| |
| |||||||
Log-Analyse und Auswertung: Der nächste mit dem GVU-Trojaner...Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
04.09.2012, 10:28
| #1 |
| |  Der nächste mit dem GVU-Trojaner... Hallo zusammen, auch mich hat es gestern leider erwischt. Der GVU-Trojaner legt bei bestehender Internetverbindung den Rechner lahm, bei gekapptem Internet habe ich festgestellt, dass der TaskManager nicht öffnet. Schon im Voraus vielen Dank für euer Bemühen. Hier die beiden OTL-Files. OTl.txt Code:
ATTFilter OTL logfile created on: 9/4/2012 11:10:41 AM - Run 1 OTL by OldTimer - Version 3.2.60.0 Folder = C:\Users\Johannes\Desktop Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2.97 Gb Total Physical Memory | 2.23 Gb Available Physical Memory | 75.34% Memory free 5.93 Gb Paging File | 4.97 Gb Available in Paging File | 83.93% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files Drive C: | 148.72 Gb Total Space | 107.29 Gb Free Space | 72.15% Space Free | Partition Type: NTFS Drive D: | 301.95 Gb Total Space | 81.45 Gb Free Space | 26.98% Space Free | Partition Type: NTFS Drive F: | 15.06 Gb Total Space | 3.53 Gb Free Space | 23.46% Space Free | Partition Type: NTFS Computer Name: JOHANNES-LAPTOP | User Name: Johannes | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Johannes\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Installationen\AntiVir\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Installationen\AntiVir\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Installationen\AntiVir\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Installationen\AntiVir\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Installationen\PhonoStar\phonostarTimer.exe () PRC - C:\Installationen\OpenOffice\OpenOffice.org 3\program\soffice.bin (OpenOffice.org) PRC - C:\Installationen\OpenOffice\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) PRC - C:\Installationen\Winamp\winampa.exe (Nullsoft, Inc.) PRC - C:\Installationen\vpn-Client\cvpnd.exe (Cisco Systems, Inc.) PRC - C:\Installationen\CD_Burner\NMSAccessU.exe () PRC - C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe (Samsung Electronics Co., Ltd.) PRC - C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe (SAMSUNG Electronics) PRC - C:\Windows\System32\atieclxx.exe (AMD) PRC - C:\Windows\System32\atiesrxx.exe (AMD) PRC - C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe (Samsung Electronics Co., Ltd.) PRC - C:\Windows\Samsung\PanelMgr\SSMMgr.exe () PRC - C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe (SEC) PRC - C:\Program Files\LSI SoftModem\agrsmsvc.exe (LSI Corporation) PRC - C:\Windows\System32\Rezip.exe () PRC - C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation) ========== Modules (No Company Name) ========== MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\a501b7960f6c6e2e39162b83f3303aaa\System.Web.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll () MOD - C:\windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll () MOD - C:\windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\Installationen\PhonoStar\phonostarTimer.exe () MOD - C:\Installationen\PhonoStar\QtCore4.dll () MOD - C:\Installationen\PhonoStar\plugins\sqldrivers\qsqlite4.dll () MOD - C:\Installationen\PhonoStar\QtSql4.dll () MOD - C:\Installationen\PhonoStar\QtGui4.dll () MOD - C:\Installationen\OpenOffice\OpenOffice.org 3\program\libxml2.dll () MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager2.Graphics.Wizard\2.0.3531.38598__90ba9c70f846762e\CLI.Aspect.DisplaysManager2.Graphics.Wizard.dll () MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3531.38570__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll () MOD - C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3531.38481__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll () MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3531.38537__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll () MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3531.38501__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll () MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3531.38538__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll () MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3531.38551__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll () MOD - C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3531.38490__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll () MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3531.38533__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll () MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3531.38537__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll () MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3531.38571__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll () MOD - C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3531.38495__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll () MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3531.38524__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll () MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3531.38490__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll () MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard\2.0.3531.38570__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard.dll () MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime\2.0.3531.38569__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.dll () MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3531.38546__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll () MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager2.Graphics.Dashboard\2.0.3531.38595__90ba9c70f846762e\CLI.Aspect.DisplaysManager2.Graphics.Dashboard.dll () MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3531.38526__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll () MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3531.38502__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll () MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3531.38501__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll () MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3531.38530__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll () MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3531.38525__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll () MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3531.38530__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll () MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3531.38505__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll () MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.3531.38532__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll () MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.3531.38506__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.dll () MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3531.38531__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll () MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3531.38525__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll () MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3531.38520__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll () MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll () MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3531.38524__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll () MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3531.38525__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll () MOD - C:\windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3498.37534__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll () MOD - C:\windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3498.37533__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll () MOD - C:\windows\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3498.37558__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll () MOD - C:\windows\assembly\GAC_MSIL\AEM.Plugin.REG.Shared\2.0.3498.37615__90ba9c70f846762e\AEM.Plugin.REG.Shared.dll () MOD - C:\windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3498.37612__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll () MOD - C:\windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3498.37554__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll () MOD - C:\windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3498.37610__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll () MOD - C:\windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll () MOD - C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3498.37541__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll () MOD - C:\windows\assembly\GAC_MSIL\CLI.Foundation\2.0.3498.37518__90ba9c70f846762e\CLI.Foundation.dll () MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3498.37582__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll () MOD - C:\windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll () MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3498.37603__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll () MOD - C:\windows\assembly\GAC_MSIL\LOG.Foundation\2.0.3498.37515__90ba9c70f846762e\LOG.Foundation.dll () MOD - C:\windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3498.37517__90ba9c70f846762e\NEWAEM.Foundation.dll () MOD - C:\windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3498.37674__90ba9c70f846762e\CLI.Foundation.XManifest.dll () MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Shared\2.0.3498.37602__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.dll () MOD - C:\windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3498.37536__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll () MOD - C:\windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3498.37540__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll () MOD - C:\windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3498.37526__90ba9c70f846762e\CLI.Component.Client.Shared.dll () MOD - C:\windows\assembly\GAC_MSIL\MOM.Foundation\2.0.3498.37551__90ba9c70f846762e\MOM.Foundation.dll () MOD - C:\windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll () MOD - C:\windows\assembly\GAC_MSIL\DEM.Graphics\2.0.3498.37571__90ba9c70f846762e\DEM.Graphics.dll () MOD - C:\windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll () MOD - C:\windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3498.37544__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll () MOD - C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3498.37574__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll () MOD - C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3498.37547__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll () MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3498.37583__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll () MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3498.37579__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll () MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3498.37557__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll () MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3498.37575__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll () MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3498.37572__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll () MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3498.37580__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll () MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3498.37555__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll () MOD - C:\windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Implementation\2.0.3531.38593__90ba9c70f846762e\ResourceManagement.Foundation.Implementation.dll () MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3498.37578__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll () MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3498.37577__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll () MOD - C:\windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3531.38575__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll () MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3498.37582__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll () MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3498.37552__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll () MOD - C:\windows\assembly\GAC_MSIL\APM.Foundation\2.0.3498.37553__90ba9c70f846762e\APM.Foundation.dll () MOD - C:\windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3498.37535__90ba9c70f846762e\AEM.Server.Shared.dll () MOD - C:\windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3531.38478__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll () MOD - C:\windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3531.38565__90ba9c70f846762e\MOM.Implementation.dll () MOD - C:\windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3498.37528__90ba9c70f846762e\LOG.Foundation.Private.dll () MOD - C:\windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Private\2.0.3498.37531__90ba9c70f846762e\ResourceManagement.Foundation.Private.dll () MOD - C:\windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3498.37547__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll () MOD - C:\windows\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3531.38559__90ba9c70f846762e\CLI.Component.Systemtray.dll () MOD - C:\windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3531.38495__90ba9c70f846762e\CLI.Component.Wizard.dll () MOD - C:\windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3531.38563__90ba9c70f846762e\LOG.Foundation.Implementation.dll () MOD - C:\windows\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3531.38480__90ba9c70f846762e\CLI.Component.SkinFactory.dll () MOD - C:\windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3498.37546__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll () MOD - C:\windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3498.37522__90ba9c70f846762e\CLI.Foundation.Private.dll () MOD - C:\windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3498.37548__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll () MOD - C:\windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3531.38479__90ba9c70f846762e\CLI.Component.Runtime.dll () MOD - C:\windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3531.38486__90ba9c70f846762e\CLI.Component.Dashboard.dll () MOD - C:\windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3498.37538__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll () MOD - C:\windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3498.37549__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll () MOD - C:\windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll () MOD - C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3498.37585__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll () MOD - C:\windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3531.38565__90ba9c70f846762e\CCC.Implementation.dll () MOD - C:\windows\assembly\GAC_MSIL\APM.Server\2.0.3531.38477__90ba9c70f846762e\APM.Server.dll () MOD - C:\windows\assembly\GAC_MSIL\AEM.Server\2.0.3531.38478__90ba9c70f846762e\AEM.Server.dll () MOD - C:\Installationen\FileZilla\fzshellext.dll () MOD - C:\Windows\Samsung\PanelMgr\SSMMgr.exe () MOD - C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll () MOD - C:\Program Files\Samsung\Easy Display Manager\HookDllPS2.dll () ========== Services (SafeList) ========== SRV - (AntiVirSchedulerService) -- C:\Installationen\AntiVir\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Installationen\AntiVir\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (CVPND) -- C:\Installationen\vpn-Client\cvpnd.exe (Cisco Systems, Inc.) SRV - (NMSAccessU) -- C:\Installationen\CD_Burner\NMSAccessU.exe () SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SRV - (AgereModemAudio) -- C:\Program Files\LSI SoftModem\agrsmsvc.exe (LSI Corporation) SRV - (Rezip) -- C:\Windows\System32\Rezip.exe () SRV - (BcmSqlStartupSvc) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (DgiVecp) -- C:\windows\system32\Drivers\DgiVecp.sys File not found DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH) DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.) DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys () DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys () DRV - (CVPNDRVA) -- C:\Windows\System32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.) DRV - (StarOpen) -- C:\windows\System32\drivers\StarOpen.sys () DRV - (yukonw7) -- C:\Windows\System32\drivers\yk62x86.sys () DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (LSI Corporation) DRV - (SSPORT) -- C:\Windows\System32\drivers\SSPORT.SYS (Samsung Electronics) DRV - (DNE) -- C:\Windows\System32\drivers\dne2000.sys (Deterministic Networks, Inc.) DRV - (CVirtA) -- C:\Windows\System32\drivers\CVirtA.sys (Cisco Systems, Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1393878847-3825134562-3829623230-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn IE - HKU\S-1-5-21-1393878847-3825134562-3829623230-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn IE - HKU\S-1-5-21-1393878847-3825134562-3829623230-1000\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKU\S-1-5-21-1393878847-3825134562-3829623230-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-1393878847-3825134562-3829623230-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "YouTube" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32_11_3_300_270.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Installationen\Firefox11\components [2012/08/31 10:28:34 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Installationen\Firefox11\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.0.1\extensions\\Components: C:\Installationen\Thunderbird\components [2010/12/11 17:29:43 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.0.1\extensions\\Plugins: C:\Installationen\Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Installationen\Firefox11\components [2012/08/31 10:28:34 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Installationen\Firefox11\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 3.0.11\extensions\\Components: C:\Installationen\Thunderbird\components [2010/12/11 17:29:43 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 3.0.11\extensions\\Plugins: C:\Installationen\Thunderbird\plugins [2011/04/24 14:40:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Johannes\AppData\Roaming\mozilla\Extensions [2010/02/17 16:39:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Johannes\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2012/07/26 10:13:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Johannes\AppData\Roaming\mozilla\Firefox\Profiles\csn4b5ew.default\extensions [2011/10/15 11:58:52 | 000,000,000 | ---D | M] (dp Launcher Plugin) -- C:\Users\Johannes\AppData\Roaming\mozilla\Firefox\Profiles\csn4b5ew.default\extensions\dplauncher@digitalpublishing.de [2012/06/22 12:59:37 | 000,000,000 | ---D | M] (LavaFox V2) -- C:\Users\Johannes\AppData\Roaming\mozilla\Firefox\Profiles\csn4b5ew.default\extensions\info@djzig.com [2012/06/21 14:25:12 | 000,000,000 | ---D | M] (BlackFox V2) -- C:\Users\Johannes\AppData\Roaming\mozilla\Firefox\Profiles\csn4b5ew.default\extensions\zigboom@hotmail.com [2011/04/25 18:35:23 | 000,004,140 | ---- | M] () -- C:\Users\Johannes\AppData\Roaming\Mozilla\Firefox\Profiles\csn4b5ew.default\searchplugins\youtube.xml [2011/10/29 18:05:02 | 000,434,392 | ---- | M] () (No name found) -- C:\USERS\JOHANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\CSN4B5EW.DEFAULT\EXTENSIONS\{D4DD63FA-01E4-46A7-B6B1-EDAB7D6AD389}.XPI [2012/07/02 22:31:56 | 000,009,284 | ---- | M] () (No name found) -- C:\USERS\JOHANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\CSN4B5EW.DEFAULT\EXTENSIONS\LINKLOCATIONBAR@GNT.DE.XPI O1 HOSTS File: ([2009/06/10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4 - HKLM..\Run: [avgnt] C:\Installationen\AntiVir\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [Logitech Download Assistant] C:\windows\System32\LogiLDA.dll (Logitech, Inc.) O4 - HKLM..\Run: [Samsung PanelMgr] C:\windows\Samsung\PanelMgr\ssmmgr.exe () O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [WinampAgent] C:\Installationen\Winamp\winampa.exe (Nullsoft, Inc.) O4 - HKU\S-1-5-21-1393878847-3825134562-3829623230-1000..\Run: [Miranda Fusion] C:\Installationen\Miranda_Fusion_3\fusiontools\mfstart.exe (Miranda Fusion Team) O4 - HKU\S-1-5-21-1393878847-3825134562-3829623230-1000..\Run: [phonostarTimer] C:\Installationen\PhonoStar\phonostarTimer.exe () O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - Startup: C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Installationen\OpenOffice\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.5.1) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.5.1) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E127B983-48FB-47F8-82C3-8AC8049917F9}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012/09/04 11:02:07 | 000,599,040 | ---- | C] (OldTimer Tools) -- C:\Users\Johannes\Desktop\OTL.exe [2012/08/15 13:36:04 | 000,627,712 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeeds.dll [2012/08/15 13:36:03 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mshtml.tlb [2012/08/15 13:36:03 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieui.dll [2012/08/15 13:36:03 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\url.dll [2012/08/15 13:36:03 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jsproxy.dll [2012/08/15 13:35:48 | 002,345,984 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\win32k.sys [2012/08/15 13:35:47 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\browcli.dll [2012/08/09 15:41:51 | 000,000,000 | ---D | C] -- C:\Users\Johannes\v80 ========== Files - Modified Within 30 Days ========== [2012/09/04 10:55:09 | 000,599,040 | ---- | M] (OldTimer Tools) -- C:\Users\Johannes\Desktop\OTL.exe [2012/09/04 10:24:17 | 000,015,012 | ---- | M] () -- C:\Users\Johannes\cc_20120904_102357.reg [2012/09/04 10:20:28 | 000,014,512 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/09/04 10:20:28 | 000,014,512 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/09/04 10:16:37 | 000,700,836 | ---- | M] () -- C:\windows\System32\perfh007.dat [2012/09/04 10:16:37 | 000,653,898 | ---- | M] () -- C:\windows\System32\perfh009.dat [2012/09/04 10:16:37 | 000,149,920 | ---- | M] () -- C:\windows\System32\perfc007.dat [2012/09/04 10:16:37 | 000,121,090 | ---- | M] () -- C:\windows\System32\perfc009.dat [2012/09/04 10:12:50 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2012/09/04 10:12:41 | 2388,086,784 | -HS- | M] () -- C:\hiberfil.sys [2012/09/03 19:52:24 | 004,503,728 | ---- | M] () -- C:\ProgramData\nud0repor.pad [2012/09/01 14:50:57 | 000,001,893 | ---- | M] () -- C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk [2012/08/31 11:41:21 | 000,297,418 | ---- | M] () -- C:\Users\Johannes\280_Führerstand3.jpg [2012/08/31 11:41:09 | 000,312,037 | ---- | M] () -- C:\Users\Johannes\280_Führerstand2.jpg [2012/08/16 13:08:14 | 000,429,320 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT [2012/08/10 21:11:22 | 000,006,656 | ---- | M] () -- C:\Users\Johannes\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012/08/08 15:05:54 | 000,170,953 | ---- | M] () -- C:\Users\Johannes\Zwischenablage01.jpg [2012/08/08 14:44:12 | 000,464,306 | ---- | M] () -- C:\Users\Johannes\280_Führerstand.jpg [2012/08/07 14:32:11 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerApp.exe [2012/08/07 14:32:11 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerCPLApp.cpl ========== Files Created - No Company Name ========== [2012/09/04 10:24:09 | 000,015,012 | ---- | C] () -- C:\Users\Johannes\cc_20120904_102357.reg [2012/09/01 14:50:57 | 004,503,728 | ---- | C] () -- C:\ProgramData\nud0repor.pad [2012/09/01 14:50:57 | 000,001,893 | ---- | C] () -- C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk [2012/08/31 11:41:21 | 000,297,418 | ---- | C] () -- C:\Users\Johannes\280_Führerstand3.jpg [2012/08/31 11:41:09 | 000,312,037 | ---- | C] () -- C:\Users\Johannes\280_Führerstand2.jpg [2012/08/08 15:05:54 | 000,170,953 | ---- | C] () -- C:\Users\Johannes\Zwischenablage01.jpg [2012/08/08 14:44:12 | 000,464,306 | ---- | C] () -- C:\Users\Johannes\280_Führerstand.jpg [2012/06/07 11:01:30 | 000,037,665 | ---- | C] () -- C:\Users\Johannes\Verzeichnis_Zusatz.pdf [2011/07/21 17:27:32 | 000,001,547 | ---- | C] () -- C:\windows\wininit.ini [2011/07/21 17:27:01 | 000,069,632 | ---- | C] () -- C:\windows\RAUNINST.EXE [2011/05/22 13:04:07 | 3192,264,704 | ---- | C] () -- C:\Users\Johannes\de_windows_7_professional_x64_dvd.iso [2011/05/22 12:56:55 | 2463,242,240 | ---- | C] () -- C:\Users\Johannes\de_windows_7_professional_x86_dvd_x15-65812.iso [2011/01/16 14:21:25 | 000,032,433 | ---- | C] () -- C:\Users\Johannes\Franken.pdf [2010/09/13 11:11:16 | 000,482,408 | ---- | C] () -- C:\windows\ssndii.exe [2010/09/13 11:10:28 | 000,026,624 | ---- | C] () -- C:\windows\System32\ssp4ml3.dll [2010/08/04 17:34:18 | 000,006,656 | ---- | C] () -- C:\Users\Johannes\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010/02/18 16:06:58 | 000,000,642 | ---- | C] () -- C:\Users\Johannes\Eigene Musik.lnk [2010/02/18 15:30:32 | 000,000,642 | ---- | C] () -- C:\Users\Johannes\Eigene Fotos.lnk [2010/02/17 14:56:27 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe ========== LOP Check ========== [2010/02/17 15:42:51 | 000,000,000 | -HSD | M] -- C:\Users\Johannes\AppData\Roaming\.# [2010/02/17 17:37:28 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\Canneverbe Limited [2010/11/02 17:03:23 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\CoCreate [2012/05/12 15:34:23 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\Dev-Cpp [2011/10/15 11:58:54 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\digital publishing [2012/07/03 17:52:10 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\FileZilla [2010/03/20 18:21:23 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\Foxit Software [2012/03/10 17:29:36 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\gtk-2.0 [2011/10/26 12:54:13 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\Miranda Fusion [2011/06/30 19:50:38 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\mkvtoolnix [2010/02/18 13:29:29 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\OpenOffice.org [2010/09/17 11:15:37 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\phonostar GmbH [2012/08/12 02:19:59 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\phonostar-Player [2010/02/17 16:39:02 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\Thunderbird [2012/05/12 15:37:54 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\Ubisoft [2012/08/07 16:27:26 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\Youtube Downloader HD [2012/08/17 13:54:28 | 000,032,632 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 9/4/2012 11:10:41 AM - Run 1
OTL by OldTimer - Version 3.2.60.0 Folder = C:\Users\Johannes\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2.97 Gb Total Physical Memory | 2.23 Gb Available Physical Memory | 75.34% Memory free
5.93 Gb Paging File | 4.97 Gb Available in Paging File | 83.93% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 148.72 Gb Total Space | 107.29 Gb Free Space | 72.15% Space Free | Partition Type: NTFS
Drive D: | 301.95 Gb Total Space | 81.45 Gb Free Space | 26.98% Space Free | Partition Type: NTFS
Drive F: | 15.06 Gb Total Space | 3.53 Gb Free Space | 23.46% Space Free | Partition Type: NTFS
Computer Name: JOHANNES-LAPTOP | User Name: Johannes | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-1393878847-3825134562-3829623230-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Installationen\Firefox11\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Installationen\vlc_Player\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Installationen\vlc_Player\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Installationen\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Installationen\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Installationen\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{09AB10EE-BA37-4354-9811-ECE17ABC06FC}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{0F316849-29FF-4DD3-9548-D53A40A1FCDA}" = lport=2869 | protocol=6 | dir=in | app=system |
"{1E129319-1524-4A9D-A1D2-078270F6F7AB}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2A7887CE-13C0-4665-B049-C168ECBA4D34}" = lport=139 | protocol=6 | dir=in | app=system |
"{4350C3D7-6918-4CC4-896F-685DFE74835D}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{4A6723CC-C46E-4316-9D99-AC3FA0106400}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4B9A5E0B-0B04-4196-8C9B-33010C732803}" = lport=445 | protocol=6 | dir=in | app=system |
"{5177CF10-FE8D-4DA4-B0C6-615DB361B330}" = rport=139 | protocol=6 | dir=out | app=system |
"{56B5375F-7C3D-4F9B-847F-6FF0D3F6B59C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6BC1C2A3-672A-45FD-BDE9-32CDFBC8F276}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{7107B8C4-A638-4D2A-A54A-AD57C87BDA6B}" = lport=138 | protocol=17 | dir=in | app=system |
"{72360054-CDD0-42BE-AB05-B623150912EF}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{947FB2D0-6171-4CA2-A092-98E4A1912277}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{95B559CB-F083-4733-BB8D-13FE0D9F40B0}" = rport=10243 | protocol=6 | dir=out | app=system |
"{9744F3E7-EE28-4BC8-9E36-DD9D87DBBCA1}" = rport=445 | protocol=6 | dir=out | app=system |
"{9A12306F-4C66-4F3C-AD70-F093A0F9825D}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9DA64B69-D911-436B-BA21-86EFB0DB6BE2}" = rport=138 | protocol=17 | dir=out | app=system |
"{C9F412F5-00B6-4FE8-BCF3-2BAC53E93994}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E43415F6-4C0F-4039-862D-D8A0A42BF535}" = rport=137 | protocol=17 | dir=out | app=system |
"{E6CD453A-0E9B-4B3C-9761-5F38DB0B15D7}" = lport=10243 | protocol=6 | dir=in | app=system |
"{EE55BCB0-5FCD-4869-9D54-69BCA99C50DA}" = lport=137 | protocol=17 | dir=in | app=system |
"{F03A5DDB-CFB8-4396-92C5-ABAEF3353BC7}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{FD8CC95A-1C7F-4D19-980B-1895ADC59426}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{027742A6-C173-4D09-BE70-86F0F04D101C}" = protocol=17 | dir=in | app=c:\installationen\miranda_fusion\miranda32.exe |
"{11B0D436-F7EB-4D98-95A4-E3D18AA5B4EB}" = protocol=17 | dir=in | app=d:\spiele\anno2070\autopatcher.exe |
"{1BDA39C1-6867-460F-B7C7-B884B4D9086F}" = protocol=6 | dir=in | app=c:\installationen\miranda_fusion\miranda32.exe |
"{2A2FC34B-3425-4E39-AE4E-61D9863F514C}" = protocol=6 | dir=in | app=c:\program files\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{2AE3209F-9AE6-451D-84B0-51FD1FAC2E2E}" = protocol=6 | dir=out | app=system |
"{2E381290-3356-4CE6-9B53-4041F26DA701}" = protocol=17 | dir=in | app=c:\installationen\miranda_fusion_3\fusiontools\updater.exe |
"{36C7FCEC-31C5-4719-B975-6C4FD07EF42A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3D7AA914-DF55-4272-9ACF-281B74A996FB}" = protocol=17 | dir=in | app=d:\spiele\anno2070\initengine.exe |
"{3DFD180D-A329-42E9-A573-23B5FAA63983}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 |
"{4071C946-296E-4C71-B544-1126818E34E1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{47FFF8A0-B4F1-4E4A-A29A-DEA721D5CD5A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{57011D5A-E8F7-4477-AFF7-D10E967AC24D}" = protocol=6 | dir=in | app=d:\spiele\anno2070\initengine.exe |
"{58AAB87F-AAE5-4C53-AED1-767889F55C66}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{5DB87843-8B98-45C0-8F03-0F288D675F6A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{61484C19-34AF-4808-8E0A-5E92D03759E6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{63C407E1-CABE-4A36-A93E-8CC4E030DD54}" = protocol=6 | dir=in | app=c:\installationen\miranda_fusion_3\miranda32.exe |
"{6CF847E8-AD4E-4819-9E01-DDFA2015630B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6E783A3C-8BFD-436A-A1EC-246223D1DB40}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{79B4B58E-5E3A-41DD-9618-D4AD5DE8BE4D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8188E256-607B-4D54-ABBF-DDEAF8E7FCEC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8AFEB3CB-9AC3-43B7-A2D8-963BD816A9E3}" = protocol=6 | dir=in | app=c:\installationen\miranda_fusion_3\fusiontools\updater.exe |
"{907266CF-3535-47F8-9C4D-00FE330F2BCE}" = protocol=17 | dir=in | app=c:\program files\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{93C8A943-A065-4174-9937-31C4E810B900}" = protocol=17 | dir=in | app=c:\installationen\miranda_fusion_3\miranda32.exe |
"{93FBBCBA-9DC0-4E62-90EA-4BFA3BDAA3FF}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{9A115448-12B3-48E4-A62A-5D6F884D74CD}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{9B530963-1B4F-4771-B1DF-A7907003E17A}" = protocol=6 | dir=in | app=d:\spiele\anno2070\anno5.exe |
"{A14ECB7B-8C17-45EB-92D5-A23C02649DC6}" = protocol=58 | dir=in | app=system |
"{C7FB6511-906B-4024-8E7A-8547A4B18C17}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{C816F42F-224C-4442-8A77-A8169B3D282D}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{CE65CCCE-057A-4AF4-BBFD-F9EE3AC52F82}" = protocol=6 | dir=in | app=d:\spiele\anno2070\autopatcher.exe |
"{DB49AC84-7FC1-47B8-823E-670F2D10468D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F0F6F728-8C68-414D-B948-32B0A132105F}" = dir=in | app=c:\installationen\skype\phone\skype.exe |
"{F5A50DBA-B60B-46C2-BA24-FF00D39DBDB7}" = protocol=17 | dir=in | app=d:\spiele\anno2070\anno5.exe |
"{FC588AE0-FCC2-4DE1-9D6D-41A131886217}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"TCP Query User{78938E09-2209-4E79-A8AE-D7086E9746BF}C:\installationen\miranda\miranda32.exe" = protocol=6 | dir=in | app=c:\installationen\miranda\miranda32.exe |
"TCP Query User{82654CC4-ED18-4E25-919F-3873A29CC035}C:\installationen\miranda_fusion_3\miranda32.exe" = protocol=6 | dir=in | app=c:\installationen\miranda_fusion_3\miranda32.exe |
"TCP Query User{84501DF9-4AE0-4EF1-AF40-FBA9DD3F1144}C:\installationen\miranda_3\miranda32.exe" = protocol=6 | dir=in | app=c:\installationen\miranda_3\miranda32.exe |
"TCP Query User{91E28D41-A032-45DF-8F5E-F0083ECB49DA}C:\installationen\phonostar\phonostar.exe" = protocol=6 | dir=in | app=c:\installationen\phonostar\phonostar.exe |
"TCP Query User{B8E5A64F-C425-47B9-8CFD-551EC2F1422C}C:\installationen\vlc_player\vlc.exe" = protocol=6 | dir=in | app=c:\installationen\vlc_player\vlc.exe |
"TCP Query User{E92090C5-3ED8-483E-AE00-FE41F33F47B8}C:\installationen\phonostar2plus\ps_olect.exe" = protocol=6 | dir=in | app=c:\installationen\phonostar2plus\ps_olect.exe |
"UDP Query User{35C1D8D6-769E-4649-B280-28A292406CAF}C:\installationen\vlc_player\vlc.exe" = protocol=17 | dir=in | app=c:\installationen\vlc_player\vlc.exe |
"UDP Query User{3A3D81FA-0602-4E12-A4E8-19D282CBBBFC}C:\installationen\phonostar2plus\ps_olect.exe" = protocol=17 | dir=in | app=c:\installationen\phonostar2plus\ps_olect.exe |
"UDP Query User{993D530C-A1B1-4E61-B23F-5135C3769161}C:\installationen\phonostar\phonostar.exe" = protocol=17 | dir=in | app=c:\installationen\phonostar\phonostar.exe |
"UDP Query User{A613417B-6F51-41B4-AE71-F8523AEB147C}C:\installationen\miranda_3\miranda32.exe" = protocol=17 | dir=in | app=c:\installationen\miranda_3\miranda32.exe |
"UDP Query User{CD258015-BE36-4136-8325-0AAA777285B2}C:\installationen\miranda\miranda32.exe" = protocol=17 | dir=in | app=c:\installationen\miranda\miranda32.exe |
"UDP Query User{DB521903-12D6-40A8-92F1-249A4887AC1E}C:\installationen\miranda_fusion_3\miranda32.exe" = protocol=17 | dir=in | app=c:\installationen\miranda_fusion_3\miranda32.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0138F525-6C8A-333F-A105-14AE030B9A54}" = Visual C++ 9.0 CRT (x86) WinSXS MSM
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{0613F79E-C012-BC98-6E9C-5A47AEE6D37A}" = CCC Help Korean
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{0A8CE3AA-99F2-5632-A8D2-636BE6CFE856}" = Catalyst Control Center Core Implementation
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution 4
"{1664EB8B-057B-0E23-7245-ECE92849FF4C}" = ccc-core-static
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{178EE5F4-0F86-4BF0-A0D1-9790AFF409D1}" = EasyBatteryManager
"{192A107E-C6B9-41B9-BDBF-38E3AA226054}" = OpenOffice.org 3.2
"{1DBD8607-39EE-B7F3-CDE6-A2095B0EE0C9}" = CCC Help Chinese Traditional
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20167022-64F2-4836-B9C9-1DBAA6721FD4}" = CCC Help Hungarian
"{204DD5C2-441A-DADC-E765-595B5C1EDE88}" = CCC Help Norwegian
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{218E2C0C-4740-DBCB-C8E8-D67201A6500A}" = CCC Help English
"{21E247D4-5E27-4BEA-AA4D-19A81203FE2A}" = Cisco Systems VPN Client 5.0.06.0160
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
"{26D20F5D-1D37-5BD1-34AB-6411AC34E2A9}" = ccc-utility
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{3501AF2D-A97E-F6DB-521A-4E64EAEF5BDC}" = CCC Help Thai
"{3A7C46AC-060B-6CBF-1862-969F79A5B758}" = CCC Help French
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3EB37B26-432C-467C-9FBC-9BDA0E6FBDD7}" = Catalyst Control Center InstallProxy
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{411429D5-83D1-2F9B-9F53-4524DCE99E6D}" = CCC Help Portuguese
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4cb9f93c-9edc-4be9-ae61-af128ddbecfa}" = Business Contact Manager für Outlook 2007 SP2
"{4D2121FE-5CCC-4D47-B3A0-BF56045A5099}" = Samsung Support Center
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{54FBC914-82D7-E646-2916-B3C6D320E0B4}" = Catalyst Control Center Graphics Previews Vista
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5D221DF2-F206-681F-75FE-1C7620BE69A7}" = CCC Help Greek
"{6848704E-C8D4-4F4F-9181-5926D4A11E98}" = ATI Catalyst Install Manager
"{6B9EFC04-713D-F238-E388-F3CDA52E7880}" = Catalyst Control Center Graphics Light
"{6CB778E6-693F-7A2A-C5AD-C7743500D249}" = CCC Help Turkish
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-114072167}" = Go-Go Gourmet
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115053100}" = Dairy Dash
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}" = Farm Frenzy 2
"{853F8A41-A3C9-43FA-87FA-1AE74FC6F3F7}" = BatteryLifeExtender
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D88074D-4378-C049-4264-EB3EE8AC155C}" = CCC Help Japanese
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{90A40407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{92D50865-FC60-4EA8-BA7A-5581B0D13EFB}" = ChargeableUSB
"{93E42FF5-065E-0D52-2777-8A1849CB8574}" = CCC Help Swedish
"{94D5097B-46D0-A1D9-8983-284E3C675CA9}" = Catalyst Control Center Localization All
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0122-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{961B4059-D1C0-43C8-095B-75A18BD0F8C8}" = CCC Help Polish
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B84A151-81CC-6133-D844-A189FDA1C34F}" = CCC Help Chinese Standard
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AE86495C-42F9-F5BE-E878-7798456A509A}" = CCC Help Spanish
"{B48E264C-C8CD-4617-B0BE-46E977BAD694}" = ANNO 2070
"{B660E0D0-A8CB-45A7-96FB-93E8C915A0B2}" = Easy Network Manager
"{B6D8DC8C-F077-4631-A221-4D5E1D8E87E7}" = Catalyst Control Center - Branding
"{B7493783-F638-BEAE-C8C7-665C5A03E652}" = CCC Help Dutch
"{B82ABF2C-CBD3-5528-26DF-F1161A2B34BF}" = Catalyst Control Center Graphics Full New
"{B9B1B5D9-F96D-0257-A23C-8EA9ACCCF8CB}" = CCC Help Czech
"{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide
"{C3181764-B8F3-A705-5362-86E37C476710}" = Catalyst Control Center Graphics Full Existing
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D1434266-0486-4469-B338-A60082CC04E1}" = Atheros Client Installation Program
"{D3F2FAA5-FEC4-42AA-9ABA-1F763919A2B5}" = Samsung Update Plus
"{DA146D61-5542-2F55-C5E4-49D26EBAAA5B}" = CCC Help Russian
"{DB0EF3C1-8AF4-1E28-267E-024999C11828}" = CCC Help Finnish
"{DBB62E6B-66F5-09D2-D2CC-C1877CDD9A8B}" = CCC Help Italian
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E5141E62-8A90-D9A1-EB2D-C4D0D9940D90}" = CCC Help German
"{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F293A67D-04BB-6960-5D13-13F158796960}" = CCC Help Danish
"{F2BC3383-F000-410C-A038-3846ADBE8D90}" = REALTEK Wireless LAN Software
"{F46E21DF-5BE1-48E2-8390-5EEA8B25E36A}" = Microsoft SQL Server Native Client
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FDE96E86-7780-431C-92F7-679C6A7CEC51}" = Microsoft SQL Server VSS Writer
"7-Zip" = 7-Zip 4.65
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"Business Contact Manager" = Business Contact Manager für Outlook 2007 SP2
"CCleaner" = CCleaner
"FileZilla Client" = FileZilla Client 3.2.7.1
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"IrfanView" = IrfanView (remove only)
"LSI Soft Modem" = LSI HDA Modem
"Marvell Miniport Driver" = Marvell Miniport Driver
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"MirandaFusion" = Miranda Fusion 3.1.15.1
"MKVtoolnix" = MKVtoolnix 4.8.0
"Mozilla Firefox 11.0 (x86 de)" = Mozilla Firefox 11.0 (x86 de)
"Mozilla Thunderbird (3.0.1)" = Mozilla Thunderbird (3.0.1)
"phonostar3RadioPlayer_is1" = phonostar-Player Version 3.01.8
"phonostarRadioPlayer_is1" = phonostar-Player Version 2.01.2
"Red Alert" = Red Alert Windows 95
"Samsung ML-191x 252x Series" = Wartung Samsung ML-191x 252x Series
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VLC media player" = VLC media player 1.1.4
"Winamp" = Winamp
"WinLiveSuite_Wave3" = Windows Live Essentials
"www.zusi.de/zusi3/demo_is1" = Zusi 3.0.2 (Beta-Demo)
"Youtube Downloader HD_is1" = Youtube Downloader HD v. 2.9.2
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-1393878847-3825134562-3829623230-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Mozilla Firefox 15.0 (x86 de)" = Mozilla Firefox 15.0 (x86 de)
"Mozilla Thunderbird (3.0.11)" = Mozilla Thunderbird (3.0.11)
"Winamp Detect" = Winamp Anwendungserkennung
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 7/15/2012 6:48:10 AM | Computer Name = Johannes-Laptop | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\Samsung\chargeableusb\vista_xp_driver\x64\KStartMem.exe.Manifest".
Die
abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 8/11/2012 3:45:43 PM | Computer Name = Johannes-Laptop | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Samsung\Samsung
Support Center\Drv\drv2x64\KStartMem.exe.Manifest". Die abhängige Assemblierung
"Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 8/11/2012 3:46:16 PM | Computer Name = Johannes-Laptop | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Samsung\BatteryLifeExtender\Drv\SABI2x64\KStartMem.exe.Manifest".
Die
abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 8/11/2012 3:47:49 PM | Computer Name = Johannes-Laptop | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\Samsung\chargeableusb\ChargeableUSB_64.exe".
Die
abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 8/11/2012 3:47:50 PM | Computer Name = Johannes-Laptop | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\Samsung\chargeableusb\vista_xp_driver\x64\KStartMem.exe.Manifest".
Die
abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 8/19/2012 4:51:34 AM | Computer Name = Johannes-Laptop | Source = Application Hang | ID = 1002
Description = Programm winamp.exe, Version 5.5.7.2830 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 620 Startzeit:
01cd7de7be0c0733 Endzeit: 24 Anwendungspfad: C:\Installationen\Winamp\winamp.exe Berichts-ID:
110c62de-e9db-11e1-ae1e-0024541e0db8
Error - 8/19/2012 6:35:17 AM | Computer Name = Johannes-Laptop | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Samsung\Samsung
Support Center\Drv\drv2x64\KStartMem.exe.Manifest". Die abhängige Assemblierung
"Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 8/19/2012 6:35:45 AM | Computer Name = Johannes-Laptop | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Samsung\BatteryLifeExtender\Drv\SABI2x64\KStartMem.exe.Manifest".
Die
abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 8/19/2012 6:37:07 AM | Computer Name = Johannes-Laptop | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\Samsung\chargeableusb\ChargeableUSB_64.exe".
Die
abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 8/19/2012 6:37:08 AM | Computer Name = Johannes-Laptop | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\Samsung\chargeableusb\vista_xp_driver\x64\KStartMem.exe.Manifest".
Die
abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
[ System Events ]
Error - 9/4/2012 4:13:49 AM | Computer Name = Johannes-Laptop | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error - 9/4/2012 4:13:50 AM | Computer Name = Johannes-Laptop | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error - 9/4/2012 4:13:51 AM | Computer Name = Johannes-Laptop | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error - 9/4/2012 4:13:52 AM | Computer Name = Johannes-Laptop | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error - 9/4/2012 4:13:52 AM | Computer Name = Johannes-Laptop | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error - 9/4/2012 4:13:53 AM | Computer Name = Johannes-Laptop | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error - 9/4/2012 5:08:49 AM | Computer Name = Johannes-Laptop | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden.
Error - 9/4/2012 5:08:50 AM | Computer Name = Johannes-Laptop | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden.
Error - 9/4/2012 5:08:50 AM | Computer Name = Johannes-Laptop | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden.
Error - 9/4/2012 5:08:51 AM | Computer Name = Johannes-Laptop | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden.
< End of report >
|
|
04.09.2012, 11:36
| #2 |
| /// Malware-holic   | Der nächste mit dem GVU-Trojaner... hi
__________________dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user. wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts. • Starte bitte die OTL.exe • Kopiere nun das Folgende in die Textbox. Code:
ATTFilter :OTL
[2012/09/01 14:50:57 | 000,001,893 | ---- | M] () -- C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
[2012/09/03 19:52:24 | 004,503,728 | ---- | M] () -- C:\ProgramData\nud0repor.pad
:Files
:Commands
[purity]
[EMPTYFLASH]
[emptytemp]
[Reboot]
• Schliesse bitte nun alle Programme. • Klicke nun bitte auf den Fix Button. • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen. • Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren. starte in den normalen modus.
__________________ |
|
04.09.2012, 16:43
| #3 |
| | Der nächste mit dem GVU-Trojaner... Ist erledigt. Echt der Wahnsinn, wie schnell hier einem geholfen wird.
__________________ Nach dem Neustart verbleiben folgende zwei Fenster (s. Screenshot). Hier der Inhalt des Textdokuments. Code:
ATTFilter All processes killed
========== OTL ==========
C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk moved successfully.
C:\ProgramData\nud0repor.pad moved successfully.
========== COMMANDS ==========
[EMPTYFLASH]
User: All Users
User: Default
User: Default User
User: Johannes
->Flash cache emptied: 7431 bytes
User: Public
Total Flash Files Cleaned = 0.00 mb
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Johannes
->Temp folder emptied: 4079278 bytes
->Temporary Internet Files folder emptied: 262664592 bytes
->Java cache emptied: 2300365 bytes
->FireFox cache emptied: 1142649828 bytes
->Flash cache emptied: 0 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1393427 bytes
RecycleBin emptied: 10261740758 bytes
Total Files Cleaned = 11,134.00 mb
OTL by OldTimer - Version 3.2.60.0 log created on 09042012_173132
Files\Folders moved on Reboot...
C:\Users\Johannes\AppData\Local\Temp\REGD1CF.tmp moved successfully.
C:\Users\Johannes\AppData\Local\Temp\roper0dun.exe moved successfully.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
 [/IMG]Wie geht es nun weiter? |
|
06.09.2012, 16:42
| #4 | |
| /// Malware-holic | Der nächste mit dem GVU-Trojaner... sorry, ich war gesundheitlich nicht ganz fitt und musste dann erst mal wieder alles aufarbeiten :-) Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!Downloade dir bitte Combofix von einem dieser Downloadspiegel Link 1 Link 2 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
07.09.2012, 09:09
| #5 |
| | Der nächste mit dem GVU-Trojaner... Et voila. Code:
ATTFilter ComboFix 12-09-06.04 - Johannes 07.09.2012 9:55.1.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.3037.1678 [GMT 2:00]
ausgeführt von:: c:\users\Johannes\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\FullRemove.exe
c:\users\Johannes\AppData\Roaming\.#
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-08-07 bis 2012-09-07 ))))))))))))))))))))))))))))))
.
.
2012-09-07 08:01 . 2012-09-07 08:01 -------- d-----w- c:\users\Johannes\AppData\Local\temp
2012-09-07 08:01 . 2012-09-07 08:01 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-07 07:52 . 2012-08-23 07:15 7022536 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B304551D-6722-4E7F-A079-22EE02E63542}\mpengine.dll
2012-09-06 09:10 . 2012-09-06 09:10 -------- d-----w- c:\program files\Common Files\Java
2012-09-06 09:10 . 2012-09-06 09:10 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-09-05 14:32 . 2012-07-06 19:23 393728 ----a-w- c:\windows\system32\drivers\bthport.sys
2012-09-05 14:31 . 2012-09-05 14:31 -------- d-----w- c:\program files\Common Files\Skype
2012-09-05 12:59 . 2012-09-05 12:59 -------- d-----w- c:\users\Johannes\AppData\Roaming\Malwarebytes
2012-09-05 12:59 . 2012-09-05 12:59 -------- d-----w- c:\programdata\Malwarebytes
2012-08-15 11:35 . 2012-07-18 17:47 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-08-15 11:35 . 2012-07-04 21:14 41984 ----a-w- c:\windows\system32\browcli.dll
2012-08-15 11:35 . 2012-07-04 21:14 102912 ----a-w- c:\windows\system32\browser.dll
2012-08-15 11:35 . 2012-05-14 04:33 769024 ----a-w- c:\windows\system32\localspl.dll
2012-08-09 13:41 . 2012-08-09 13:46 -------- d-----w- c:\users\Johannes\v80
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-06 10:10 . 2012-06-30 14:50 696520 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-09-06 10:10 . 2011-12-05 15:40 73416 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-06 09:10 . 2012-06-26 07:36 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-09-06 09:10 . 2010-06-09 08:33 746984 ----a-w- c:\windows\system32\deployJava1.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"phonostarTimer"="c:\installationen\PhonoStar\phonostarTimer.exe" [2010-08-25 40960]
"Miranda Fusion"="c:\installationen\Miranda_Fusion_3\fusiontools\mfstart.exe" [2012-06-12 1122241]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-09-01 98304]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-09-29 7744032]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-10-09 1578280]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-02-25 218408]
"WinampAgent"="c:\installationen\Winamp\winampa.exe" [2010-01-12 37888]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\ssmmgr.exe" [2009-08-14 614400]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2010-11-03 1246544]
"avgnt"="c:\installationen\AntiVir\Avira\AntiVir Desktop\avgnt.exe" [2012-08-08 348664]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
c:\users\Johannes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - c:\installationen\OpenOffice\OpenOffice.org 3\program\quickstart.exe [2009-12-15 384000]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
VPN Client.lnk - c:\windows\Installer\{21E247D4-5E27-4BEA-AA4D-19A81203FE2A}\Icon3E5562ED7.ico [2010-10-21 6144]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 SkypeUpdate;Skype Updater;c:\installationen\Skype\Updater\Updater.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\installationen\AntiVir\Avira\AntiVir Desktop\sched.exe [x]
S2 Rezip;Rezip;c:\windows\SYSTEM32\Rezip.exe [x]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2012-09-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-30 10:10]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Johannes\AppData\Roaming\Mozilla\Firefox\Profiles\csn4b5ew.default\
FF - prefs.js: browser.search.selectedEngine - YouTube
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
SafeBoot-mcmscsvc
SafeBoot-MCODS
AddRemove-LSI Soft Modem - c:\windows\agrsmdel
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-09-07 10:02:55
ComboFix-quarantined-files.txt 2012-09-07 08:02
.
Vor Suchlauf: 7 Verzeichnis(se), 118.104.035.328 Bytes frei
Nach Suchlauf: 10 Verzeichnis(se), 117.780.721.664 Bytes frei
.
- - End Of File - - BD5BAB1F7BE73665332575DB6817A438
|
|
07.09.2012, 13:59
| #6 |
| /// Malware-holic | Der nächste mit dem GVU-Trojaner... öffne Malwarebytes berichte, poste alle logs mit funden
__________________ --> Der nächste mit dem GVU-Trojaner... |
|
08.09.2012, 09:31
| #7 |
| | Der nächste mit dem GVU-Trojaner... Ebenfalls erledigt. Code:
ATTFilter Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.09.05.06 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 8.0.7601.17514 Johannes :: JOHANNES-LAPTOP [Administrator] 08.09.2012 10:02:15 mbam-log-2012-09-08 (10-02-15).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 312130 Laufzeit: 1 Stunde(n), 2 Minute(n), Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 7 C:\Users\Johannes\Downloads\TS\VT_DB103_betaE03.exe (Adware.Onlinegames) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Johannes\Downloads\TS\VT_DB103_Pack_ORa.exe (Adware.Onlinegames) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Johannes\Downloads\TS\VT_DB_E03pack1.exe (Adware.Onlinegames) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Johannes\Downloads\TS\ZSR_Bh.exe (Adware.Onlinegames) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\_OTL\MovedFiles\09042012_173132\C_Users\Johannes\AppData\Local\Temp\roper0dun.exe (Trojan.FakeMS) -> Erfolgreich gelöscht und in Quarantäne gestellt. D:\Spiele\Anno2070\solidcore32.dll (Trojan.Krypt) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk (Trojan.Ransom.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) |
|
08.09.2012, 11:56
| #8 |
| /// Malware-holic | Der nächste mit dem GVU-Trojaner... lade den CCleaner standard: CCleaner Download - CCleaner 3.22.1800 falls der CCleaner bereits instaliert, überspringen. instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen. hinter, jedes von dir benötigte programm, schreibe notwendig. hinter, jedes, von dir nicht benötigte, unnötig. hinter, dir unbekannte, unbekannt. liste posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
09.09.2012, 09:59
| #9 |
| | Der nächste mit dem GVU-Trojaner... Diese Dinge von Oberon Media, sind das diese Standard-Spiele von Windows? Microsoft Office, SQL-Server, und Visual C++ dürften schon ab Werk drauf gewesen sein... Code:
ATTFilter 7-Zip 4.65 05.03.2010 notwendig
Adobe Flash Player 11 Plugin Adobe Systems Incorporated 05.09.2012 6,00MB 11.4.402.265notwendig
Adobe Flash Player ActiveX Adobe Systems Incorporated 06.10.2009 9.0.124.0notwendig
Alice Greenfingers Oberon Media 16.02.2010unbekannt
Atheros Client Installation Program Atheros 26.02.2010 1.0.1.0805unbekannt
ATI Catalyst Install Manager ATI Technologies, Inc. 06.10.2009 13,8MB 3.0.741.0notwendig
Avira Free Antivirus Avira 07.08.2012 104,5MB 12.0.0.1167notwendig
BatteryLifeExtender Samsung 06.10.2009 14,6MB 1.0.1notwendig
Business Contact Manager für Outlook 2007 SP2 Microsoft Corporation 18.05.2012 3.0.8619.1unbekannt
CCleaner Piriform 16.09.2010 2.35notwendig
CDBurnerXP CDBurnerXP 16.02.2010 11,8MB 4.2.7.1893notwendig
ChargeableUSB SAMSUNG 06.10.2009 1.0.0.0notwendig
Cisco Systems VPN Client 5.0.06.0160 Cisco Systems, Inc. 20.10.2010 12,3MB 5.0.6notwendig
CyberLink YouCam CyberLink Corp. 16.02.2010 78,0MB 2.0.2907notwendig
Dairy Dash Oberon Media 16.02.2010 unbekannt
Easy Display Manager Samsung Electronics Co., Ltd. 06.10.2009 3.0notwendig
Easy Network Manager Samsung 06.10.2009 19,1MB 4.2.4notwendig
Easy SpeedUp Manager Samsung Electronics Co.,Ltd. 06.10.2009 3.0.0.4notwendig
EasyBatteryManager Samsung 06.10.2009 4.0.0.2notwendig
Farm Frenzy 2 Oberon Media 16.02.2010unbekannt
FileZilla Client 3.2.7.1 07.03.2012 3.2.7.1notwendig
Foxit Reader Foxit Corporation 06.09.2012 36,6MB 5.4.2.901notwendig
Go-Go Gourmet Oberon Media 16.02.2010unbekannt
Intel® Matrix Storage Manager Intel Corporation 06.10.2009unbekannt
IrfanView (remove only) 17.02.2010notwendig
Java 7 Update 7 Oracle 05.09.2012 128,3MB 7.0.70notwendig
Java(TM) 6 Update 31 Oracle 25.02.2012 95,1MB 6.0.310notwendig
JavaFX 2.1.1 Oracle Corporation 25.06.2012 20,9MB 2.1.1notwendig
Marvell Miniport Driver Marvell 06.10.2009 10.70.3.3unbekannt
Microsoft Office 2003 Web Components Microsoft Corporation 14.08.2012 71,0MB 11.0.8003.0unbekannt
Microsoft Office 2007 Primary Interop Assemblies Microsoft Corporation 16.02.2010 7,19MB 12.0.4518.1014unbekannt
Microsoft Office Live Add-in 1.3 Microsoft Corporation 16.02.2010 0,48MB 2.0.2313.0unbekannt
Microsoft Office Outlook Connector Microsoft Corporation 16.02.2010 6,13MB 12.0.6423.1000unbekannt
Microsoft Office Small Business Connectivity Components Microsoft Corporation 16.02.2010 0,16MB 2.0.7024.0unbekannt
Microsoft Silverlight Microsoft Corporation 05.09.2012 56,8MB 5.1.10411.0notwendig
Microsoft SQL Server 2005 Microsoft Corporation 18.05.2012unbekannt
Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Corporation 16.02.2010 1,72MB 3.1.0000unbekannt
Microsoft SQL Server Native Client Microsoft Corporation 18.05.2012 2,63MB 9.00.5000.00unbekannt
Microsoft SQL Server VSS Writer Microsoft Corporation 18.05.2012 0,68MB 9.00.5000.00unbekannt
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 18.05.2012 0,29MB 8.0.61001unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 25.02.2010 0,58MB 9.0.30729unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 13.04.2010 0,58MB 9.0.30729.4148unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 18.05.2012 0,59MB 9.0.30729.6161unbekannt
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Corporation 18.05.2012 12,3MB 10.0.40219unbekannt
Miranda Fusion 3.1.15.1 Miranda Fusion Team 11.06.2012 27,5MB 3.1.15.1notwendig
MKVtoolnix 4.8.0 Moritz Bunkus 29.06.2011 4.8.0notwendig
Mozilla Firefox 11.0 (x86 de) Mozilla 17.03.2012 35,8MB 11.0unnötig
Mozilla Firefox 15.0.1 (x86 de) Mozilla 06.09.2012 38,5MB 15.0.1notwendig
Mozilla Thunderbird (3.0.1) Mozilla 16.02.2010 3.0.1 (de)unnötig
Mozilla Thunderbird (3.0.11) Mozilla 10.12.2010 3.0.11 (de)notwendig
MSXML 4.0 SP2 (KB954430) Microsoft Corporation 13.09.2010 35,00KB 4.20.9870.0unbekannt
MSXML 4.0 SP2 (KB973688) Microsoft Corporation 13.09.2010 1,33MB 4.20.9876.0unbekannt
OpenOffice.org 3.2 OpenOffice.org 17.02.2010 369,5MB 3.2.9483notwendig
phonostar-Player Version 2.01.2 28.01.2012notwendig
phonostar-Player Version 3.01.8 16.09.2010notwendig
Realtek High Definition Audio Driver Realtek Semiconductor Corp. 27.02.2010 6.0.1.5948notwendig
REALTEK Wireless LAN Software REALTEK Semiconductor Corp. 06.10.2009 1.01.0088notwendig
Samsung Recovery Solution 4 Samsung 06.10.2009 4.0.0.3notwendig
Samsung Support Center Samsung 06.10.2009 40,8MB 1.0.1notwendig
Samsung Update Plus Samsung Electronics Co., Ltd. 06.10.2009 2.0notwendig
Skype™ 5.10 Skype Technologies S.A. 04.09.2012 19,4MB 5.10.116notwendig
Synaptics Pointing Device Driver Synaptics Incorporated 27.02.2010 14.0.10.0unbekannt
Ubisoft Game Launcher UBISOFT 01.03.2012 1.0.0.0unbekannt
Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch) Microsoft Corporation 18.05.2012 30,6MB 9.00.5000.00unbekannt
User Guide 06.10.2009 1.0notwendig
VLC media player 1.1.4 VideoLAN 03.11.2010 1.1.4notwendig
Wartung Samsung ML-191x 252x Series Samsung Electronics CO.,LTD 12.09.2010notwendig
Winamp Nullsoft, Inc 25.05.2010 5.572 notwendig
Winamp Anwendungserkennung Nullsoft, Inc 25.05.2010 0,12MB 1.0.0.1notwendig
Windows Live Essentials Microsoft Corporation 16.02.2010 14.0.8089.0726unbekannt
Windows Live Sync Microsoft Corporation 16.02.2010 2,79MB 14.0.8089.726unbekannt
Windows Live-Uploadtool Microsoft Corporation 16.02.2010 0,22MB 14.0.8014.1029unbekannt
Youtube Downloader HD v. 2.9.2 YoutubeDownloaderHD.com 27.03.2012 5,23MB notwendig
Zusi 3.0.2 (Beta-Demo) Carsten Hölscher 05.11.2011 197,8MB 3notwendig
|
|
11.09.2012, 14:42
| #10 |
| /// Malware-holic | Der nächste mit dem GVU-Trojaner... bearbeite das mal so, das die bezeichnungen nicht an den programmversionen kleben, so kann mans schlecht lesen :-)
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
| Themen zu Der nächste mit dem GVU-Trojaner... |
| 7-zip, antivir, autorun, avg, avira, bho, branding, defender, downloader, error, fehler, firefox, flash player, format, helper, home, install.exe, logfile, microsoft office 2003, office 2007, plug-in, realtek, registry, rundll, scan, security, software, svchost.exe, taskhost.exe, taskmanager, udp, windows, youtube downloader |
Linear-Darstellung
