwendungsdaten\CheckPoint [2010.12.20 20:03:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Philipp\Anwendungsdaten\DAEMON Tools Lite [2011.07.27 18:52:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Philipp\Anwendungsdaten\DVDVideoSoft [2010.11.13 22:56:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Philipp\Anwendungsdaten\DVDVideoSoftIEHelpers [2012.04.05 19:24:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Philipp\Anwendungsdaten\ElevatedDiagnostics [2012.04.29 17:08:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Philipp\Anwendungsdaten\fretsonfire [2012.04.15 20:03:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Philipp\Anwendungsdaten\gtk-2.0 [2012.06.28 14:44:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Philipp\Anwendungsdaten\Image-Line [2011.05.31 15:34:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Philipp\Anwendungsdaten\JavaEditor [2012.05.11 14:05:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Philipp\Anwendungsdaten\Locktime [2010.08.11 16:22:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Philipp\Anwendungsdaten\LolClient [2012.05.24 15:08:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Philipp\Anwendungsdaten\LolClient2 [2010.05.15 12:57:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Philipp\Anwendungsdaten\NetMedia Providers [2010.08.24 00:06:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Philipp\Anwendungsdaten\Nikon [2010.12.19 12:15:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Philipp\Anwendungsdaten\OpenCandy [2010.07.14 16:17:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Philipp\Anwendungsdaten\OpenOffice.org [2012.06.16 21:45:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Philipp\Anwendungsdaten\Orbit [2012.06.16 21:37:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Philipp\Anwendungsdaten\ProgSense [2010.01.29 15:22:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Philipp\Anwendungsdaten\Publish Providers [2010.02.01 15:17:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Philipp\Anwendungsdaten\Soldat [2012.06.16 21:27:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Philipp\Anwendungsdaten\Sony [2012.01.06 15:32:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Philipp\Anwendungsdaten\Trine2 [2011.05.02 19:44:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Philipp\Anwendungsdaten\TS3Client [2012.08.18 13:58:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Philipp\Anwendungsdaten\Tunngle [2010.02.04 18:07:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Philipp\Anwendungsdaten\Ubisoft [2010.12.19 12:15:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Philipp\Anwendungsdaten\Uniblue [2010.03.07 14:29:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Philipp\Anwendungsdaten\Vso [2012.08.20 11:37:00 | 000,000,230 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job ========== Purity Check ========== < End of report > Geändert von pphps (20.08.2012 um 19:47 Uhr) |
20.08.2012, 22:10 | #10 |
/// Helfer-Team | GVU-Trojaner v2.07 (Windows XP) Fixen mit OTL Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).
Code:
ATTFilter :OTL MOD - C:\Dokumente und Einstellungen\Philipp\Lokale Einstellungen\Temp\install_0_msi.exe () SRV - (Sudowin) -- D:\Programme\Sudowin\Server\Sudowin.Server.exe File not found DRV - (WDICA) -- File not found DRV - (PDRFRAME) -- File not found DRV - (PDRELI) -- File not found DRV - (PDFRAME) -- File not found DRV - (PDCOMP) -- File not found DRV - (PCIDump) -- File not found DRV - (PciCon) -- E:\PciCon.sys File not found DRV - (lbrtfdc) -- File not found DRV - (i2omgmt) -- File not found DRV - (EagleNT) -- C:\WINDOWS\system32\drivers\EagleNT.sys File not found DRV - (cpuz130) -- C:\DOKUME~1\Philipp\LOKALE~1\Temp\cpuz130\cpuz_x32.sys File not found DRV - (Changer) -- File not found IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1935655697-823518204-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://de.ask.com/?l=dis&o=14597 IE - HKU\S-1-5-21-1935655697-823518204-839522115-1004\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) IE - HKU\S-1-5-21-1935655697-823518204-839522115-1004\..\URLSearchHook: {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - C:\WINDOWS\system32\dvmurl.dll (DeviceVM Inc.) O2 - BHO: (Zonealarm Helper Object) - {2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C} - C:\Programme\Check Point Software Technologies LTD\zonealarm\1.5.23.8\bh\zonealarm.dll (Montera Technologeis LTD) O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Programme\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~1\WINDOW~4\Datamngr\ToolBar\searchqudtx.dll File not found O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (ZoneAlarm Security Toolbar) - {438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59} - C:\Programme\Check Point Software Technologies LTD\zonealarm\1.5.23.8\zonealarmTlbr.dll (Montera Technologeis LTD) O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~1\WINDOW~4\Datamngr\ToolBar\searchqudtx.dll File not found O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3 - HKU\S-1-5-21-1935655697-823518204-839522115-1004\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKU\S-1-5-21-1935655697-823518204-839522115-1004\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O4 - HKLM..\Run: [ApnUpdater] C:\Programme\Ask.com\Updater\Updater.exe (Ask) O4 - HKLM..\Run: [Cm106Sound] RunDll32 cm106.cpl,CMICtrlWnd File not found O4 - HKLM..\Run: [ZoneAlarm] C:\Programme\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1935655697-823518204-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O20 - AppInit_DLLs: (C:\PROGRA~1\WINDOW~4\Datamngr\IEBHO.dll) - File not found O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010.01.28 15:14:29 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{27e8b088-3d9d-11df-aeb8-00241dd6e3ec}\Shell - "" = AutoRun O33 - MountPoints2\{27e8b088-3d9d-11df-aeb8-00241dd6e3ec}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{27e8b088-3d9d-11df-aeb8-00241dd6e3ec}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RECYCLER\S-1-5-21-1482476501-3352491937-682996330-1013\firefox.exe O33 - MountPoints2\{862773d4-4aff-11df-aec8-00241dd6e3ec}\Shell\AutoRun\command - "" = F:\REcycLER\dRiVER.EXe O33 - MountPoints2\{fea5d9e9-b790-11e1-aa4e-00241dd6e3ec}\Shell - "" = AutoRun O33 - MountPoints2\{fea5d9e9-b790-11e1-aa4e-00241dd6e3ec}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{fea5d9e9-b790-11e1-aa4e-00241dd6e3ec}\Shell\AutoRun\command - "" = G:\Startme.exe [2 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ] [2010.03.07 14:27:36 | 000,087,608 | ---- | C] () -- C:\Dokumente und Einstellungen\Philipp\Anwendungsdaten\inst.exe [2012.01.23 16:25:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Isa\Anwendungsdaten\searchqutoolbar [2012.08.19 18:16:25 | 000,000,000 | -HSD | C] -- C:\found.001 [2012.08.20 11:37:00 | 000,000,230 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job [2012.08.20 11:30:19 | 000,001,088 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2012.08.19 21:11:09 | 083,023,306 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ism_0_llatsni.pad [2012.08.19 20:01:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2012.08.19 19:52:15 | 000,001,092 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2012.08.18 23:16:22 | 000,001,624 | ---- | M] () -- C:\Dokumente und Einstellungen\Philipp\Startmenü\Programme\Autostart\ctfmon.lnk [2012.01.24 11:05:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\boost_interprocess :Files ipconfig /flushdns /c :Commands [purity] [emptytemp]
Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden. Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen! |
21.08.2012, 13:09 | #11 |
| GVU-Trojaner v2.07 (Windows XP) Alles ist soweit reibungslos abgelaufen Es gab nach dem Neustart nur 2 Problembenachichtigungen, aber das hat bestimmt seine Richtigkeit. (DATAMN~1.EXE / Ein Verzeichnis in C->mein Benutzer) Hier das Log-file: Code:
ATTFilter All processes killed ========== OTL ========== Service Sudowin stopped successfully! Service Sudowin deleted successfully! File D:\Programme\Sudowin\Server\Sudowin.Server.exe File not found not found. Service WDICA stopped successfully! Service WDICA deleted successfully! File File not found not found. Service PDRFRAME stopped successfully! Service PDRFRAME deleted successfully! File File not found not found. Service PDRELI stopped successfully! Service PDRELI deleted successfully! File File not found not found. Service PDFRAME stopped successfully! Service PDFRAME deleted successfully! File File not found not found. Service PDCOMP stopped successfully! Service PDCOMP deleted successfully! File File not found not found. Service PCIDump stopped successfully! Service PCIDump deleted successfully! File File not found not found. Service PciCon stopped successfully! Service PciCon deleted successfully! File E:\PciCon.sys File not found not found. Service lbrtfdc stopped successfully! Service lbrtfdc deleted successfully! File File not found not found. Service i2omgmt stopped successfully! Service i2omgmt deleted successfully! File File not found not found. Service EagleNT stopped successfully! Service EagleNT deleted successfully! File C:\WINDOWS\system32\drivers\EagleNT.sys File not found not found. Service cpuz130 stopped successfully! Service cpuz130 deleted successfully! File C:\DOKUME~1\Philipp\LOKALE~1\Temp\cpuz130\cpuz_x32.sys File not found not found. Service Changer stopped successfully! Service Changer deleted successfully! File File not found not found. HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully! HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully! HKU\S-1-5-21-1935655697-823518204-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully! Registry value HKEY_USERS\S-1-5-21-1935655697-823518204-839522115-1004\Software\Microsoft\Internet Explorer\URLSearchHooks\\{00000000-6E41-4FD3-8538-502F5495E5FC} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}\ deleted successfully. C:\Programme\Ask.com\GenericAskToolbar.dll moved successfully. Registry value HKEY_USERS\S-1-5-21-1935655697-823518204-839522115-1004\Software\Microsoft\Internet Explorer\URLSearchHooks\\{0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0063BF63-BFFF-4B8F-9D26-4267DF7F17DD}\ deleted successfully. C:\WINDOWS\system32\dvmurl.dll moved successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C}\ deleted successfully. C:\Programme\Check Point Software Technologies LTD\zonealarm\1.5.23.8\bh\zonealarm.dll moved successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3}\ deleted successfully. C:\Programme\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll moved successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079a25-328f-4bd4-be04-00955acaa0a7}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully. File C:\Programme\Ask.com\GenericAskToolbar.dll not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59}\ deleted successfully. C:\Programme\Check Point Software Technologies LTD\zonealarm\1.5.23.8\zonealarmTlbr.dll moved successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{99079a25-328f-4bd4-be04-00955acaa0a7} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found. File C:\Programme\Ask.com\GenericAskToolbar.dll not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107}\ deleted successfully. File C:\Programme\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully. Registry value HKEY_USERS\S-1-5-21-1935655697-823518204-839522115-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found. File C:\Programme\Ask.com\GenericAskToolbar.dll not found. Registry value HKEY_USERS\S-1-5-21-1935655697-823518204-839522115-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107}\ not found. File C:\Programme\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ApnUpdater deleted successfully. C:\Programme\Ask.com\Updater\Updater.exe moved successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Cm106Sound deleted successfully. Registry delete failed. HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ZoneAlarm scheduled to be deleted on reboot. File move failed. C:\Programme\CheckPoint\ZoneAlarm\zatray.exe scheduled to be moved on reboot. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\HonorAutoRunSetting deleted successfully. Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully. Registry value HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun not found. Registry value HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully. Registry value HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully. Registry value HKEY_USERS\S-1-5-21-1935655697-823518204-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully. Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93} Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found. Starting removal of ActiveX control {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ not found. Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\PROGRA~1\WINDOW~4\Datamngr\IEBHO.dll deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully! C:\AUTOEXEC.BAT moved successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{27e8b088-3d9d-11df-aeb8-00241dd6e3ec}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{27e8b088-3d9d-11df-aeb8-00241dd6e3ec}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{27e8b088-3d9d-11df-aeb8-00241dd6e3ec}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{27e8b088-3d9d-11df-aeb8-00241dd6e3ec}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{27e8b088-3d9d-11df-aeb8-00241dd6e3ec}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{27e8b088-3d9d-11df-aeb8-00241dd6e3ec}\ not found. File C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RECYCLER\S-1-5-21-1482476501-3352491937-682996330-1013\firefox.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{862773d4-4aff-11df-aec8-00241dd6e3ec}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{862773d4-4aff-11df-aec8-00241dd6e3ec}\ not found. File F:\REcycLER\dRiVER.EXe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fea5d9e9-b790-11e1-aa4e-00241dd6e3ec}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fea5d9e9-b790-11e1-aa4e-00241dd6e3ec}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fea5d9e9-b790-11e1-aa4e-00241dd6e3ec}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fea5d9e9-b790-11e1-aa4e-00241dd6e3ec}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fea5d9e9-b790-11e1-aa4e-00241dd6e3ec}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fea5d9e9-b790-11e1-aa4e-00241dd6e3ec}\ not found. File G:\Startme.exe not found. C:\WINDOWS\System32\dllcache\SET12D.tmp deleted successfully. C:\WINDOWS\System32\dllcache\SET12F.tmp deleted successfully. C:\Dokumente und Einstellungen\Philipp\Anwendungsdaten\inst.exe moved successfully. C:\Dokumente und Einstellungen\Isa\Anwendungsdaten\searchqutoolbar folder moved successfully. C:\found.001\dir0000.chk folder moved successfully. C:\found.001 folder moved successfully. C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job moved successfully. C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job moved successfully. C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ism_0_llatsni.pad moved successfully. C:\WINDOWS\tasks\Adobe Flash Player Updater.job moved successfully. C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job moved successfully. C:\Dokumente und Einstellungen\Philipp\Startmenü\Programme\Autostart\ctfmon.lnk moved successfully. C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\boost_interprocess\D0C47A3076DACC01 folder moved successfully. C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\boost_interprocess folder moved successfully. ========== FILES ========== < ipconfig /flushdns /c > Windows-IP-Konfiguration Der DNS-Auflösungscache wurde geleert. C:\Dokumente und Einstellungen\Philipp\Desktop\cmd.bat deleted successfully. C:\Dokumente und Einstellungen\Philipp\Desktop\cmd.txt deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: Administrator ->Temp folder emptied: 1872 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 41044 bytes User: All Users User: Clara ->Temp folder emptied: 8728893 bytes ->Temporary Internet Files folder emptied: 17464161 bytes ->FireFox cache emptied: 260576292 bytes ->Google Chrome cache emptied: 6384763 bytes ->Flash cache emptied: 79753 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 41044 bytes User: Isa ->Temp folder emptied: 263585782 bytes ->Temporary Internet Files folder emptied: 28639093 bytes ->Java cache emptied: 2575973 bytes ->FireFox cache emptied: 458023014 bytes ->Google Chrome cache emptied: 22903729 bytes ->Flash cache emptied: 58157 bytes User: LocalService ->Temp folder emptied: 2193400 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: NetworkService ->Temp folder emptied: 2127032 bytes ->Temporary Internet Files folder emptied: 54515378 bytes User: Philipp ->Temp folder emptied: 847207547 bytes ->Temporary Internet Files folder emptied: 76686 bytes ->Java cache emptied: 24733392 bytes ->Flash cache emptied: 43671 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 200704 bytes %systemroot%\System32 .tmp files removed: 9149319 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 34806609 bytes RecycleBin emptied: 140951108 bytes Total Files Cleaned = 2.084,00 mb OTL by OldTimer - Version 3.2.58.1 log created on 08212012_134929 Files\Folders moved on Reboot... File move failed. C:\Programme\CheckPoint\ZoneAlarm\zatray.exe scheduled to be moved on reboot. C:\Dokumente und Einstellungen\Philipp\Lokale Einstellungen\Temp\install_0_msi.exe moved successfully. PendingFileRenameOperations files... Registry entries deleted on Reboot... Registry delete failed. HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ZoneAlarm scheduled to be deleted on reboot. EDIT: Der Taskmanager lässt sich wieder öffnen! Nur beim Herstellen einer Internetverbindung wollte ich mir erst die Erlaubnis einholen. Übrigens, ist es besser bis zum Schluss die Downloads (z.B. Virenscanner o.Ä.) auf dem sauberen Computer zu machen, oder macht es keinen Unterschied, wenn ich die Dateien (sobald ich die Internetverbindung erstellen darf) auf dem infizierten Rechner herunterlade? Geändert von pphps (21.08.2012 um 13:16 Uhr) |
21.08.2012, 14:59 | #12 |
/// Helfer-Team | GVU-Trojaner v2.07 (Windows XP) Sehr gut! Wie laeuft der Rechner? 1. Schritt Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.danach: 2. Schritt Downloade Dir bitte AdwCleaner auf deinen Desktop.
|
21.08.2012, 15:30 | #13 |
| GVU-Trojaner v2.07 (Windows XP) Ich habe eine Frage bezüglich des Vollscans: soll ich die externe Festplatte und die USB-sticks, die angeschlossen waren während der Computer den Virus hatte vor dem Scan mit Malwarebytes anschließen? |
21.08.2012, 17:54 | #14 |
/// Helfer-Team | GVU-Trojaner v2.07 (Windows XP) Am besten JA. |
21.08.2012, 20:05 | #15 |
| GVU-Trojaner v2.07 (Windows XP) Okay, Scans sind durchgeführt: mbam-log: Code:
ATTFilter Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.08.21.08 Windows XP Service Pack 3 x86 NTFS Internet Explorer 6.0.2900.5512 **** :: TUNED-0916D1BA8 [Administrator] 21.08.2012 18:59:42 mbam-log-2012-08-21 (18-59-42).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|F:\|H:\|I:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 513657 Laufzeit: 1 Stunde(n), 51 Minute(n), 59 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 4 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\vfd-ob (Rootkit.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\bho_project.bho_object (Trojan.BHO) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\bho_project.bho_object.1 (Trojan.BHO) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Google\Chrome\Extensions\kincjchfokkeneeofpeefomkikfkiedl (PUP.FCTPlugin) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 2 HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bösartig: (1) Gut: (0) -> Erfolgreich ersetzt und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bösartig: (1) Gut: (0) -> Erfolgreich ersetzt und in Quarantäne gestellt. Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 4 C:\Programme\OApps\vfd-ob_uninstall.exe (Rootkit.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Programme\intellidownload\vfd.exe (Rootkit.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\_OTL\MovedFiles\08212012_134929\C_Dokumente und Einstellungen\Philipp\Lokale Einstellungen\Temp\install_0_msi.exe (Trojan.Ransom) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Dokumente und Einstellungen\Philipp\Startmenü\Programme\Autostart\ctfmon.lnk (Trojan.Ransom.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) AdwCleaner-log: Code:
ATTFilter # AdwCleaner v1.801 - Logfile created 08/21/2012 at 21:01:07 # Updated 14/08/2012 by Xplode # Operating system : Microsoft Windows XP Service Pack 3 (32 bits) # User : **** - TUNED-0916D1BA8 # Boot Mode : Normal # Running from : C:\Dokumente und Einstellungen\****\Desktop\adwcleaner.exe # Option [Search] ***** [Services] ***** ***** [Files / Folders] ***** Folder Found : C:\Dokumente und Einstellungen\****\Anwendungsdaten\OpenCandy Folder Found : C:\Dokumente und Einstellungen\****\Anwendungsdaten\loadtbs Folder Found : C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Tarma Installer Folder Found : C:\Programme\Ask.com Folder Found : C:\Programme\Conduit Folder Found : C:\Programme\Windows iLivid Toolbar Folder Found : C:\Programme\Yontoo Layers Runtime Folder Found : C:\WINDOWS\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE} File Found : C:\Programme\Mozilla FireFox\searchplugins\Search_Results.xml File Found : C:\user.js ***** [Registry] ***** Key Found : HKCU\Software\APN Key Found : HKCU\Software\Ask.com Key Found : HKCU\Software\AskToolbar Key Found : HKCU\Software\Conduit Key Found : HKCU\Software\DataMngr Key Found : HKCU\Software\DataMngr_Toolbar Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0} Key Found : HKCU\Software\Softonic Key Found : HKCU\Toolbar Key Found : HKLM\SOFTWARE\APN Key Found : HKLM\SOFTWARE\AskToolbar Key Found : HKLM\SOFTWARE\Canneverbe Limited\OpenCandy Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL Key Found : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL Key Found : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL Key Found : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL Key Found : HKLM\SOFTWARE\Classes\AppID\esrv.EXE Key Found : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL Key Found : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL Key Found : HKLM\SOFTWARE\Classes\escort.escortIEPane Key Found : HKLM\SOFTWARE\Classes\escort.escortIEPane.1 Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1 Key Found : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF Key Found : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF Key Found : HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard Key Found : HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard.1 Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Api Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1 Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Layers Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1 Key Found : HKLM\SOFTWARE\Conduit Key Found : HKLM\SOFTWARE\DataMngr Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B} Key Found : HKLM\SOFTWARE\SearchquMediabarTb Key Found : HKLM\SOFTWARE\Tarma Installer Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [DataMngr] ***** [Registre - GUID] ***** Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947} Key Found : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921} Key Found : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874} Key Found : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D} Key Found : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0} Key Found : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} Key Found : HKLM\SOFTWARE\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401} Key Found : HKLM\SOFTWARE\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4} Key Found : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D} Key Found : HKLM\SOFTWARE\Classes\CLSID\{9D717F81-9148-4F12-8568-69135F087DB0} Key Found : HKLM\SOFTWARE\Classes\CLSID\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115} Key Found : HKLM\SOFTWARE\Classes\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87} Key Found : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE} Key Found : HKLM\SOFTWARE\Classes\CLSID\{DFEFCDEE-CF1A-4FC8-88AD-129872198372} Key Found : HKLM\SOFTWARE\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} Key Found : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93} Key Found : HKLM\SOFTWARE\Classes\CLSID\{FEFD3AF5-A346-4451-AA23-A3AD54915515} Key Found : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401} Key Found : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5} Key Found : HKLM\SOFTWARE\Classes\Interface\{22B0769F-794B-4422-AC84-47B123C8986D} Key Found : HKLM\SOFTWARE\Classes\Interface\{255E0B2A-D747-4EEF-B7CE-159D73A3656D} Key Found : HKLM\SOFTWARE\Classes\Interface\{28ED590D-F5ED-4E05-A87F-1D759F1C6169} Key Found : HKLM\SOFTWARE\Classes\Interface\{45D5B93F-E2ED-4AF2-915E-DCDDBDA8C33C} Key Found : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456} Key Found : HKLM\SOFTWARE\Classes\Interface\{771B99AB-636F-4A11-9039-8DFEB927B061} Key Found : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92} Key Found : HKLM\SOFTWARE\Classes\Interface\{A8321AA2-2227-40C7-8525-6C2F4E1B0EBE} Key Found : HKLM\SOFTWARE\Classes\Interface\{AA41A731-6814-4A70-A6F1-C0A20FBBFBD5} Key Found : HKLM\SOFTWARE\Classes\Interface\{ABBB8A9E-D8AF-40D1-94BE-5175077465FC} Key Found : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E} Key Found : HKLM\SOFTWARE\Classes\Interface\{BF737694-56F6-46FA-9FDC-FA99A5B25FAD} Key Found : HKLM\SOFTWARE\Classes\Interface\{CFCD164E-8AC9-478E-9ECC-B616A932016C} Key Found : HKLM\SOFTWARE\Classes\Interface\{D5961CC0-B442-4567-8030-67E241EF4CC2} Key Found : HKLM\SOFTWARE\Classes\Interface\{E450067F-1C93-41A7-928E-07E5C2EEC680} Key Found : HKLM\SOFTWARE\Classes\Interface\{F977D9F2-4BDC-44A6-B508-7C0284C61EED} Key Found : HKLM\SOFTWARE\Classes\Interface\{FFB96CC1-7EB3-449D-B827-DB661701C6BB} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{48C9C8B0-A546-46C1-A81F-47A31E623E9D} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{5B4144E1-B61D-495A-9A50-CD1A95D86D15} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{841D5A49-E48D-413C-9C28-EB3D9081D705} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} Key Found : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A} Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{99079A25-328F-4BD4-BE04-00955ACAA0A7} Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A} Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E} Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D717F81-9148-4F12-8568-69135F087DB0} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9D717F81-9148-4F12-8568-69135F087DB0} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DFEFCDEE-CF1A-4FC8-88AD-129872198372} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{DFEFCDEE-CF1A-4FC8-88AD-129872198372}] ***** [Internet Browsers] ***** -\\ Internet Explorer v6.0.2900.5512 [OK] Registry is clean. ************************* AdwCleaner[R1].txt - [8737 octets] - [21/08/2012 21:01:07] ########## EOF - C:\AdwCleaner[R1].txt - [8865 octets] ########## |
Themen zu GVU-Trojaner v2.07 (Windows XP) |
abend, bekannte, compu, computer, erschein, erscheint, frage, hallo zusammen, infizierte, infizierten, installiere, installieren, inter, interne, internetverbindung, konnte, laufen, locker, nicht sicher, risiko, unlocker, verbindung, versuch, windows, windows xp, zugriff, zusammen |