Hallo ich habe hier einen Computer der mit dem altbekannten GVU erpresser trojaner (oder was in diesem fall die richtige bezeichnung ist
) befallen ist.
Code:
Alles auswählen Aufklappen ATTFilter
OTL logfile created on: 31.08.2012 12:31:20 - Run 1
OTL by OldTimer - Version 3.2.59.1 Folder = C:\Users\Marius\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1,75 Gb Total Physical Memory | 1,48 Gb Available Physical Memory | 84,55% Memory free
3,50 Gb Paging File | 3,25 Gb Available in Paging File | 92,90% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 282,27 Gb Total Space | 194,12 Gb Free Space | 68,77% Space Free | Partition Type: NTFS
Drive D: | 15,81 Gb Total Space | 5,02 Gb Free Space | 31,77% Space Free | Partition Type: FAT32
Computer Name: MARIUS-PC | User Name: Marius | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 60 Days
========== Processes (SafeList) ==========
PRC - C:\Users\Marius\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Windows\System32\cmd.exe (Microsoft Corporation)
========== Modules (No Company Name) ==========
========== Services (SafeList) ==========
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (VMCService) -- C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe (Vodafone)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
========== Driver Services (SafeList) ==========
DRV - (VGPU) -- System32\drivers\rdvgkmd.sys File not found
DRV - (tsusbhub) -- system32\drivers\tsusbhub.sys File not found
DRV - (Synth3dVsc) -- System32\drivers\synth3dvsc.sys File not found
DRV - (hwdatacard) -- system32\DRIVERS\ewusbmdm.sys File not found
DRV - (cmnsusbser) -- system32\DRIVERS\cmnsusbser.sys File not found
DRV - (clwvd) -- system32\DRIVERS\clwvd.sys File not found
DRV - (TrojanKillerDriver) -- C:\Windows\System32\drivers\gtkdrv.sys (Windows (R) Win 7 DDK provider)
DRV - (sptd) -- C:\Windows\System32\drivers\sptd.sys (Duplex Secure Ltd.)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (ZTEusbnet) -- C:\Windows\System32\drivers\ZTEusbnet.sys (ZTE Corporation)
DRV - (ZTEusbvoice) -- C:\Windows\System32\drivers\zteusbvoice.sys (ZTE Incorporated)
DRV - (ZTEusbser6k) -- C:\Windows\System32\drivers\ZTEusbser6k.sys (ZTE Incorporated)
DRV - (ZTEusbnmea) -- C:\Windows\System32\drivers\ZTEusbnmea.sys (ZTE Incorporated)
DRV - (ZTEusbmdm6k) -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys (ZTE Incorporated)
DRV - (massfilter) -- C:\Windows\System32\drivers\massfilter.sys (ZTE Incorporated)
DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvm62x32.sys (NVIDIA Corporation)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-798133272-3179726713-1750540518-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.de/
IE - HKU\S-1-5-21-798133272-3179726713-1750540518-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-798133272-3179726713-1750540518-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-798133272-3179726713-1750540518-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C0 2E 00 27 B2 29 CB 01 [binary data]
IE - HKU\S-1-5-21-798133272-3179726713-1750540518-1000\..\URLSearchHook: - No CLSID value found
IE - HKU\S-1-5-21-798133272-3179726713-1750540518-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-798133272-3179726713-1750540518-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-798133272-3179726713-1750540518-1000\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKU\S-1-5-21-798133272-3179726713-1750540518-1000\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = hxxp://www.daemon-search.com/search?q={searchTerms}
IE - HKU\S-1-5-21-798133272-3179726713-1750540518-1000\..\SearchScopes\{F700C057-A129-461B-ADF3-40F23D18C4E1}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=MYC-ST&o=102869&src=crm&q={searchTerms}&locale=&apn_ptnrs=5J&apn_dtid=YYYYYYYYDE&apn_uid=28e7d144-0f85-4806-a539-b9e09eb58f10&apn_sauid=C40D723D-65E5-46CD-9C29-DC53FD3B669B
IE - HKU\S-1-5-21-798133272-3179726713-1750540518-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: ""
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:2.0.0.4
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94
FF - prefs.js..extensions.enabledItems: fbchathistory@firechm.com :1.2
FF - prefs.js..extensions.enabledItems: DTToolbar@toolbarnet.com :1.1.2.0185
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}:6.0.31
FF - prefs.js..network.proxy.type: 0
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_268.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Marius\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Marius\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011.05.28 20:37:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011.05.28 20:37:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.29 18:26:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.05.13 12:15:32 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.29 18:26:30 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.05.13 12:15:32 | 000,000,000 | ---D | M]
[2010.07.22 17:45:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marius\AppData\Roaming\mozilla\Extensions
[2012.05.15 17:37:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marius\AppData\Roaming\mozilla\Firefox\Profiles\pi3mj894.default\extensions
[2012.05.13 16:27:36 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Marius\AppData\Roaming\mozilla\Firefox\Profiles\pi3mj894.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2012.05.13 16:27:48 | 000,000,000 | ---D | M] ("DAEMON Tools Toolbar") -- C:\Users\Marius\AppData\Roaming\mozilla\Firefox\Profiles\pi3mj894.default\extensions\DTToolbar@toolbarnet.com
[2011.05.22 12:13:45 | 000,002,400 | ---- | M] () -- C:\Users\Marius\AppData\Roaming\Mozilla\Firefox\Profiles\pi3mj894.default\searchplugins\askcom.xml
[2011.07.19 18:27:51 | 000,002,055 | ---- | M] () -- C:\Users\Marius\AppData\Roaming\Mozilla\Firefox\Profiles\pi3mj894.default\searchplugins\daemon-search.xml
[2012.07.29 11:03:45 | 000,000,950 | ---- | M] () -- C:\Users\Marius\AppData\Roaming\Mozilla\Firefox\Profiles\pi3mj894.default\searchplugins\icqplugin-1.xml
[2012.02.18 15:43:31 | 000,000,950 | ---- | M] () -- C:\Users\Marius\AppData\Roaming\Mozilla\Firefox\Profiles\pi3mj894.default\searchplugins\icqplugin-10.xml
[2012.03.16 15:28:29 | 000,000,950 | ---- | M] () -- C:\Users\Marius\AppData\Roaming\Mozilla\Firefox\Profiles\pi3mj894.default\searchplugins\icqplugin-11.xml
[2012.05.13 12:16:20 | 000,000,950 | ---- | M] () -- C:\Users\Marius\AppData\Roaming\Mozilla\Firefox\Profiles\pi3mj894.default\searchplugins\icqplugin-12.xml
[2011.04.06 16:46:21 | 000,000,950 | ---- | M] () -- C:\Users\Marius\AppData\Roaming\Mozilla\Firefox\Profiles\pi3mj894.default\searchplugins\icqplugin-2.xml
[2011.05.12 13:58:59 | 000,000,950 | ---- | M] () -- C:\Users\Marius\AppData\Roaming\Mozilla\Firefox\Profiles\pi3mj894.default\searchplugins\icqplugin-3.xml
[2011.07.19 18:50:50 | 000,000,950 | ---- | M] () -- C:\Users\Marius\AppData\Roaming\Mozilla\Firefox\Profiles\pi3mj894.default\searchplugins\icqplugin-4.xml
[2011.09.15 21:31:41 | 000,000,950 | ---- | M] () -- C:\Users\Marius\AppData\Roaming\Mozilla\Firefox\Profiles\pi3mj894.default\searchplugins\icqplugin-5.xml
[2011.10.03 11:18:44 | 000,000,950 | ---- | M] () -- C:\Users\Marius\AppData\Roaming\Mozilla\Firefox\Profiles\pi3mj894.default\searchplugins\icqplugin-6.xml
[2011.11.13 18:12:29 | 000,000,950 | ---- | M] () -- C:\Users\Marius\AppData\Roaming\Mozilla\Firefox\Profiles\pi3mj894.default\searchplugins\icqplugin-7.xml
[2011.12.23 18:47:20 | 000,000,950 | ---- | M] () -- C:\Users\Marius\AppData\Roaming\Mozilla\Firefox\Profiles\pi3mj894.default\searchplugins\icqplugin-8.xml
[2012.02.04 13:20:42 | 000,000,950 | ---- | M] () -- C:\Users\Marius\AppData\Roaming\Mozilla\Firefox\Profiles\pi3mj894.default\searchplugins\icqplugin-9.xml
[2011.03.28 19:48:19 | 000,001,056 | ---- | M] () -- C:\Users\Marius\AppData\Roaming\Mozilla\Firefox\Profiles\pi3mj894.default\searchplugins\icqplugin.xml
[2012.05.13 12:15:34 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.07.29 18:26:30 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.02.18 17:36:45 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012.05.13 12:15:28 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.05.13 12:15:28 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.05.13 12:15:28 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.05.13 12:15:28 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.05.13 12:15:28 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.05.13 12:15:28 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
========== Chrome ==========
CHR - homepage: hxxp://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: hxxp://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Marius\AppData\Local\Google\Chrome\Application\20.0.1132.57\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.180.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll
CHR - plugin: Java(TM) Platform SE 6 U18 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Marius\AppData\Local\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Marius\AppData\Local\Google\Chrome\Application\20.0.1132.57\pdf.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Marius\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Marius\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\Marius\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: DivX HiQ = C:\Users\Marius\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae\2.1.1.94_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Marius\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.1.94_1\
CHR - Extension: Google Mail = C:\Users\Marius\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKU\S-1-5-21-798133272-3179726713-1750540518-1000\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll ()
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [MobileConnect] C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Vodafone)
O4 - HKU\S-1-5-21-798133272-3179726713-1750540518-1000..\Run: [ISUSPM] C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe (Macrovision Corporation)
O4 - HKU\S-1-5-21-798133272-3179726713-1750540518-1000..\Run: [Spotify] C:\Users\Marius\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd)
O4 - HKU\S-1-5-21-798133272-3179726713-1750540518-1000..\Run: [Spotify Web Helper] C:\Users\Marius\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe ()
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{118F6703-CEE9-4AF6-BE71-19D8DB6FD7D2}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1F4B3D3D-B15D-460E-B8F9-4CCA8D63D52F}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2B1BCE0D-CE04-48E4-A469-8DFB19AD2F05}: DhcpNameServer = 139.7.30.125 139.7.30.126
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D11AFF02-7499-4C2E-9291-C18432752CAA}: DhcpNameServer = 139.7.30.125 139.7.30.126
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O31 - SafeBoot: UseAlternatShell - 1
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008.08.21 11:50:32 | 000,000,672 | RH-- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O33 - MountPoints2\{6176f7ee-442b-11e0-8ba4-00222002f48e}\Shell - "" = AutoRun
O33 - MountPoints2\{6176f7ee-442b-11e0-8ba4-00222002f48e}\Shell\AutoRun\command - "" = F:\autorun.exe
O33 - MountPoints2\{70c1fb97-daab-11df-b9e0-00222002f48e}\Shell - "" = AutoRun
O33 - MountPoints2\{70c1fb97-daab-11df-b9e0-00222002f48e}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{70c1fbfb-daab-11df-b9e0-00222002f48e}\Shell - "" = AutoRun
O33 - MountPoints2\{70c1fbfb-daab-11df-b9e0-00222002f48e}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{91280240-b224-11e0-8951-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{91280240-b224-11e0-8951-806e6f6e6963}\Shell\AutoRun\command - "" = J:\setup.exe
O33 - MountPoints2\{98f858a2-abe8-11e1-a96a-00222002f48e}\Shell - "" = AutoRun
O33 - MountPoints2\{98f858a2-abe8-11e1-a96a-00222002f48e}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{a6bf23b7-b082-11e0-8260-00222002f48e}\Shell - "" = AutoRun
O33 - MountPoints2\{a6bf23b7-b082-11e0-8260-00222002f48e}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{ac9c2a19-ad4f-11e0-9199-00222002f48e}\Shell - "" = AutoRun
O33 - MountPoints2\{ac9c2a19-ad4f-11e0-9199-00222002f48e}\Shell\AutoRun\command - "" = H:\StartVMCLite.exe
O33 - MountPoints2\{ac9c2a46-ad4f-11e0-9199-00222002f48e}\Shell - "" = AutoRun
O33 - MountPoints2\{ac9c2a46-ad4f-11e0-9199-00222002f48e}\Shell\AutoRun\command - "" = H:\StartVMCLite.exe
O33 - MountPoints2\{d254c5db-cfd1-11e0-bb84-00222002f48e}\Shell - "" = AutoRun
O33 - MountPoints2\{d254c5db-cfd1-11e0-bb84-00222002f48e}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\Start.hta
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 60 Days ==========
[2012.08.31 11:59:10 | 000,598,528 | ---- | C] (OldTimer Tools) -- C:\Users\Marius\Desktop\OTL.exe
[2012.08.02 23:18:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GridinSoft Trojan Killer
[2012.07.31 15:30:58 | 000,000,000 | ---D | C] -- C:\Users\Marius\AppData\Roaming\Malwarebytes
[2012.07.31 15:30:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.07.11 21:52:43 | 002,345,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012.07.11 21:46:35 | 000,219,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
[2012.07.11 21:46:29 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml3r.dll
[2012.07.11 21:46:26 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdosys.dll
========== Files - Modified Within 60 Days ==========
[2012.08.31 12:25:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.08.31 12:25:34 | 1407,991,808 | -HS- | M] () -- C:\hiberfil.sys
[2012.08.31 11:58:26 | 004,232,228 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.08.31 11:58:26 | 001,685,642 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.08.31 11:58:26 | 001,271,372 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.08.31 11:58:26 | 001,135,364 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.08.31 11:53:06 | 004,503,728 | ---- | M] () -- C:\ProgramData\ras_0oed.pad
[2012.08.31 11:44:36 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Users\Marius\Desktop\OTL.exe
[2012.08.31 11:25:43 | 000,020,480 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.08.31 11:25:43 | 000,020,480 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.08.31 11:23:33 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.08.31 11:23:27 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.08.31 11:23:27 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012.08.02 23:21:55 | 000,001,101 | ---- | M] () -- C:\Users\Public\Desktop\Trojan Killer.lnk
[2012.08.02 23:11:34 | 024,595,840 | ---- | M] () -- C:\Users\Marius\Desktop\GridinSoft-Trojan-Killer-2.1.1.9--incl-Crack.rar
[2012.07.31 13:31:15 | 000,001,887 | ---- | M] () -- C:\Users\Marius\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
[2012.07.31 13:03:01 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-798133272-3179726713-1750540518-1000UA.job
[2012.07.29 17:01:01 | 000,000,476 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for Marius.job
[2012.07.29 11:06:24 | 000,002,407 | ---- | M] () -- C:\Users\Marius\Desktop\Google Chrome.lnk
[2012.07.29 11:03:05 | 000,001,072 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-798133272-3179726713-1750540518-1000Core.job
[2012.07.12 14:46:25 | 000,289,720 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
========== Files Created - No Company Name ==========
[2012.08.02 23:18:55 | 000,001,101 | ---- | C] () -- C:\Users\Public\Desktop\Trojan Killer.lnk
[2012.08.02 23:18:24 | 024,595,840 | ---- | C] () -- C:\Users\Marius\Desktop\GridinSoft-Trojan-Killer-2.1.1.9--incl-Crack.rar
[2012.07.31 13:31:15 | 004,503,728 | ---- | C] () -- C:\ProgramData\ras_0oed.pad
[2012.07.31 13:31:15 | 000,001,887 | ---- | C] () -- C:\Users\Marius\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
[2011.10.29 19:17:11 | 000,000,034 | ---- | C] () -- C:\Windows\ACTIVITY.INI
[2011.06.24 15:05:35 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2011.06.24 15:03:53 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011.05.09 16:46:04 | 000,000,000 | ---- | C] () -- C:\Windows\System32\Access.dat
[2011.05.05 17:18:31 | 001,089,536 | ---- | C] () -- C:\Users\Marius\fbchathistory.dat
[2010.07.24 20:53:03 | 000,138,056 | ---- | C] () -- C:\Users\Marius\AppData\Roaming\PnkBstrK.sys
[2010.07.22 17:49:20 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.03.15 20:15:34 | 000,156,430 | R--- | C] () -- C:\ProgramData\DeviceManager.xml.rc4
========== LOP Check ==========
[2011.05.09 18:07:06 | 000,000,000 | ---D | M] -- C:\Users\Marius\AppData\Roaming\.minecraft
[2011.07.22 14:25:42 | 000,000,000 | ---D | M] -- C:\Users\Marius\AppData\Roaming\DAEMON Tools Lite
[2012.01.28 22:28:11 | 000,000,000 | ---D | M] -- C:\Users\Marius\AppData\Roaming\Doikhy
[2012.01.21 23:40:56 | 000,000,000 | ---D | M] -- C:\Users\Marius\AppData\Roaming\Dozav
[2011.09.19 22:32:51 | 000,000,000 | ---D | M] -- C:\Users\Marius\AppData\Roaming\ICQ
[2011.05.09 15:35:37 | 000,000,000 | ---D | M] -- C:\Users\Marius\AppData\Roaming\ManyCam
[2010.12.01 11:32:39 | 000,000,000 | ---D | M] -- C:\Users\Marius\AppData\Roaming\OpenOffice.org
[2012.08.31 11:54:49 | 000,000,000 | ---D | M] -- C:\Users\Marius\AppData\Roaming\Spotify
[2011.05.09 22:07:08 | 000,000,000 | ---D | M] -- C:\Users\Marius\AppData\Roaming\Tunngle
[2011.07.17 16:59:21 | 000,000,000 | ---D | M] -- C:\Users\Marius\AppData\Roaming\Vodafone
[2012.06.01 13:33:41 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
< End of report >
31.08.2012, 12:36
) befallen ist.
Baum-Darstellung