| |
| |||||||
Log-Analyse und Auswertung: GUV Trojaner bereinigen - immer noch blue screen mit grafikproblemenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
30.08.2012, 07:38
| #1 |
| |  GUV Trojaner bereinigen - immer noch blue screen mit grafikproblemen Hallo, ich habe auf meinem 6 Jahre alten Rechner (Vista 32 Bit, 3GB RAM) vor einer Woche Civ5 installiert. In diesem Zusammenhang aktualisierte ich auch den Grafiktreiber. Leider stürtzte das Programm immer nach einiger Zeit spielen ab. In der Folge verblieb ein Grafikfehler beim Booten und es kam zu einem Bluescreen. Die Fehlermeldung habe ich leider nicht notiert. NAchdem ich im abgesicherten Modus den alten Grafiktreiber wieder hergestellt hatte. Funktionierte alles wieder. Der Fehler war reproduzierbar. Ich beendete meine Analyse damit, dass scheinbar die Systemanforderungen des Spiels mein System überfordern, egal mit welchem Grafiktreiber. Gestern nun blockierte beim surfen mein Bildschirm mit der bekannten GUV Trojaner Anzeige. Nach der ersten Panik bin ich euren Forumsanweisungen gefolgt, um diesen zu bereinigen: 1. Zugang zum Rechner verschaft mit Kaspersky RettungsCD Danach lies sich der Rechner nicht erfolgreich im normalen Modus booten. Beim booten tauchen bereits im BIOS Modus Grafikfehler auf. Die Fehlermeldung lautet PAGE_FAULT_IN_NOPAGED_AREA. 2. Rechner im abgesicherten Modus gestartet Malwarebytes installiert, aktualisiert und ausgeführt. Es wurden 2 Infektionen gefnden Code:
ATTFilter Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.08.29.05 Windows Vista Service Pack 2 x86 NTFS (Abgesichertenmodus/Netzwerkfähig) Internet Explorer 9.0.8112.16421 tigger :: CARSTENBARTS-PC [Administrator] 29.08.2012 18:33:42 mbam-log-2012-08-29 (23-41-02).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 972444 Laufzeit: 2 Stunde(n), 6 Minute(n), 46 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 2 C:\Users\tigger\AppData\Local\Temp\iop0__cha.exe (Trojan.PWS) -> Keine Aktion durchgeführt. C:\Users\tigger\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk (Trojan.Ransom.Gen) -> Keine Aktion durchgeführt. (Ende) 4. OTL heruntergeladen, installiert und ausgeführt Code:
ATTFilter OTL logfile created on: 29.08.2012 23:58:08 - Run 1 OTL by OldTimer - Version 3.2.59.1 Folder = C:\Users\tigger\Downloads Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,51 Gb Available Physical Memory | 83,86% Memory free 6,19 Gb Paging File | 5,88 Gb Available in Paging File | 94,97% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 278,55 Gb Total Space | 118,59 Gb Free Space | 42,57% Space Free | Partition Type: NTFS Drive D: | 931,51 Gb Total Space | 437,62 Gb Free Space | 46,98% Space Free | Partition Type: NTFS Drive E: | 19,52 Gb Total Space | 9,97 Gb Free Space | 51,08% Space Free | Partition Type: FAT32 Computer Name: CARSTENBARTS-PC | User Name: tigger | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.08.29 23:56:59 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Users\tigger\Downloads\OTL.exe PRC - [2009.04.11 15:18:30 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2008.01.21 04:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe ========== Modules (No Company Name) ========== MOD - [2008.09.16 21:18:06 | 000,132,608 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll ========== Services (SafeList) ========== SRV - [2012.08.24 18:03:54 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2012.08.21 16:29:52 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.08.21 16:29:51 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.08.02 08:42:55 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.04.22 13:51:04 | 000,720,936 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2012.04.15 12:37:14 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2010.05.07 19:47:32 | 000,162,648 | ---- | M] (Logitech Inc.) [Disabled | Stopped] -- C:\Programme\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv) SRV - [2009.10.20 20:19:48 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Programme\WinPcap\rpcapd.exe -- (rpcapd) SRV - [2008.10.24 17:35:44 | 000,128,296 | ---- | M] () [Disabled | Stopped] -- C:\Programme\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe -- (AAV UpdateService) SRV - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2008.01.21 04:23:24 | 000,365,568 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm) SRV - [2008.01.21 04:23:24 | 000,167,936 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr) SRV - [2006.09.27 12:35:12 | 001,440,256 | ---- | M] (Buhl Data Service GmbH) [Disabled | Stopped] -- C:\Programme\Sceneo\Bonavista\Services\PVR\pvrservice.exe -- (srvcPVR) SRV - [2006.09.26 18:50:30 | 000,779,776 | ---- | M] (ODSoft multimedia) [Disabled | Stopped] -- C:\Programme\Sceneo\Bonavista\Services\ODSBC\ODSBCService.exe -- (ODSBC) SRV - [2001.11.12 14:31:48 | 000,020,480 | ---- | M] (X10) [On_Demand | Stopped] -- C:\Programme\Common Files\X10\Common\X10nets.exe -- (x10nets) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - [2012.08.21 16:29:52 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2012.08.21 16:29:52 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2012.06.04 09:59:20 | 000,181,432 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudmdm.sys -- (ssudmdm) DRV - [2012.06.04 09:59:20 | 000,080,824 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudbus.sys -- (dg_ssudbus) DRV - [2012.05.15 12:26:00 | 011,354,944 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2012.04.22 13:51:38 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd) DRV - [2012.01.09 17:28:20 | 000,023,168 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc) DRV - [2012.01.09 17:28:20 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd) DRV - [2012.01.09 17:28:20 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt) DRV - [2012.01.09 17:28:20 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev) DRV - [2011.09.16 16:08:07 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2011.04.30 18:44:15 | 000,101,248 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\avmaudio.sys -- (avmaudio) DRV - [2010.11.10 04:49:50 | 004,323,040 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC) DRV - [2010.11.10 04:48:12 | 000,283,744 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS) DRV - [2010.05.07 19:43:30 | 000,025,824 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon) DRV - [2009.11.16 15:46:12 | 000,037,920 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tbhsd.sys -- (tbhsd) DRV - [2009.10.20 20:19:44 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\npf.sys -- (NPF) DRV - [2009.10.08 16:55:33 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.09.24 10:30:02 | 001,006,816 | ---- | M] (NXP Semiconductors Germany GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\3xHybrid.sys -- (3xHybrid) DRV - [2009.05.05 10:59:02 | 000,022,168 | ---- | M] (VIA Technologies,Inc) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\xfilt.sys -- (xfilt) DRV - [2009.05.05 10:58:30 | 000,013,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\videX32.sys -- (videX32) DRV - [2009.02.03 17:36:58 | 000,059,000 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfdrv01.sys -- (sfdrv01) DRV - [2007.05.11 17:40:42 | 000,329,728 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netr73.sys -- (netr73) DRV - [2006.12.23 11:44:59 | 000,080,768 | ---- | M] (Protection Technology) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\prodrv06.sys -- (prodrv06) DRV - [2006.12.23 11:43:17 | 000,077,120 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\prohlp02.sys -- (prohlp02) DRV - [2006.11.30 16:18:18 | 000,027,416 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10ufx2.sys -- (XUIF) DRV - [2006.11.02 09:30:56 | 000,044,544 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169) DRV - [2006.07.10 18:19:58 | 000,027,032 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfsync02.sys -- (sfsync02) DRV - [2006.06.14 16:56:56 | 000,013,680 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfhlp02.sys -- (sfhlp02) DRV - [2005.12.21 11:16:58 | 000,007,136 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\prosync1.sys -- (prosync1) DRV - [2003.12.01 17:20:52 | 000,004,832 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfhlp01.sys -- (sfhlp01) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-4134204036-2018364504-4283320076-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dsl-start.computerbild.de IE - HKU\S-1-5-21-4134204036-2018364504-4283320076-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.google.de/ [binary data] IE - HKU\S-1-5-21-4134204036-2018364504-4283320076-1001\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKU\S-1-5-21-4134204036-2018364504-4283320076-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.google.de/ [binary data] IE - HKU\S-1-5-21-4134204036-2018364504-4283320076-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKU\S-1-5-21-4134204036-2018364504-4283320076-1001\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-4134204036-2018364504-4283320076-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-4134204036-2018364504-4283320076-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-4134204036-2018364504-4283320076-1001\..\SearchScopes\{2EAA5FD3-0F87-4AF2-BC2B-8EB03016D690}: "URL" = hxxp://www.google.de/search?q={searchTerms}&rlz= IE - HKU\S-1-5-21-4134204036-2018364504-4283320076-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\S-1-5-21-4134204036-2018364504-4283320076-1001\..\SearchScopes\{D2B4F343-5D83-4619-B82F-6D8AE28A2CC7}: "URL" = hxxp://www.computerbild.de/suche/index.html?s_text={searchTerms} IE - HKU\S-1-5-21-4134204036-2018364504-4283320076-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-4134204036-2018364504-4283320076-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..network.proxy.no_proxies_on: "*.local" FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_233.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\tigger\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.08.20 15:13:30 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.08.20 15:13:30 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.08.20 15:13:30 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.08.20 15:13:30 | 000,000,000 | ---D | M] [2009.11.14 15:33:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\tigger\AppData\Roaming\mozilla\Extensions [2012.05.02 20:35:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\tigger\AppData\Roaming\mozilla\Firefox\Profiles\l0uy5brr.default\extensions [2010.06.26 21:50:41 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\tigger\AppData\Roaming\mozilla\Firefox\Profiles\l0uy5brr.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.03.07 21:06:58 | 000,001,828 | ---- | M] () -- C:\Users\tigger\AppData\Roaming\Mozilla\Firefox\Profiles\l0uy5brr.default\searchplugins\bing.xml [2012.05.09 16:36:05 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2010.12.27 22:06:04 | 000,000,000 | ---D | M] (Skype extension) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2009.12.13 12:54:37 | 000,000,000 | ---D | M] (AresTube2 Toolbar) -- C:\Programme\Mozilla Firefox\extensions\{dbbe01d1-5a24-48db-ae99-bd025b80b9e7} [2012.08.02 08:42:57 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.03.24 11:29:09 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2012.06.10 09:44:29 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.06.10 09:44:29 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.06.10 09:44:29 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.06.10 09:44:29 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.06.10 09:44:29 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.10 09:44:29 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Google () CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms} O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (kikin Plugin) - {E601996F-E400-41CA-804B-CD6373A7EEE2} - C:\Programme\kikin\ie_kikin.dll (kikin) O3 - HKU\S-1-5-21-4134204036-2018364504-4283320076-1001\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [KiesTrayAgent] C:\Programme\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation) O4 - HKLM..\Run: [WPCUMI] C:\Windows\System32\wpcumi.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-21-4134204036-2018364504-4283320076-1001..\Run: [KiesAirMessage] C:\Program Files\Samsung\Kies\KiesAirMessage.exe -startup File not found O4 - HKU\S-1-5-21-4134204036-2018364504-4283320076-1001..\Run: [KiesPDLR] C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe () O4 - HKU\S-1-5-21-4134204036-2018364504-4283320076-1001..\Run: [KiesPreload] C:\Program Files\Samsung\Kies\Kies.exe (Samsung) O4 - HKU\S-1-5-21-4134204036-2018364504-4283320076-1001..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation) O4 - HKU\S-1-5-21-4134204036-2018364504-4283320076-1001..\Run: [SugarSync] C:\Program Files\SugarSync\SugarSyncManager.exe (SugarSync, Inc.) O4 - HKU\S-1-5-21-4134204036-2018364504-4283320076-1001..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [!iLividOnce] C:\Users\tigger\Downloads\iLividSetupV1.exe (Bandoo Media Inc) O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\RunOnce: [NvRegisterMCTray] C:\Windows\System32\NVMCTRAY.DLL (NVIDIA Corporation) O4 - Startup: C:\Users\tigger\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SyncBack.lnk = C:\Programme\2BrightSparks\SyncBack\SyncBack.exe (2BrightSparks) O7 - HKU\S-1-5-21-4134204036-2018364504-4283320076-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-4134204036-2018364504-4283320076-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2 O7 - HKU\S-1-5-21-4134204036-2018364504-4283320076-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1 O8 - Extra context menu item: add to &BOM - C:\\PROGRA~1\\BIET-O~1\\\\AddToBOM.hta () O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found O9 - Extra 'Tools' menuitem : My kikin - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - C:\Programme\kikin\ie_kikin.dll (kikin) O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O13 - gopher Prefix: missing O15 - HKU\S-1-5-21-4134204036-2018364504-4283320076-1001\..Trusted Domains: fritz.repeater ([]* in Lokales Intranet) O15 - HKU\S-1-5-21-4134204036-2018364504-4283320076-1001\..Trusted Ranges: Range1 ([*] in Lokales Intranet) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6C019879-6D5B-4FE8-AFDB-9659879F0F1F}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7F60B33E-3CCB-4BDE-A8D1-AC65015D78D3}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{91FC4B81-E955-4D86-ACE4-73FEC9EEC789}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\tigger\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\tigger\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{28eadb33-aa59-11e0-947c-001617db6f5c}\Shell - "" = AutoRun O33 - MountPoints2\{28eadb33-aa59-11e0-947c-001617db6f5c}\Shell\AutoRun\command - "" = M:\SafeStick.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.08.29 18:33:03 | 000,000,000 | ---D | C] -- C:\Users\tigger\AppData\Roaming\Malwarebytes [2012.08.29 18:32:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.08.29 18:32:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.08.29 18:32:52 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.08.29 18:32:52 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.08.29 18:17:34 | 000,000,000 | ---D | C] -- C:\Windows\LastGood [2012.08.25 10:21:10 | 000,000,000 | ---D | C] -- C:\Windows\Minidump [2012.08.25 10:06:15 | 000,061,248 | ---- | C] (Khronos Group) -- C:\Windows\System32\OpenCL.dll [2012.08.25 10:06:00 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation [2012.08.25 09:59:58 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation [2012.08.25 09:59:20 | 000,000,000 | ---D | C] -- C:\NVIDIA [2012.08.24 18:02:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Steam [2012.08.24 18:02:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam [2012.08.24 18:02:49 | 000,000,000 | ---D | C] -- C:\Program Files\Steam [2012.08.23 20:51:54 | 000,181,432 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\System32\drivers\ssudmdm.sys [2012.08.23 20:51:54 | 000,080,824 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\System32\drivers\ssudbus.sys [2012.08.23 20:43:28 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2012.08.20 15:13:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime [2012.08.20 15:12:52 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime [2012.08.20 15:03:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2012.08.18 13:43:54 | 000,000,000 | ---D | C] -- C:\Program Files\Sony [2012.08.04 22:09:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverTuner [2012.08.04 22:09:37 | 000,000,000 | ---D | C] -- C:\Program Files\DriverTuner [2012.08.04 13:00:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Simpli Software [2012.08.04 13:00:36 | 000,000,000 | ---D | C] -- C:\Program Files\Simpli Software [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Users\tigger\Documents\*.tmp files -> C:\Users\tigger\Documents\*.tmp -> ] [1 C:\Users\tigger\AppData\Local\*.tmp files -> C:\Users\tigger\AppData\Local\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.08.29 23:55:47 | 000,000,000 | ---- | M] () -- C:\Users\tigger\defogger_reenable [2012.08.29 23:53:33 | 000,000,540 | ---- | M] () -- C:\Users\Public\Desktop\iLivid.lnk [2012.08.29 23:44:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.08.29 23:44:17 | 174,063,392 | ---- | M] () -- C:\Windows\MEMORY.DMP [2012.08.29 18:40:04 | 000,042,496 | ---- | M] () -- C:\Users\tigger\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.08.29 18:32:53 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.08.29 16:56:45 | 000,003,760 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.08.29 16:56:44 | 000,003,760 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.08.29 16:51:01 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.08.29 16:47:15 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.08.29 16:27:55 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.08.29 08:41:21 | 083,023,306 | ---- | M] () -- C:\ProgramData\ahc__0poi.pad [2012.08.25 21:28:15 | 000,000,434 | ---- | M] () -- C:\Windows\tasks\SyncBack Datensicherung.job [2012.08.24 18:12:24 | 000,000,790 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk [2012.08.23 20:44:15 | 000,596,036 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.08.23 20:44:14 | 000,628,668 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.08.23 20:44:14 | 000,126,474 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.08.23 20:44:14 | 000,104,110 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.08.21 22:00:11 | 000,000,434 | ---- | M] () -- C:\Windows\tasks\SyncBack USB Festplatte.job [2012.08.21 16:29:52 | 000,137,928 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys [2012.08.21 16:29:52 | 000,083,392 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys [2012.08.20 15:13:08 | 000,001,730 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [2012.08.18 13:48:24 | 000,255,400 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.08.04 13:00:37 | 000,000,965 | ---- | M] () -- C:\Users\tigger\Desktop\HD Tach.lnk [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Users\tigger\Documents\*.tmp files -> C:\Users\tigger\Documents\*.tmp -> ] [1 C:\Users\tigger\AppData\Local\*.tmp files -> C:\Users\tigger\AppData\Local\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.08.29 23:55:47 | 000,000,000 | ---- | C] () -- C:\Users\tigger\defogger_reenable [2012.08.29 23:53:33 | 000,000,540 | ---- | C] () -- C:\Users\Public\Desktop\iLivid.lnk [2012.08.29 18:32:53 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.08.29 08:36:41 | 083,023,306 | ---- | C] () -- C:\ProgramData\ahc__0poi.pad [2012.08.25 10:19:28 | 174,063,392 | ---- | C] () -- C:\Windows\MEMORY.DMP [2012.08.25 10:00:23 | 000,011,190 | ---- | C] () -- C:\Windows\System32\nvinfo.pb [2012.08.24 18:02:50 | 000,000,790 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk [2012.08.20 15:13:08 | 000,001,730 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [2012.08.04 13:00:37 | 000,000,965 | ---- | C] () -- C:\Users\tigger\Desktop\HD Tach.lnk [2012.06.04 17:06:51 | 000,000,680 | ---- | C] () -- C:\Users\tigger\AppData\Local\d3d9caps.dat [2011.03.20 13:36:37 | 000,000,680 | RHS- | C] () -- C:\Users\tigger\ntuser.pol [2011.03.02 07:57:44 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe [2011.03.02 07:57:40 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll [2011.03.02 07:57:40 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll [2011.03.02 07:57:40 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll [2011.03.02 07:57:40 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll [2010.12.27 22:56:15 | 000,042,496 | ---- | C] () -- C:\Users\tigger\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.11.21 10:42:08 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib [2010.11.10 04:45:32 | 000,102,744 | ---- | C] () -- C:\Windows\System32\LogiDPPApp.exe [2010.11.10 04:45:30 | 010,871,128 | ---- | C] () -- C:\Windows\System32\LogiDPP.dll [2010.11.10 04:45:20 | 000,316,248 | ---- | C] () -- C:\Windows\System32\DevManagerCore.dll [2010.11.10 04:31:42 | 000,026,286 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini [2009.11.13 19:19:33 | 000,143,998 | ---- | C] () -- C:\ProgramData\nvModes.dat [2009.11.13 19:19:33 | 000,143,998 | ---- | C] () -- C:\ProgramData\nvModes.001 ========== LOP Check ========== [2010.06.13 09:45:17 | 000,000,000 | ---D | M] -- C:\Users\Carsten Bartsch\AppData\Roaming\BOM [2011.03.21 20:33:05 | 000,000,000 | ---D | M] -- C:\Users\Lilly\AppData\Roaming\BOM [2012.06.09 11:15:20 | 000,000,000 | ---D | M] -- C:\Users\Lilly\AppData\Roaming\JRT Studio [2012.05.30 17:21:21 | 000,000,000 | ---D | M] -- C:\Users\Lilly\AppData\Roaming\PC Suite [2011.12.31 12:35:44 | 000,000,000 | ---D | M] -- C:\Users\tigger\AppData\Roaming\Amazon [2012.01.12 09:24:19 | 000,000,000 | ---D | M] -- C:\Users\tigger\AppData\Roaming\Auslogics [2012.07.08 23:53:33 | 000,000,000 | ---D | M] -- C:\Users\tigger\AppData\Roaming\BOM [2009.11.14 14:50:45 | 000,000,000 | ---D | M] -- C:\Users\tigger\AppData\Roaming\Bonavista [2009.12.05 20:17:38 | 000,000,000 | ---D | M] -- C:\Users\tigger\AppData\Roaming\CD-LabelPrint [2011.01.07 20:52:19 | 000,000,000 | ---D | M] -- C:\Users\tigger\AppData\Roaming\de.myphotobook.creator.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1 [2012.05.29 21:28:39 | 000,000,000 | ---D | M] -- C:\Users\tigger\AppData\Roaming\DVDVideoSoft [2012.06.04 17:40:09 | 000,000,000 | ---D | M] -- C:\Users\tigger\AppData\Roaming\GetRightToGo [2011.10.05 09:29:38 | 000,000,000 | ---D | M] -- C:\Users\tigger\AppData\Roaming\HandBrake [2009.11.14 15:36:00 | 000,000,000 | ---D | M] -- C:\Users\tigger\AppData\Roaming\IrfanView [2009.12.26 15:44:35 | 000,000,000 | ---D | M] -- C:\Users\tigger\AppData\Roaming\JimbobSoft [2012.08.24 06:44:29 | 000,000,000 | ---D | M] -- C:\Users\tigger\AppData\Roaming\JRT Studio [2011.01.21 23:30:40 | 000,000,000 | ---D | M] -- C:\Users\tigger\AppData\Roaming\kikin [2010.12.27 22:11:35 | 000,000,000 | ---D | M] -- C:\Users\tigger\AppData\Roaming\Leadertech [2010.12.26 13:30:20 | 000,000,000 | ---D | M] -- C:\Users\tigger\AppData\Roaming\myphotobook [2012.06.03 10:45:09 | 000,000,000 | ---D | M] -- C:\Users\tigger\AppData\Roaming\Nokia [2012.06.03 10:45:09 | 000,000,000 | ---D | M] -- C:\Users\tigger\AppData\Roaming\Nokia Suite [2012.05.29 21:40:53 | 000,000,000 | ---D | M] -- C:\Users\tigger\AppData\Roaming\PC Suite [2012.03.26 21:15:14 | 000,000,000 | ---D | M] -- C:\Users\tigger\AppData\Roaming\pdfforge [2012.05.30 07:55:22 | 000,000,000 | ---D | M] -- C:\Users\tigger\AppData\Roaming\Samsung [2009.11.14 14:49:26 | 000,000,000 | ---D | M] -- C:\Users\tigger\AppData\Roaming\Sonavis [2012.01.07 18:59:42 | 000,000,000 | ---D | M] -- C:\Users\tigger\AppData\Roaming\Unity [2009.11.14 14:52:18 | 000,000,000 | ---D | M] -- C:\Users\tigger\AppData\Roaming\VMedia [2012.06.04 17:40:51 | 000,000,000 | ---D | M] -- C:\Users\tigger\AppData\Roaming\WinTrack [2012.08.29 16:56:44 | 000,032,534 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2012.07.11 10:00:00 | 000,000,432 | ---- | M] () -- C:\Windows\Tasks\SyncBack Benutzerdaten.job [2012.08.25 21:28:15 | 000,000,434 | ---- | M] () -- C:\Windows\Tasks\SyncBack Datensicherung.job [2012.07.11 15:03:59 | 000,000,446 | ---- | M] () -- C:\Windows\Tasks\SyncBack USB Festplatte musik.job [2012.08.21 22:00:11 | 000,000,434 | ---- | M] () -- C:\Windows\Tasks\SyncBack USB Festplatte.job ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:07BF512B < End of report > Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-08-30 08:01:22
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST3320820AS rev.3.AAC
Running: b6ip0i4j.exe; Driver: C:\Users\tigger\AppData\Local\Temp\awtiquob.sys
---- Kernel code sections - GMER 1.0.15 ----
? System32\drivers\bdpebahv.sys Das System kann den angegebenen Pfad nicht finden. !
---- Devices - GMER 1.0.15 ----
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-4 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort0 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort1 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort2 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-2 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdeDeviceP2T1L0-5 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\prohlp02 \Device\ProHlp02 8D25A108
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)
---- EOF - GMER 1.0.15 ----
Des weiteren habe ich eine USB Festplatte, die am infizierten System dran war entfernt. Wie soll ich diese säubern ? Ich bitte um Ratschläge zum weiteren Vorgehen |
| Themen zu GUV Trojaner bereinigen - immer noch blue screen mit grafikproblemen |
| 32 bit, alternate, antivir, avira, bandoo, bho, bildschirm, bonjour, booten, dateisystem, defender, desktop, fehlermeldung, firefox, flash player, format, google earth, guv trojaner, helper, heuristiks/extra, heuristiks/shuriken, home, intranet, kaspersky, logfile, mozilla, nicht sicher, object, plug-in, programm, realtek, registry, scan, searchscopes, software, spielen, trojaner, version=1.0, vista, vista 32 bit |
Baum-Darstellung