| |
| |||||||
Log-Analyse und Auswertung: GVU Trojaner - Österreichische Version eingefangenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
09.09.2012, 19:35
| #1 |
| |  GVU Trojaner - Österreichische Version eingefangen Hi Meine Freundin hat sich heute den GVU Trojaner eingefangen (österreich version). Hier die OTL Logs: OTL.txt Code:
ATTFilter OTL logfile created on: 09.09.2012 20:22:02 - Run 1 OTL by OldTimer - Version 3.2.61.3 Folder = C:\Users\admin_new\Desktop Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy 1014,12 Mb Total Physical Memory | 367,48 Mb Available Physical Memory | 36,24% Memory free 1,99 Gb Paging File | 1,03 Gb Available in Paging File | 51,52% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 88,18 Gb Total Space | 13,06 Gb Free Space | 14,81% Space Free | Partition Type: NTFS Computer Name: INTAN-PC | User Name: admin_new | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.09.09 20:15:35 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\admin_new\Desktop\OTL.exe PRC - [2012.07.26 19:52:04 | 001,095,560 | ---- | M] (Spigot, Inc.) -- C:\Programme\Common Files\Spigot\Search Settings\SearchSettings.exe PRC - [2012.07.26 19:40:56 | 000,794,560 | ---- | M] (Spigot, Inc.) -- C:\Programme\Application Updater\ApplicationUpdater.exe PRC - [2012.03.22 16:13:16 | 000,086,016 | ---- | M] (alch) -- C:\Programme\ClamWin\bin\ClamTray.exe PRC - [2011.10.11 11:43:27 | 001,700,784 | ---- | M] (iMesh, Inc) -- C:\Programme\SearchCore for Browsers\SearchCore for Browsers\datamngrUI.exe PRC - [2010.07.27 12:01:10 | 000,484,816 | ---- | M] () -- C:\Programme\3DataManager\3DataManager_Launcher.exe PRC - [2010.07.08 14:18:30 | 000,333,264 | ---- | M] () -- C:\Programme\3DataManager\WTGService.exe PRC - [2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.07.14 03:14:47 | 001,121,280 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2009.07.14 03:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe ========== Modules (No Company Name) ========== MOD - [2012.08.30 04:58:45 | 000,442,392 | ---- | M] () -- C:\Users\admin_new\AppData\Local\Google\Chrome\Application\21.0.1180.89\ppGoogleNaClPluginChrome.dll MOD - [2012.08.30 04:58:44 | 012,237,336 | ---- | M] () -- C:\Users\admin_new\AppData\Local\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll MOD - [2012.08.30 04:58:42 | 003,997,720 | ---- | M] () -- C:\Users\admin_new\AppData\Local\Google\Chrome\Application\21.0.1180.89\pdf.dll MOD - [2012.08.30 04:57:27 | 000,526,872 | ---- | M] () -- C:\Users\admin_new\AppData\Local\Google\Chrome\Application\21.0.1180.89\libglesv2.dll MOD - [2012.08.30 04:57:26 | 000,104,984 | ---- | M] () -- C:\Users\admin_new\AppData\Local\Google\Chrome\Application\21.0.1180.89\libegl.dll MOD - [2012.08.30 04:57:15 | 000,144,424 | ---- | M] () -- C:\Users\admin_new\AppData\Local\Google\Chrome\Application\21.0.1180.89\avutil-51.dll MOD - [2012.08.30 04:57:13 | 000,266,792 | ---- | M] () -- C:\Users\admin_new\AppData\Local\Google\Chrome\Application\21.0.1180.89\avformat-54.dll MOD - [2012.08.30 04:57:12 | 002,480,680 | ---- | M] () -- C:\Users\admin_new\AppData\Local\Google\Chrome\Application\21.0.1180.89\avcodec-54.dll MOD - [2010.07.27 12:01:10 | 000,484,816 | ---- | M] () -- C:\Programme\3DataManager\3DataManager_Launcher.exe MOD - [2008.04.19 17:35:02 | 000,081,920 | ---- | M] () -- C:\Programme\ClamWin\bin\ExpShell.dll MOD - [2005.02.08 17:23:10 | 000,979,005 | ---- | M] () -- C:\Programme\ClamWin\bin\python23.dll MOD - [2004.11.20 03:27:54 | 000,106,496 | ---- | M] () -- C:\Programme\ClamWin\lib\shell.pyd MOD - [2004.11.20 03:27:54 | 000,086,016 | ---- | M] () -- C:\Programme\ClamWin\lib\win32gui.pyd MOD - [2004.11.20 03:27:54 | 000,077,824 | ---- | M] () -- C:\Programme\ClamWin\lib\win32file.pyd MOD - [2004.11.20 03:27:54 | 000,069,632 | ---- | M] () -- C:\Programme\ClamWin\lib\win32api.pyd MOD - [2004.11.20 03:27:54 | 000,065,536 | ---- | M] () -- C:\Programme\ClamWin\lib\win32security.pyd MOD - [2004.11.20 03:27:54 | 000,036,864 | ---- | M] () -- C:\Programme\ClamWin\lib\win32process.pyd MOD - [2004.11.20 03:27:54 | 000,024,576 | ---- | M] () -- C:\Programme\ClamWin\lib\win32pipe.pyd MOD - [2004.11.20 03:27:54 | 000,024,576 | ---- | M] () -- C:\Programme\ClamWin\lib\win32event.pyd MOD - [2004.10.11 20:22:18 | 000,315,392 | ---- | M] () -- C:\Programme\ClamWin\lib\pythoncom23.dll MOD - [2004.10.11 20:21:26 | 000,094,208 | ---- | M] () -- C:\Programme\ClamWin\lib\pywintypes23.dll MOD - [2004.05.25 21:20:30 | 000,036,864 | ---- | M] () -- C:\Programme\ClamWin\lib\_winreg.pyd MOD - [2004.05.25 21:19:32 | 000,045,117 | ---- | M] () -- C:\Programme\ClamWin\lib\datetime.pyd MOD - [2004.05.25 21:18:42 | 000,495,616 | ---- | M] () -- C:\Programme\ClamWin\lib\_ssl.pyd MOD - [2004.05.25 21:18:28 | 000,057,401 | ---- | M] () -- C:\Programme\ClamWin\lib\_sre.pyd MOD - [2004.05.25 21:18:20 | 000,049,212 | ---- | M] () -- C:\Programme\ClamWin\lib\_socket.pyd MOD - [2004.05.25 21:17:14 | 000,622,651 | ---- | M] () -- C:\Programme\ClamWin\lib\_bsddb.pyd MOD - [2004.01.15 14:45:22 | 000,061,440 | ---- | M] () -- C:\Programme\ClamWin\lib\_ctypes.pyd MOD - [2003.10.01 13:40:00 | 002,240,512 | ---- | M] () -- C:\Programme\ClamWin\lib\wxc.pyd MOD - [2003.10.01 11:43:02 | 003,239,936 | ---- | M] () -- C:\Programme\ClamWin\lib\wxmsw24h.dll MOD - [2003.08.10 09:14:40 | 000,061,440 | ---- | M] () -- C:\Programme\ClamWin\lib\mxDateTime.pyd ========== Services (SafeList) ========== SRV - [2012.07.26 19:40:56 | 000,794,560 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Programme\Application Updater\ApplicationUpdater.exe -- (Application Updater) SRV - [2010.11.08 23:30:55 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc) SRV - [2010.07.08 14:18:30 | 000,333,264 | ---- | M] () [Auto | Running] -- C:\Programme\3DataManager\WTGService.exe -- (WTGService) SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2009.07.14 03:14:47 | 001,121,280 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2008.11.04 02:06:28 | 000,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2006.10.26 15:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) ========== Driver Services (SafeList) ========== DRV - [2010.11.21 16:04:35 | 000,102,912 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard) DRV - [2010.11.21 16:04:35 | 000,101,248 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbdev.sys -- (hwusbdev) DRV - [2009.07.14 03:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus) DRV - [2009.07.14 03:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt) DRV - [2009.07.14 03:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc) DRV - [2009.07.14 01:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap) DRV - [2009.07.14 01:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID) DRV - [2009.07.14 00:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32) DRV - [2009.07.14 00:02:49 | 000,046,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp) DRV - [2006.02.16 11:55:16 | 000,074,624 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ESM7SK.sys -- (ESMCR) DRV - [2006.02.16 11:55:12 | 000,060,928 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\EMS7SK.sys -- (EMSCR) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\URLSearchHook: {64ead72b-ffd4-4e01-aa3a-4c71665d73e4} - C:\Programme\BittorrentBar_DE\tbBitt.dll (Conduit Ltd.) IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}: "URL" = hxxp://search.imesh.com/web?src=ieb&appid=1083&systemid=1&sr=0&q={searchTerms} IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2849855 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1428027426-2215384228-2540435377-1003\..\URLSearchHook: {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\6.2\pdfforgeToolbarIE.dll (Spigot, Inc.) IE - HKU\S-1-5-21-1428027426-2215384228-2540435377-1003\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKU\S-1-5-21-1428027426-2215384228-2540435377-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-1428027426-2215384228-2540435377-1003\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7PRFA_deAT433 IE - HKU\S-1-5-21-1428027426-2215384228-2540435377-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\admin_new\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\admin_new\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) ========== Chrome ========== CHR - homepage: CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms} CHR - homepage: CHR - plugin: Shockwave Flash (Enabled) = C:\Users\admin_new\AppData\Local\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\admin_new\AppData\Local\Google\Chrome\Application\21.0.1180.89\gcswf32.dll CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\admin_new\AppData\Local\Google\Chrome\Application\21.0.1180.89\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\admin_new\AppData\Local\Google\Chrome\Application\21.0.1180.89\pdf.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U22 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (vShare Toolbar) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Programme\vShare\vshare_toolbar.dll () O2 - BHO: (MediaBar) - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\Programme\iMesh Applications\MediaBar\Datamngr\ToolBar\imeshdtxmltbpi.dll () O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\ConduitEngine.dll (Conduit Ltd.) O2 - BHO: (BittorrentBar_DE Toolbar) - {64ead72b-ffd4-4e01-aa3a-4c71665d73e4} - C:\Programme\BittorrentBar_DE\tbBitt.dll (Conduit Ltd.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.) O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\6.2\pdfforgeToolbarIE.dll (Spigot, Inc.) O2 - BHO: (SearchCore for Browsers) - {BE7A24F5-69CB-4708-B77B-B1EDA6043B95} - C:\Programme\SearchCore for Browsers\SearchCore for Browsers\BrowserConnection.dll (SearchCore for Browsers) O3 - HKLM\..\Toolbar: (vShare Toolbar) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Programme\vShare\vshare_toolbar.dll () O3 - HKLM\..\Toolbar: (MediaBar) - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\Programme\iMesh Applications\MediaBar\Datamngr\ToolBar\imeshdtxmltbpi.dll () O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\ConduitEngine.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (BittorrentBar_DE Toolbar) - {64ead72b-ffd4-4e01-aa3a-4c71665d73e4} - C:\Programme\BittorrentBar_DE\tbBitt.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\6.2\pdfforgeToolbarIE.dll (Spigot, Inc.) O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3 - HKU\S-1-5-21-1428027426-2215384228-2540435377-1003\..\Toolbar\WebBrowser: (vShare Toolbar) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Programme\vShare\vshare_toolbar.dll () O3 - HKU\S-1-5-21-1428027426-2215384228-2540435377-1003\..\Toolbar\WebBrowser: (BittorrentBar_DE Toolbar) - {64EAD72B-FFD4-4E01-AA3A-4C71665D73E4} - C:\Programme\BittorrentBar_DE\tbBitt.dll (Conduit Ltd.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [ClamWin] C:\Program Files\ClamWin\bin\ClamTray.exe (alch) O4 - HKLM..\Run: [DATAMNGR] C:\Programme\SearchCore for Browsers\SearchCore for Browsers\datamngrUI.exe (iMesh, Inc) O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - Startup: C:\Users\intan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O13 - gopher Prefix: missing O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab (Reg Error: Key error.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{25C95914-444D-4E31-890D-44E5A30FD570}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D501AC8D-78A1-400B-820A-E2A340D41B84}: NameServer = 213.94.78.17 213.94.78.16 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\vsharechrome {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - C:\Programme\vShare\vshare_toolbar.dll () O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (C:\PROGRA~1\SEARCH~1\SEARCH~1\datamngr.dll) - C:\Programme\SearchCore for Browsers\SearchCore for Browsers\datamngr.dll (iMesh, Inc) O20 - AppInit_DLLs: (C:\PROGRA~1\SEARCH~1\SEARCH~1\IEBHO.dll) - C:\Programme\SearchCore for Browsers\SearchCore for Browsers\IEBHO.dll (iMesh, Inc) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.09.09 20:14:47 | 000,600,064 | ---- | C] (OldTimer Tools) -- C:\Users\admin_new\Desktop\OTL.exe [2012.09.09 20:11:23 | 000,000,000 | ---D | C] -- C:\Users\admin_new\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome [2012.09.09 20:09:45 | 002,422,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll [2012.09.09 20:09:45 | 000,045,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll [2012.09.09 20:09:29 | 000,000,000 | ---D | C] -- C:\Program Files\Application Updater [2012.09.09 20:09:28 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Spigot [2012.09.09 20:09:28 | 000,000,000 | ---D | C] -- C:\Program Files\pdfforge Toolbar [2012.09.09 20:06:53 | 000,000,000 | ---D | C] -- C:\Users\admin_new\AppData\Roaming\Macromedia [2012.09.09 20:06:34 | 000,171,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll [2012.09.09 20:06:34 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe [2012.09.09 20:05:16 | 000,000,000 | ---D | C] -- C:\Users\admin_new\AppData\Roaming\Adobe [2012.09.09 20:03:50 | 000,000,000 | ---D | C] -- C:\Users\admin_new\AppData\Roaming\Google [2012.09.09 20:03:48 | 000,000,000 | ---D | C] -- C:\Users\admin_new\AppData\Local\Google [2012.09.09 20:01:46 | 000,000,000 | ---D | C] -- C:\Users\admin_new\AppData\Roaming\.clamwin [2012.09.09 20:01:32 | 000,000,000 | R--D | C] -- C:\Users\admin_new\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [2012.09.09 20:01:32 | 000,000,000 | R--D | C] -- C:\Users\admin_new\Searches [2012.09.09 20:01:32 | 000,000,000 | R--D | C] -- C:\Users\admin_new\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [2012.09.09 20:01:22 | 000,000,000 | ---D | C] -- C:\Users\admin_new\AppData\Roaming\Identities [2012.09.09 20:01:20 | 000,000,000 | R--D | C] -- C:\Users\admin_new\Contacts [2012.09.09 20:01:15 | 000,000,000 | ---D | C] -- C:\Users\admin_new\AppData\Local\VirtualStore [2012.09.09 20:01:13 | 000,000,000 | --SD | C] -- C:\Users\admin_new\AppData\Roaming\Microsoft [2012.09.09 20:01:13 | 000,000,000 | R--D | C] -- C:\Users\admin_new\Videos [2012.09.09 20:01:13 | 000,000,000 | R--D | C] -- C:\Users\admin_new\Saved Games [2012.09.09 20:01:13 | 000,000,000 | R--D | C] -- C:\Users\admin_new\Pictures [2012.09.09 20:01:13 | 000,000,000 | R--D | C] -- C:\Users\admin_new\Music [2012.09.09 20:01:13 | 000,000,000 | R--D | C] -- C:\Users\admin_new\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance [2012.09.09 20:01:13 | 000,000,000 | R--D | C] -- C:\Users\admin_new\Links [2012.09.09 20:01:13 | 000,000,000 | R--D | C] -- C:\Users\admin_new\Favorites [2012.09.09 20:01:13 | 000,000,000 | R--D | C] -- C:\Users\admin_new\Downloads [2012.09.09 20:01:13 | 000,000,000 | R--D | C] -- C:\Users\admin_new\Documents [2012.09.09 20:01:13 | 000,000,000 | R--D | C] -- C:\Users\admin_new\Desktop [2012.09.09 20:01:13 | 000,000,000 | R--D | C] -- C:\Users\admin_new\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories [2012.09.09 20:01:13 | 000,000,000 | -HSD | C] -- C:\Users\admin_new\Vorlagen [2012.09.09 20:01:13 | 000,000,000 | -HSD | C] -- C:\Users\admin_new\AppData\Local\Verlauf [2012.09.09 20:01:13 | 000,000,000 | -HSD | C] -- C:\Users\admin_new\AppData\Local\Temporary Internet Files [2012.09.09 20:01:13 | 000,000,000 | -HSD | C] -- C:\Users\admin_new\Startmenü [2012.09.09 20:01:13 | 000,000,000 | -HSD | C] -- C:\Users\admin_new\SendTo [2012.09.09 20:01:13 | 000,000,000 | -HSD | C] -- C:\Users\admin_new\Recent [2012.09.09 20:01:13 | 000,000,000 | -HSD | C] -- C:\Users\admin_new\Netzwerkumgebung [2012.09.09 20:01:13 | 000,000,000 | -HSD | C] -- C:\Users\admin_new\Lokale Einstellungen [2012.09.09 20:01:13 | 000,000,000 | -HSD | C] -- C:\Users\admin_new\Documents\Eigene Videos [2012.09.09 20:01:13 | 000,000,000 | -HSD | C] -- C:\Users\admin_new\Documents\Eigene Musik [2012.09.09 20:01:13 | 000,000,000 | -HSD | C] -- C:\Users\admin_new\Eigene Dateien [2012.09.09 20:01:13 | 000,000,000 | -HSD | C] -- C:\Users\admin_new\Documents\Eigene Bilder [2012.09.09 20:01:13 | 000,000,000 | -HSD | C] -- C:\Users\admin_new\Druckumgebung [2012.09.09 20:01:13 | 000,000,000 | -HSD | C] -- C:\Users\admin_new\Cookies [2012.09.09 20:01:13 | 000,000,000 | -HSD | C] -- C:\Users\admin_new\AppData\Local\Anwendungsdaten [2012.09.09 20:01:13 | 000,000,000 | -HSD | C] -- C:\Users\admin_new\Anwendungsdaten [2012.09.09 20:01:13 | 000,000,000 | -H-D | C] -- C:\Users\admin_new\AppData [2012.09.09 20:01:13 | 000,000,000 | ---D | C] -- C:\Users\admin_new\AppData\Local\Temp [2012.09.09 20:01:13 | 000,000,000 | ---D | C] -- C:\Users\admin_new\AppData\Local\Microsoft Help [2012.09.09 20:01:13 | 000,000,000 | ---D | C] -- C:\Users\admin_new\AppData\Local\Microsoft [2012.09.09 20:01:13 | 000,000,000 | ---D | C] -- C:\Users\admin_new\AppData\Roaming\Media Center Programs ========== Files - Modified Within 30 Days ========== [2012.09.09 20:20:57 | 000,017,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.09.09 20:20:57 | 000,017,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.09.09 20:19:01 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.09.09 20:16:13 | 000,001,084 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1428027426-2215384228-2540435377-1003Core.job [2012.09.09 20:16:09 | 000,001,136 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1428027426-2215384228-2540435377-1003UA.job [2012.09.09 20:15:35 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\admin_new\Desktop\OTL.exe [2012.09.09 20:11:39 | 000,002,380 | ---- | M] () -- C:\Users\admin_new\Desktop\Google Chrome.lnk [2012.09.09 20:09:17 | 000,643,866 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.09.09 20:09:17 | 000,607,190 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.09.09 20:09:17 | 000,126,394 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.09.09 20:09:17 | 000,103,568 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.09.09 20:01:16 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.09.09 20:00:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.09.09 20:00:54 | 797,532,160 | -HS- | M] () -- C:\hiberfil.sys ========== Files Created - No Company Name ========== [2012.09.09 20:11:39 | 000,002,380 | ---- | C] () -- C:\Users\admin_new\Desktop\Google Chrome.lnk [2012.09.09 20:09:08 | 000,001,136 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1428027426-2215384228-2540435377-1003UA.job [2012.09.09 20:08:55 | 000,001,084 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1428027426-2215384228-2540435377-1003Core.job [2012.09.09 20:01:35 | 000,001,413 | ---- | C] () -- C:\Users\admin_new\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk [2010.11.18 10:10:30 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll ========== LOP Check ========== [2012.05.05 18:52:58 | 000,000,000 | ---D | M] -- C:\Users\intan\AppData\Roaming\3DataManager [2011.01.09 22:48:58 | 000,000,000 | ---D | M] -- C:\Users\intan\AppData\Roaming\AUTOSICH [2012.09.09 19:56:13 | 000,000,000 | ---D | M] -- C:\Users\intan\AppData\Roaming\BitTorrent [2012.05.05 18:54:53 | 000,000,000 | ---D | M] -- C:\Users\intan\AppData\Roaming\fifa [2012.05.01 18:22:20 | 000,000,000 | ---D | M] -- C:\Users\intan\AppData\Roaming\jggwhyzbjyxzzl [2011.10.27 13:33:41 | 000,000,000 | ---D | M] -- C:\Users\intan\AppData\Roaming\MusicNet [2012.05.02 18:51:36 | 000,000,000 | ---D | M] -- C:\Users\intan\AppData\Roaming\ryxjsxxujtoya [2012.04.13 18:58:21 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 09.09.2012 20:22:02 - Run 1
OTL by OldTimer - Version 3.2.61.3 Folder = C:\Users\admin_new\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
1014,12 Mb Total Physical Memory | 367,48 Mb Available Physical Memory | 36,24% Memory free
1,99 Gb Paging File | 1,03 Gb Available in Paging File | 51,52% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 88,18 Gb Total Space | 13,06 Gb Free Space | 14,81% Space Free | Partition Type: NTFS
Computer Name: INTAN-PC | User Name: admin_new | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0FB25D0B-5214-4DA5-A923-5954FBDFCFDC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{295325D3-B8E4-4AC8-AFF5-75D9B5C8A308}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{308DE554-B30C-435E-BDA4-7689678F115B}" = rport=137 | protocol=17 | dir=out | app=system |
"{4A0697C0-9497-4106-A2A2-4BA184901DA5}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{594A0524-0141-402B-AF13-A717E2D8B483}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{6C559D6F-29A0-4964-9252-FD7EB7F71BEB}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7682232A-066C-4AAB-B60B-CBBFFB4ADFF8}" = rport=139 | protocol=6 | dir=out | app=system |
"{79EB7DFB-D221-4E8C-8F8C-BC5A3429B3D9}" = lport=138 | protocol=17 | dir=in | app=system |
"{8222189C-F67C-4B58-9249-7254E0F234DF}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{89373BCB-68BE-481A-B26A-4F9C2FCF860C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{99E0AD96-3175-42AE-83BB-33E46957E834}" = lport=445 | protocol=6 | dir=in | app=system |
"{A9B6476F-D8D1-41EC-B4E7-E662F93F57A0}" = rport=10243 | protocol=6 | dir=out | app=system |
"{AC4EC281-7679-49A3-8052-98AFC73748AA}" = rport=138 | protocol=17 | dir=out | app=system |
"{C514419D-94C6-4332-8D86-037B952CE38A}" = lport=139 | protocol=6 | dir=in | app=system |
"{D3C35FE7-3E2B-4FFD-89C4-F93D01DC2C85}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D44B8122-B079-4019-B4BC-C341A29C531F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E5F742B1-1097-4CD0-8162-E99E144F85FC}" = rport=445 | protocol=6 | dir=out | app=system |
"{EFB1D7A0-522E-43C5-BF91-E9F08B92490B}" = lport=2869 | protocol=6 | dir=in | app=system |
"{F4041AB0-F5B3-407C-8725-121CE57F076A}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F7C61AF3-3DC8-4E86-85B9-B5223BAEDECD}" = lport=10243 | protocol=6 | dir=in | app=system |
"{FB326887-711E-489F-BDAC-9808A57ADE1E}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{FE10CF7F-175E-4EB4-9A52-1D18C97AB9BC}" = lport=137 | protocol=17 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{023B2DD2-18ED-4D70-BB9C-7AE971B3CFE2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{09E5A8A8-DF95-4264-85CF-621C444BA42A}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{0C024F1B-03EE-48C5-B64D-B7D86498D07A}" = protocol=6 | dir=in | app=c:\program files\imesh applications\imesh\imesh.exe |
"{0EA2F762-4B0D-4A6A-BDC1-556963453C18}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2504F4EB-2402-4C9F-BF69-F4F32CF493AA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{2A38EC1B-E004-4871-BC7A-4596A72811ED}" = protocol=17 | dir=in | app=c:\program files\imesh applications\mediabar\datamngr\toolbar\dtuser.exe |
"{3A9EF295-D73F-4774-8E23-A25E24C794D5}" = protocol=17 | dir=in | app=c:\program files\imesh applications\imesh\imesh.exe |
"{3BF0B568-D8DE-48F7-9405-ACAF72CAFE7B}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{406EAEB8-00F3-4AD9-A75B-F4721AE646B1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5AAF40E3-0190-4ABA-98E2-AA3706D514D5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{5DF16B35-F394-4294-AB51-D84C3EF7195F}" = protocol=6 | dir=out | app=system |
"{6C6158BF-C6FD-4C6F-B7BB-77487AF259CD}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{6F293C4F-DD2D-471B-923B-405FDA15EB47}" = protocol=17 | dir=in | app=c:\program files\imesh applications\imesh\imesh.exe |
"{78C8BF52-C28C-4432-8912-B0B13D6565EE}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{83B74C1F-421A-4FB5-AC69-163229621FE1}" = protocol=6 | dir=in | app=c:\program files\imesh applications\imesh\imesh.exe |
"{84C28921-CD32-4DB8-8251-1E937389E31A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{95F90B5A-73E5-4DDF-ACBB-632D46AA1420}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A68CE2F9-35F5-4414-A723-964AB9388729}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{AD82CE63-542C-48C1-AFA8-006D5C01C2B4}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{C307D11F-0148-4983-AE72-17B83342DE6C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{D24334F5-F7B0-42C3-B8F4-E9BC840FC7D7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D75818FD-9D3C-449E-B55E-6EF93BC4E5AD}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{F7727796-A549-4EB2-89F6-1003B0A92105}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{F9DF0070-255B-46F6-9C4C-EECC142550EC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{FA0136EE-8DA2-41F1-92AB-EF2592347847}" = protocol=6 | dir=in | app=c:\program files\imesh applications\mediabar\datamngr\toolbar\dtuser.exe |
"{FD5B92A8-203F-47EB-AEE3-D92EFD527CE6}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"TCP Query User{9AE6EF02-1226-4891-A202-1BF55B603750}C:\program files\imesh applications\imesh\imesh.exe" = protocol=6 | dir=in | app=c:\program files\imesh applications\imesh\imesh.exe |
"UDP Query User{5C7D3225-8288-47B0-9D38-18DB0B6A9114}C:\program files\imesh applications\imesh\imesh.exe" = protocol=17 | dir=in | app=c:\program files\imesh applications\imesh\imesh.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2511D82C-2688-41C2-ABF8-AF237795989B}" = pdfforge Toolbar v6.2
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{8FB495A1-4A3F-4C1D-BD27-3F3AB2E66763}" = iMesh
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0017-0407-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (German) 2007
"{90120000-0017-0407-0000-0000000FF1CE}_OMUI.de-de_{0B9EAEAC-F271-45DC-BDCB-06ABEEF19825}" = Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_OMUI.de-de_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_OMUI.de-de_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_OMUI.de-de_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_OMUI.de-de_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_OMUI.de-de_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0100-0407-0000-0000000FF1CE}" = Microsoft Office O MUI (German) 2007
"{90120000-0100-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0101-0407-0000-0000000FF1CE}" = Microsoft Office X MUI (German) 2007
"{90120000-0101-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.0 - Deutsch
"3DataManager" = 3DataManager
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"BitTorrent" = BitTorrent
"BittorrentBar_DE Toolbar" = BittorrentBar_DE Toolbar
"CCleaner" = CCleaner
"ClamWin Free Antivirus_is1" = ClamWin Free Antivirus 0.97.4
"conduitEngine" = Conduit Engine
"ENTERPRISE" = Microsoft Office Enterprise 2007
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"iMesh" = iMesh
"iMesh 1 MediaBar" = MediaBar
"OMUI.de-de" = Microsoft Office Language Pack 2007 - German/Deutsch
"SearchCore for Browsers" = SearchCore for Browsers
"vShare" = vShare Plugin
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-1428027426-2215384228-2540435377-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 23.04.2012 06:15:32 | Computer Name = intan-PC | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 8.0.7600.16722 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: f9c Startzeit: 01cd213965438124 Endzeit: 780 Anwendungspfad:
C:\Program Files\Internet Explorer\iexplore.exe Berichts-ID: 3f6c3d51-8d2d-11e1-b5dc-0016d44d1c31
Error - 23.04.2012 06:15:42 | Computer Name = intan-PC | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 8.0.7600.16722 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: d64 Startzeit: 01cd21359d5bfe7c Endzeit: 110 Anwendungspfad:
C:\Program Files\Internet Explorer\iexplore.exe Berichts-ID:
Error - 23.04.2012 06:49:53 | Computer Name = intan-PC | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 8.0.7600.16722 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: cf8 Startzeit: 01cd213d30747f2d Endzeit: 187 Anwendungspfad:
C:\Program Files\Internet Explorer\iexplore.exe Berichts-ID: 0c38892e-8d32-11e1-b5dc-0016d44d1c31
Error - 23.04.2012 13:45:06 | Computer Name = intan-PC | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 8.0.7600.16722 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: df0 Startzeit: 01cd2177a8846032 Endzeit: 234 Anwendungspfad:
C:\Program Files\Internet Explorer\iexplore.exe Berichts-ID: 0a247dde-8d6c-11e1-bf97-0016d44d1c31
Error - 26.04.2012 08:06:46 | Computer Name = intan-PC | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 8.0.7600.16722 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: d5c Startzeit: 01cd23a4e3671c8f Endzeit: 390 Anwendungspfad:
C:\Program Files\Internet Explorer\iexplore.exe Berichts-ID: 486bb23f-8f98-11e1-b4d5-0016d44d1c31
Error - 26.04.2012 08:41:15 | Computer Name = intan-PC | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 8.0.7600.16722 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: 5a4 Startzeit: 01cd23a8fad1d4fb Endzeit: 327 Anwendungspfad:
C:\Program Files\Internet Explorer\iexplore.exe Berichts-ID: 1a32005a-8f9d-11e1-b4d5-0016d44d1c31
Error - 27.04.2012 11:49:34 | Computer Name = intan-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 8.0.7600.16722,
Zeitstempel: 0x4d0c2f29 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16695,
Zeitstempel: 0x4cc7ab44 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00028ab2 ID des fehlerhaften
Prozesses: 0xf08 Startzeit der fehlerhaften Anwendung: 0x01cd2488b0c2e3c5 Pfad der
fehlerhaften Anwendung: C:\Program Files\Internet Explorer\iexplore.exe Pfad des
fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll Berichtskennung: 957a820c-9080-11e1-815c-0016d44d1c31
Error - 27.04.2012 13:15:01 | Computer Name = intan-PC | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 8.0.7600.16722 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: 474 Startzeit: 01cd2488ac1f151c Endzeit: 1279 Anwendungspfad:
C:\Program Files\Internet Explorer\iexplore.exe Berichts-ID: 7916045f-908c-11e1-815c-0016d44d1c31
Error - 05.05.2012 04:32:24 | Computer Name = intan-PC | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 8.0.7600.16722 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: f54 Startzeit: 01cd2a98c6ab6e40 Endzeit: 63 Anwendungspfad:
C:\Program Files\Internet Explorer\iexplore.exe Berichts-ID: d3e0f663-968c-11e1-8a7d-0016d44d1c31
Error - 09.09.2012 14:17:18 | Computer Name = intan-PC | Source = Windows Activation Technologies | ID = 14
Description = Fehler bei der Echtheitsprüfung: hr = 0x800706BA
[ System Events ]
Error - 09.09.2012 13:57:56 | Computer Name = intan-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 09.09.2012 13:57:57 | Computer Name = intan-PC | Source = DCOM | ID = 10005
Description =
Error - 09.09.2012 13:57:58 | Computer Name = intan-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 09.09.2012 13:57:58 | Computer Name = intan-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 09.09.2012 13:57:58 | Computer Name = intan-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 09.09.2012 13:57:58 | Computer Name = intan-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 09.09.2012 13:57:58 | Computer Name = intan-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 09.09.2012 13:57:58 | Computer Name = intan-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 09.09.2012 13:58:33 | Computer Name = intan-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 09.09.2012 13:58:44 | Computer Name = intan-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
< End of report >
hoffe ihr könnt mir helfen. Mfg |
|
09.09.2012, 21:31
| #2 |
| /// Helfer-Team  | GVU Trojaner - Österreichische Version eingefangen 1. Schritt Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.danach: 2. Schritt Downloade Dir bitte AdwCleaner auf deinen Desktop.
__________________ |
|
10.09.2012, 20:29
| #3 |
| | GVU Trojaner - Österreichische Version eingefangen hi
__________________Scanvorgang hat 7 objekte gefunden und wurden gelöscht bzw in quarantäne gestellt. Hier der Adwcleaner suchlog: Code:
ATTFilter # AdwCleaner v2.001 - Datei am 09/10/2012 um 10:08:12 erstellt
# Aktualisiert am 09/09/2012 von Xplode
# Betriebssystem : Windows 7 Ultimate (32 bits)
# Benutzer : admin_new - INTAN-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\admin_new\Desktop\adwcleaner.exe
# Option [Suche]
**** [Dienste] ****
Gefunden : Application Updater
***** [Dateien / Ordner] *****
Ordner Gefunden : C:\Program Files\Application Updater
Ordner Gefunden : C:\Program Files\Common Files\spigot
Ordner Gefunden : C:\Program Files\Conduit
Ordner Gefunden : C:\Program Files\ConduitEngine
Ordner Gefunden : C:\Program Files\pdfforge Toolbar
Ordner Gefunden : C:\Program Files\vShare
Ordner Gefunden : C:\Users\admin_new\AppData\LocalLow\BittorrentBar_DE
Ordner Gefunden : C:\Users\admin_new\AppData\LocalLow\Conduit
Ordner Gefunden : C:\Users\admin_new\AppData\LocalLow\ConduitEngine
Ordner Gefunden : C:\Users\admin_new\AppData\LocalLow\imeshbandmltbpi
Ordner Gefunden : C:\Users\admin_new\AppData\LocalLow\mediabarim
Ordner Gefunden : C:\Users\admin_new\AppData\LocalLow\pdfforge
Ordner Gefunden : C:\Users\admin_new\AppData\LocalLow\Search Settings
Ordner Gefunden : C:\Users\admin_new\AppData\LocalLow\vShare
Ordner Gefunden : C:\Users\intan\AppData\LocalLow\BittorrentBar_DE
Ordner Gefunden : C:\Users\intan\AppData\LocalLow\Conduit
Ordner Gefunden : C:\Users\intan\AppData\LocalLow\ConduitEngine
Ordner Gefunden : C:\Users\intan\AppData\LocalLow\imeshbandmltbpi
Ordner Gefunden : C:\Users\intan\AppData\LocalLow\mediabarim
Ordner Gefunden : C:\Users\intan\AppData\LocalLow\pdfforge
Ordner Gefunden : C:\Users\intan\AppData\LocalLow\PriceGong
Ordner Gefunden : C:\Users\intan\AppData\LocalLow\Search Settings
Ordner Gefunden : C:\Users\intan\AppData\LocalLow\vShare
***** [Registrierungsdatenbank] *****
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\BittorrentBar_DE
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\conduitEngine
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\conduitEngine
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\pdfforge
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\Search Settings
Schlüssel Gefunden : HKCU\Software\DataMngr_Toolbar
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{28387537-E3F9-4ED7-860C-11E69AF4A8A0}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{64EAD72B-FFD4-4E01-AA3A-4C71665D73E4}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BE7A24F5-69CB-4708-B77B-B1EDA6043B95}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{043C5167-00BB-4324-AF7E-62013FAEDACF}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{28387537-E3F9-4ED7-860C-11E69AF4A8A0}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{64EAD72B-FFD4-4E01-AA3A-4C71665D73E4}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BE7A24F5-69CB-4708-B77B-B1EDA6043B95}
Schlüssel Gefunden : HKCU\Software\pdfforge
Schlüssel Gefunden : HKCU\Software\Search Settings
Schlüssel Gefunden : HKLM\Software\BittorrentBar_DE
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{1FC41815-FA4C-4F8B-B143-2C045C8EA2FC}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{21493C1F-D071-496A-9C27-450578888291}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{403A885F-CB00-40C1-BDC1-EB09053194F7}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{55C1727F-5535-4C2A-9601-8C2458608B48}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{A7DDCBDE-5C86-415c-8A37-763AE183E7E4}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\DiscoveryHelper.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\GIFAnimator.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\IMTrProgress.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\IMWeb.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\WMHelper.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{043C5167-00BB-4324-AF7E-62013FAEDACF}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{2656B92B-0207-4afb-BEBF-F5FD231ECD39}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{27BF8F8D-58B8-D41C-F913-B7EEB57EF6F6}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{28387537-E3F9-4ED7-860C-11E69AF4A8A0}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{34CB0620-E343-4772-BBA8-D3074BC47516}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{3B7599DF-3D5D-4EF5-BF51-9C2EDA788E83}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{3BF72F68-72D8-461D-A884-329D936C5581}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{412CD209-DDA4-4275-8C79-55F1C93FBD47}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{474597C5-AB09-49D6-A4D5-2E8D7341384E}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{59570C1F-B692-48c9-91B4-7809E6945287}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{63A0F7FA-2C95-4d7e-AF25-EFCC303D20A1}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{64EAD72B-FFD4-4E01-AA3A-4C71665D73E4}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{6559E502-6EE1-46b8-A83C-F3A45BDA23EE}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{78E9D883-93CD-4072-BEF3-38EE581E2839}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{83AC1413-FCE4-4A46-9DD5-4F31F306E71F}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{A2858A72-758F-4486-B6A1-7F1DCC0924FA}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{B6C3F0AA-F0BA-4778-BC0B-B05B83FECFD3}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{B6F8DA9F-2696-419e-A8A3-19BE41EF51BD}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{BE7A24F5-69CB-4708-B77B-B1EDA6043B95}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{C63CA8A4-AB4E-49e5-A6C0-33FC86D80205}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{C6A7847E-8931-4a9a-B4EF-72A91E3CCF4D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{DD0F1D24-E250-4e93-966C-65615720AEFB}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{EC1277BB-1C71-4c0d-BA6D-BFEA16E773A6}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Conduit.Engine
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\DiscoveryHelper.iMesh6Discovery
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\DiscoveryHelper.iMesh6Discovery.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\imweb.imwebcontrol
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{20ED5AF7-D9C4-409E-9EB3-D2A44A77FB6D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{5E8CD073-21DF-4117-9BBD-D03C45D36CAE}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{B37B4BA6-334E-72C1-B57E-6AFE8F8A5AF3}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{B77AD4AC-C1C2-B293-7737-71E13A11FFEA}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{CA1CE38C-F04C-471F-B9F3-083C58165C10}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{E773F2CF-5E6E-FF2B-81A1-AC581A26B2B2}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\vsharechrome
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Toolbar.CT2849855
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{252C2315-CCE0-4446-8DA7-C00292A690BA}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{3E315C81-442B-431C-AEC8-ED189699EC24}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{403A885F-CB00-40C1-BDC1-EB09053194F7}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{55C1727F-5535-4C2A-9601-8C2458608B48}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{96F7FABC-5789-EFA4-B6ED-1272F4C1D27B}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\vShare.IMedixProtocol
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\vShare.IMedixProtocol.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\vShare.PugiObj
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\vShare.PugiObj.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\vShare.ScriptHelpers
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\vShare.ScriptHelpers.1
Schlüssel Gefunden : HKLM\Software\Conduit
Schlüssel Gefunden : HKLM\Software\conduitEngine
Schlüssel Gefunden : HKLM\Software\conduitEngine
Schlüssel Gefunden : HKLM\Software\DataMngr
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{043C5167-00BB-4324-AF7E-62013FAEDACF}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1BAD33D7-EAB8-4A10-8041-AFF5F6C04919}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{28387537-E3F9-4ED7-860C-11E69AF4A8A0}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E37ADDCB-6C65-4576-A4C2-5B33BCB86A66}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{043C5167-00BB-4324-AF7E-62013FAEDACF}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{28387537-E3F9-4ED7-860C-11E69AF4A8A0}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64EAD72B-FFD4-4E01-AA3A-4C71665D73E4}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BE7A24F5-69CB-4708-B77B-B1EDA6043B95}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3B7599DF-3D5D-4EF5-BF51-9C2EDA788E83}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{872F3C0B-4462-424C-BB9F-74C6899B9F92}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B6C3F0AA-F0BA-4778-BC0B-B05B83FECFD3}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B6F8DA9F-2696-419e-A8A3-19BE41EF51BD}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BittorrentBar_DE Toolbar
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\iMesh 1 MediaBar
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\vShare
Schlüssel Gefunden : HKLM\Software\pdfforge
Schlüssel Gefunden : HKLM\Software\Search Settings
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{043C5167-00BB-4324-AF7E-62013FAEDACF}]
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{64EAD72B-FFD4-4E01-AA3A-4C71665D73E4}]
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{B922D405-6D13-4A2B-AE89-08A030DA4402}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{043C5167-00BB-4324-AF7E-62013FAEDACF}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{28387537-E3F9-4ED7-860C-11E69AF4A8A0}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{30F9B915-B755-4826-820B-08FBA6BD249D}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{30F9B915-B755-4826-820B-08FBA6BD249D}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{64EAD72B-FFD4-4E01-AA3A-4C71665D73E4}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{B922D405-6D13-4A2B-AE89-08A030DA4402}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{64EAD72B-FFD4-4E01-AA3A-4C71665D73E4}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [DataMngr]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [SearchSettings]
***** [Internet Browser] *****
-\\ Internet Explorer v8.0.7600.16385
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Google Chrome v21.0.1180.89
Datei : C:\Users\admin_new\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] Die Datei ist sauber.
*************************
AdwCleaner[R1].txt - [13749 octets] - [09/09/2012 22:39:23]
AdwCleaner[R2].txt - [13810 octets] - [09/09/2012 22:41:33]
AdwCleaner[R3].txt - [13740 octets] - [10/09/2012 10:08:12]
########## EOF - C:\AdwCleaner[R3].txt - [13801 octets] ##########
Soll ich das Löschen auch durchführen`? Mfg |
|
11.09.2012, 00:51
| #4 |
| /// Helfer-Team | GVU Trojaner - Österreichische Version eingefangen Bitte das Malwarebytes Logfile posten! (Reiter Logberichte) |
|
11.09.2012, 19:24
| #5 |
| | GVU Trojaner - Österreichische Version eingefangen hier der mbam log Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.09.09.06 Windows 7 x86 NTFS Internet Explorer 8.0.7600.16385 admin_new :: INTAN-PC [Administrator] Schutz: Aktiviert 10.09.2012 09:32:40 mbam-log-2012-09-10 (09-32-40).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 263301 Laufzeit: 29 Minute(n), 6 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 7 C:\ProgramData\Windows\wsse.dll (Trojan.FakeMS) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Romano.Bin\9A0B33B1FB4.exe (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\intan\AppData\Local\Temp\ms0cfg32.exe (Trojan.Winlock) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\intan\AppData\Local\Temp\~!#EF6D.tmp (Spyware.Password) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\intan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\aaa0ea1-6ed80b82 (Trojan.Winlock) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\intan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40\25298928-4b748da9 (Trojan.FakeMS) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\intan\Desktop\sname (Spyware.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) |
|
12.09.2012, 08:16
| #6 |
| /// Helfer-Team | GVU Trojaner - Österreichische Version eingefangen CustomScan mit OTL Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.
Code:
ATTFilter netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\*.*
%APPDATA%\*AcroIEH*.*
%APPDATA%\*.exe
%APPDATA%\*.tmp
CREATERESTOREPOINT
__________________ --> GVU Trojaner - Österreichische Version eingefangen |
|
12.09.2012, 18:56
| #7 |
| | GVU Trojaner - Österreichische Version eingefangen hi hier der OTL log mit dem custom scan Code:
ATTFilter OTL logfile created on: 12.09.2012 19:24:52 - Run 2 OTL by OldTimer - Version 3.2.61.3 Folder = C:\Users\admin_new\Desktop Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy 1014,12 Mb Total Physical Memory | 355,48 Mb Available Physical Memory | 35,05% Memory free 1,99 Gb Paging File | 1,29 Gb Available in Paging File | 64,87% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 88,18 Gb Total Space | 12,08 Gb Free Space | 13,70% Space Free | Partition Type: NTFS Computer Name: INTAN-PC | User Name: admin_new | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.09.09 20:15:35 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\admin_new\Desktop\OTL.exe PRC - [2012.07.26 19:52:04 | 001,095,560 | ---- | M] (Spigot, Inc.) -- C:\Programme\Common Files\Spigot\Search Settings\SearchSettings.exe PRC - [2012.07.26 19:40:56 | 000,794,560 | ---- | M] (Spigot, Inc.) -- C:\Programme\Application Updater\ApplicationUpdater.exe PRC - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.07.03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012.03.22 16:13:16 | 000,086,016 | ---- | M] (alch) -- C:\Programme\ClamWin\bin\ClamTray.exe PRC - [2011.10.11 11:43:27 | 001,700,784 | ---- | M] (iMesh, Inc) -- C:\Programme\SearchCore for Browsers\SearchCore for Browsers\datamngrUI.exe PRC - [2010.07.27 12:01:10 | 000,484,816 | ---- | M] () -- C:\Programme\3DataManager\3DataManager_Launcher.exe PRC - [2010.07.08 14:18:30 | 000,333,264 | ---- | M] () -- C:\Programme\3DataManager\WTGService.exe PRC - [2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.07.14 03:14:47 | 001,121,280 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2009.07.14 03:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe ========== Modules (No Company Name) ========== MOD - [2010.07.27 12:01:10 | 000,484,816 | ---- | M] () -- C:\Programme\3DataManager\3DataManager_Launcher.exe MOD - [2008.04.19 17:35:02 | 000,081,920 | ---- | M] () -- C:\Programme\ClamWin\bin\ExpShell.dll MOD - [2005.02.08 17:23:10 | 000,979,005 | ---- | M] () -- C:\Programme\ClamWin\bin\python23.dll MOD - [2004.11.20 03:27:54 | 000,106,496 | ---- | M] () -- C:\Programme\ClamWin\lib\shell.pyd MOD - [2004.11.20 03:27:54 | 000,086,016 | ---- | M] () -- C:\Programme\ClamWin\lib\win32gui.pyd MOD - [2004.11.20 03:27:54 | 000,077,824 | ---- | M] () -- C:\Programme\ClamWin\lib\win32file.pyd MOD - [2004.11.20 03:27:54 | 000,069,632 | ---- | M] () -- C:\Programme\ClamWin\lib\win32api.pyd MOD - [2004.11.20 03:27:54 | 000,065,536 | ---- | M] () -- C:\Programme\ClamWin\lib\win32security.pyd MOD - [2004.11.20 03:27:54 | 000,036,864 | ---- | M] () -- C:\Programme\ClamWin\lib\win32process.pyd MOD - [2004.11.20 03:27:54 | 000,024,576 | ---- | M] () -- C:\Programme\ClamWin\lib\win32pipe.pyd MOD - [2004.11.20 03:27:54 | 000,024,576 | ---- | M] () -- C:\Programme\ClamWin\lib\win32event.pyd MOD - [2004.10.11 20:22:18 | 000,315,392 | ---- | M] () -- C:\Programme\ClamWin\lib\pythoncom23.dll MOD - [2004.10.11 20:21:26 | 000,094,208 | ---- | M] () -- C:\Programme\ClamWin\lib\pywintypes23.dll MOD - [2004.05.25 21:20:30 | 000,036,864 | ---- | M] () -- C:\Programme\ClamWin\lib\_winreg.pyd MOD - [2004.05.25 21:19:32 | 000,045,117 | ---- | M] () -- C:\Programme\ClamWin\lib\datetime.pyd MOD - [2004.05.25 21:18:42 | 000,495,616 | ---- | M] () -- C:\Programme\ClamWin\lib\_ssl.pyd MOD - [2004.05.25 21:18:28 | 000,057,401 | ---- | M] () -- C:\Programme\ClamWin\lib\_sre.pyd MOD - [2004.05.25 21:18:20 | 000,049,212 | ---- | M] () -- C:\Programme\ClamWin\lib\_socket.pyd MOD - [2004.05.25 21:17:14 | 000,622,651 | ---- | M] () -- C:\Programme\ClamWin\lib\_bsddb.pyd MOD - [2004.01.15 14:45:22 | 000,061,440 | ---- | M] () -- C:\Programme\ClamWin\lib\_ctypes.pyd MOD - [2003.10.01 13:40:00 | 002,240,512 | ---- | M] () -- C:\Programme\ClamWin\lib\wxc.pyd MOD - [2003.10.01 11:43:02 | 003,239,936 | ---- | M] () -- C:\Programme\ClamWin\lib\wxmsw24h.dll MOD - [2003.08.10 09:14:40 | 000,061,440 | ---- | M] () -- C:\Programme\ClamWin\lib\mxDateTime.pyd ========== Services (SafeList) ========== SRV - [2012.07.26 19:40:56 | 000,794,560 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Programme\Application Updater\ApplicationUpdater.exe -- (Application Updater) SRV - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2010.11.08 23:30:55 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc) SRV - [2010.07.08 14:18:30 | 000,333,264 | ---- | M] () [Auto | Running] -- C:\Programme\3DataManager\WTGService.exe -- (WTGService) SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2009.07.14 03:14:47 | 001,121,280 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2008.11.04 02:06:28 | 000,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2006.10.26 15:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) ========== Driver Services (SafeList) ========== DRV - [2012.07.03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2010.11.21 16:04:35 | 000,102,912 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard) DRV - [2010.11.21 16:04:35 | 000,101,248 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbdev.sys -- (hwusbdev) DRV - [2009.07.14 03:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus) DRV - [2009.07.14 03:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt) DRV - [2009.07.14 03:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc) DRV - [2009.07.14 01:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap) DRV - [2009.07.14 01:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID) DRV - [2009.07.14 00:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32) DRV - [2009.07.14 00:02:49 | 000,046,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp) DRV - [2006.02.16 11:55:16 | 000,074,624 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ESM7SK.sys -- (ESMCR) DRV - [2006.02.16 11:55:12 | 000,060,928 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\EMS7SK.sys -- (EMSCR) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\URLSearchHook: {64ead72b-ffd4-4e01-aa3a-4c71665d73e4} - C:\Programme\BittorrentBar_DE\tbBitt.dll (Conduit Ltd.) IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}: "URL" = hxxp://search.imesh.com/web?src=ieb&appid=1083&systemid=1&sr=0&q={searchTerms} IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2849855 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1428027426-2215384228-2540435377-1003\..\URLSearchHook: {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\6.2\pdfforgeToolbarIE.dll (Spigot, Inc.) IE - HKU\S-1-5-21-1428027426-2215384228-2540435377-1003\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKU\S-1-5-21-1428027426-2215384228-2540435377-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-1428027426-2215384228-2540435377-1003\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7PRFA_deAT433 IE - HKU\S-1-5-21-1428027426-2215384228-2540435377-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\admin_new\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\admin_new\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) ========== Chrome ========== CHR - homepage: CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms} CHR - homepage: CHR - plugin: Shockwave Flash (Enabled) = C:\Users\admin_new\AppData\Local\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\admin_new\AppData\Local\Google\Chrome\Application\21.0.1180.89\gcswf32.dll CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\admin_new\AppData\Local\Google\Chrome\Application\21.0.1180.89\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\admin_new\AppData\Local\Google\Chrome\Application\21.0.1180.89\pdf.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U22 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (vShare Toolbar) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Programme\vShare\vshare_toolbar.dll () O2 - BHO: (MediaBar) - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\Programme\iMesh Applications\MediaBar\Datamngr\ToolBar\imeshdtxmltbpi.dll () O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\ConduitEngine.dll (Conduit Ltd.) O2 - BHO: (BittorrentBar_DE Toolbar) - {64ead72b-ffd4-4e01-aa3a-4c71665d73e4} - C:\Programme\BittorrentBar_DE\tbBitt.dll (Conduit Ltd.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll (Google Inc.) O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\6.2\pdfforgeToolbarIE.dll (Spigot, Inc.) O2 - BHO: (SearchCore for Browsers) - {BE7A24F5-69CB-4708-B77B-B1EDA6043B95} - C:\Programme\SearchCore for Browsers\SearchCore for Browsers\BrowserConnection.dll (SearchCore for Browsers) O3 - HKLM\..\Toolbar: (vShare Toolbar) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Programme\vShare\vshare_toolbar.dll () O3 - HKLM\..\Toolbar: (MediaBar) - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\Programme\iMesh Applications\MediaBar\Datamngr\ToolBar\imeshdtxmltbpi.dll () O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\ConduitEngine.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (BittorrentBar_DE Toolbar) - {64ead72b-ffd4-4e01-aa3a-4c71665d73e4} - C:\Programme\BittorrentBar_DE\tbBitt.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\6.2\pdfforgeToolbarIE.dll (Spigot, Inc.) O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3 - HKU\S-1-5-21-1428027426-2215384228-2540435377-1003\..\Toolbar\WebBrowser: (vShare Toolbar) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Programme\vShare\vshare_toolbar.dll () O3 - HKU\S-1-5-21-1428027426-2215384228-2540435377-1003\..\Toolbar\WebBrowser: (BittorrentBar_DE Toolbar) - {64EAD72B-FFD4-4E01-AA3A-4C71665D73E4} - C:\Programme\BittorrentBar_DE\tbBitt.dll (Conduit Ltd.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [ClamWin] C:\Program Files\ClamWin\bin\ClamTray.exe (alch) O4 - HKLM..\Run: [DATAMNGR] C:\Programme\SearchCore for Browsers\SearchCore for Browsers\datamngrUI.exe (iMesh, Inc) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - Startup: C:\Users\intan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O13 - gopher Prefix: missing O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab (Reg Error: Key error.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{25C95914-444D-4E31-890D-44E5A30FD570}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D501AC8D-78A1-400B-820A-E2A340D41B84}: NameServer = 213.94.78.17 213.94.78.16 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\vsharechrome {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - C:\Programme\vShare\vshare_toolbar.dll () O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (C:\PROGRA~1\SEARCH~1\SEARCH~1\datamngr.dll) - C:\Programme\SearchCore for Browsers\SearchCore for Browsers\datamngr.dll (iMesh, Inc) O20 - AppInit_DLLs: (C:\PROGRA~1\SEARCH~1\SEARCH~1\IEBHO.dll) - C:\Programme\SearchCore for Browsers\SearchCore for Browsers\IEBHO.dll (iMesh, Inc) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.09.09 22:40:05 | 000,000,000 | R--D | C] -- C:\Users\admin_new\Desktop\mkhüo [2012.09.09 20:37:33 | 000,000,000 | ---D | C] -- C:\Users\admin_new\AppData\Roaming\Malwarebytes [2012.09.09 20:37:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.09.09 20:37:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.09.09 20:37:21 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.09.09 20:37:21 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.09.09 20:14:47 | 000,600,064 | ---- | C] (OldTimer Tools) -- C:\Users\admin_new\Desktop\OTL.exe [2012.09.09 20:11:23 | 000,000,000 | ---D | C] -- C:\Users\admin_new\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome [2012.09.09 20:09:29 | 000,000,000 | ---D | C] -- C:\Program Files\Application Updater [2012.09.09 20:09:28 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Spigot [2012.09.09 20:09:28 | 000,000,000 | ---D | C] -- C:\Program Files\pdfforge Toolbar [2012.09.09 20:06:53 | 000,000,000 | ---D | C] -- C:\Users\admin_new\AppData\Roaming\Macromedia [2012.09.09 20:05:16 | 000,000,000 | ---D | C] -- C:\Users\admin_new\AppData\Roaming\Adobe [2012.09.09 20:03:50 | 000,000,000 | ---D | C] -- C:\Users\admin_new\AppData\Roaming\Google [2012.09.09 20:03:48 | 000,000,000 | ---D | C] -- C:\Users\admin_new\AppData\Local\Google [2012.09.09 20:01:46 | 000,000,000 | ---D | C] -- C:\Users\admin_new\AppData\Roaming\.clamwin [2012.09.09 20:01:32 | 000,000,000 | R--D | C] -- C:\Users\admin_new\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [2012.09.09 20:01:32 | 000,000,000 | R--D | C] -- C:\Users\admin_new\Searches [2012.09.09 20:01:32 | 000,000,000 | R--D | C] -- C:\Users\admin_new\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [2012.09.09 20:01:22 | 000,000,000 | ---D | C] -- C:\Users\admin_new\AppData\Roaming\Identities [2012.09.09 20:01:20 | 000,000,000 | R--D | C] -- C:\Users\admin_new\Contacts [2012.09.09 20:01:15 | 000,000,000 | ---D | C] -- C:\Users\admin_new\AppData\Local\VirtualStore [2012.09.09 20:01:13 | 000,000,000 | --SD | C] -- C:\Users\admin_new\AppData\Roaming\Microsoft [2012.09.09 20:01:13 | 000,000,000 | R--D | C] -- C:\Users\admin_new\Videos [2012.09.09 20:01:13 | 000,000,000 | R--D | C] -- C:\Users\admin_new\Saved Games [2012.09.09 20:01:13 | 000,000,000 | R--D | C] -- C:\Users\admin_new\Pictures [2012.09.09 20:01:13 | 000,000,000 | R--D | C] -- C:\Users\admin_new\Music [2012.09.09 20:01:13 | 000,000,000 | R--D | C] -- C:\Users\admin_new\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance [2012.09.09 20:01:13 | 000,000,000 | R--D | C] -- C:\Users\admin_new\Links [2012.09.09 20:01:13 | 000,000,000 | R--D | C] -- C:\Users\admin_new\Favorites [2012.09.09 20:01:13 | 000,000,000 | R--D | C] -- C:\Users\admin_new\Downloads [2012.09.09 20:01:13 | 000,000,000 | R--D | C] -- C:\Users\admin_new\Documents [2012.09.09 20:01:13 | 000,000,000 | R--D | C] -- C:\Users\admin_new\Desktop [2012.09.09 20:01:13 | 000,000,000 | R--D | C] -- C:\Users\admin_new\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories [2012.09.09 20:01:13 | 000,000,000 | -HSD | C] -- C:\Users\admin_new\Vorlagen [2012.09.09 20:01:13 | 000,000,000 | -HSD | C] -- C:\Users\admin_new\AppData\Local\Verlauf [2012.09.09 20:01:13 | 000,000,000 | -HSD | C] -- C:\Users\admin_new\AppData\Local\Temporary Internet Files [2012.09.09 20:01:13 | 000,000,000 | -HSD | C] -- C:\Users\admin_new\Startmenü [2012.09.09 20:01:13 | 000,000,000 | -HSD | C] -- C:\Users\admin_new\SendTo [2012.09.09 20:01:13 | 000,000,000 | -HSD | C] -- C:\Users\admin_new\Recent [2012.09.09 20:01:13 | 000,000,000 | -HSD | C] -- C:\Users\admin_new\Netzwerkumgebung [2012.09.09 20:01:13 | 000,000,000 | -HSD | C] -- C:\Users\admin_new\Lokale Einstellungen [2012.09.09 20:01:13 | 000,000,000 | -HSD | C] -- C:\Users\admin_new\Documents\Eigene Videos [2012.09.09 20:01:13 | 000,000,000 | -HSD | C] -- C:\Users\admin_new\Documents\Eigene Musik [2012.09.09 20:01:13 | 000,000,000 | -HSD | C] -- C:\Users\admin_new\Eigene Dateien [2012.09.09 20:01:13 | 000,000,000 | -HSD | C] -- C:\Users\admin_new\Documents\Eigene Bilder [2012.09.09 20:01:13 | 000,000,000 | -HSD | C] -- C:\Users\admin_new\Druckumgebung [2012.09.09 20:01:13 | 000,000,000 | -HSD | C] -- C:\Users\admin_new\Cookies [2012.09.09 20:01:13 | 000,000,000 | -HSD | C] -- C:\Users\admin_new\AppData\Local\Anwendungsdaten [2012.09.09 20:01:13 | 000,000,000 | -HSD | C] -- C:\Users\admin_new\Anwendungsdaten [2012.09.09 20:01:13 | 000,000,000 | -H-D | C] -- C:\Users\admin_new\AppData [2012.09.09 20:01:13 | 000,000,000 | ---D | C] -- C:\Users\admin_new\AppData\Local\Temp [2012.09.09 20:01:13 | 000,000,000 | ---D | C] -- C:\Users\admin_new\AppData\Local\Microsoft Help [2012.09.09 20:01:13 | 000,000,000 | ---D | C] -- C:\Users\admin_new\AppData\Local\Microsoft [2012.09.09 20:01:13 | 000,000,000 | ---D | C] -- C:\Users\admin_new\AppData\Roaming\Media Center Programs ========== Files - Modified Within 30 Days ========== [2012.09.12 19:30:43 | 000,643,866 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.09.12 19:30:43 | 000,607,190 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.09.12 19:30:43 | 000,126,394 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.09.12 19:30:43 | 000,103,568 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.09.12 19:29:30 | 000,017,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.09.12 19:29:29 | 000,017,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.09.12 19:22:13 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.09.12 19:22:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.09.12 19:21:58 | 797,532,160 | -HS- | M] () -- C:\hiberfil.sys [2012.09.11 22:19:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.09.11 22:14:00 | 000,001,136 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1428027426-2215384228-2540435377-1003UA.job [2012.09.11 20:13:00 | 000,001,084 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1428027426-2215384228-2540435377-1003Core.job [2012.09.09 22:37:46 | 000,512,399 | ---- | M] () -- C:\Users\admin_new\Desktop\adwcleaner.exe [2012.09.09 20:37:23 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.09.09 20:15:35 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\admin_new\Desktop\OTL.exe [2012.09.09 20:11:39 | 000,002,380 | ---- | M] () -- C:\Users\admin_new\Desktop\Google Chrome.lnk ========== Files Created - No Company Name ========== [2012.09.09 22:38:01 | 000,512,399 | ---- | C] () -- C:\Users\admin_new\Desktop\adwcleaner.exe [2012.09.09 20:37:23 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.09.09 20:11:39 | 000,002,380 | ---- | C] () -- C:\Users\admin_new\Desktop\Google Chrome.lnk [2012.09.09 20:09:08 | 000,001,136 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1428027426-2215384228-2540435377-1003UA.job [2012.09.09 20:08:55 | 000,001,084 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1428027426-2215384228-2540435377-1003Core.job [2012.09.09 20:01:35 | 000,001,413 | ---- | C] () -- C:\Users\admin_new\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk [2010.11.18 10:10:30 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll ========== LOP Check ========== [2012.05.05 18:52:58 | 000,000,000 | ---D | M] -- C:\Users\intan\AppData\Roaming\3DataManager [2011.01.09 22:48:58 | 000,000,000 | ---D | M] -- C:\Users\intan\AppData\Roaming\AUTOSICH [2012.09.09 19:56:13 | 000,000,000 | ---D | M] -- C:\Users\intan\AppData\Roaming\BitTorrent [2012.05.05 18:54:53 | 000,000,000 | ---D | M] -- C:\Users\intan\AppData\Roaming\fifa [2012.05.01 18:22:20 | 000,000,000 | ---D | M] -- C:\Users\intan\AppData\Roaming\jggwhyzbjyxzzl [2011.10.27 13:33:41 | 000,000,000 | ---D | M] -- C:\Users\intan\AppData\Roaming\MusicNet [2012.05.02 18:51:36 | 000,000,000 | ---D | M] -- C:\Users\intan\AppData\Roaming\ryxjsxxujtoya [2012.04.13 18:58:21 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2012.09.09 20:01:46 | 000,000,000 | ---D | M] -- C:\Users\admin_new\AppData\Roaming\.clamwin [2012.09.09 20:05:16 | 000,000,000 | ---D | M] -- C:\Users\admin_new\AppData\Roaming\Adobe [2012.09.09 20:06:49 | 000,000,000 | ---D | M] -- C:\Users\admin_new\AppData\Roaming\Google [2012.09.09 20:01:22 | 000,000,000 | ---D | M] -- C:\Users\admin_new\AppData\Roaming\Identities [2012.09.09 20:06:53 | 000,000,000 | ---D | M] -- C:\Users\admin_new\AppData\Roaming\Macromedia [2012.09.09 20:37:33 | 000,000,000 | ---D | M] -- C:\Users\admin_new\AppData\Roaming\Malwarebytes [2009.07.14 10:56:41 | 000,000,000 | ---D | M] -- C:\Users\admin_new\AppData\Roaming\Media Center Programs [2012.09.09 20:05:09 | 000,000,000 | --SD | M] -- C:\Users\admin_new\AppData\Roaming\Microsoft < %APPDATA%\*.exe /s > < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys [2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys [2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys [2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys [2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll < MD5 for: IASTORV.SYS > [2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\drivers\iaStorV.sys [2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys [2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\System32\netlogon.dll [2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll < MD5 for: NVSTOR.SYS > [2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\drivers\nvstor.sys [2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys [2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys < MD5 for: SCECLI.DLL > [2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll [2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll < MD5 for: USER32.DLL > [2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\System32\user32.dll [2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll < MD5 for: USERINIT.EXE > [2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe [2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe < MD5 for: WININIT.EXE > [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\System32\winlogon.exe [2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe [2009.10.28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe [2012.07.03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys [2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > < %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\*.* > [2012.09.09 20:01:32 | 000,000,174 | -HS- | M] () -- C:\Users\admin_new\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini < %APPDATA%\*AcroIEH*.* > < %APPDATA%\*.exe > < %APPDATA%\*.tmp > < > < End of report > |
|
14.09.2012, 16:36
| #8 |
| /// Helfer-Team | GVU Trojaner - Österreichische Version eingefangen Fixen mit OTL Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).
Code:
ATTFilter :OTL
SRV - [2012.07.26 19:40:56 | 000,794,560 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Programme\Application Updater\ApplicationUpdater.exe -- (Application Updater)
IE - HKLM\..\URLSearchHook: {64ead72b-ffd4-4e01-aa3a-4c71665d73e4} - C:\Programme\BittorrentBar_DE\tbBitt.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}: "URL" = http://search.imesh.com/web?src=ieb&appid=1083&systemid=1&sr=0&q={searchTerms}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2849855
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1428027426-2215384228-2540435377-1003\..\URLSearchHook: {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\6.2\pdfforgeToolbarIE.dll (Spigot, Inc.)
IE - HKU\S-1-5-21-1428027426-2215384228-2540435377-1003\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-1428027426-2215384228-2540435377-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1428027426-2215384228-2540435377-1003\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7PRFA_deAT433
IE - HKU\S-1-5-21-1428027426-2215384228-2540435377-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (BittorrentBar_DE Toolbar) - {64ead72b-ffd4-4e01-aa3a-4c71665d73e4} - C:\Programme\BittorrentBar_DE\tbBitt.dll (Conduit Ltd.)
O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\6.2\pdfforgeToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (BittorrentBar_DE Toolbar) - {64ead72b-ffd4-4e01-aa3a-4c71665d73e4} - C:\Programme\BittorrentBar_DE\tbBitt.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\6.2\pdfforgeToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKU\S-1-5-21-1428027426-2215384228-2540435377-1003\..\Toolbar\WebBrowser: (vShare Toolbar) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Programme\vShare\vshare_toolbar.dll ()
O3 - HKU\S-1-5-21-1428027426-2215384228-2540435377-1003\..\Toolbar\WebBrowser: (BittorrentBar_DE Toolbar) - {64EAD72B-FFD4-4E01-AA3A-4C71665D73E4} - C:\Programme\BittorrentBar_DE\tbBitt.dll (Conduit Ltd.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
[2012.09.09 20:09:29 | 000,000,000 | ---D | C] -- C:\Program Files\Application Updater
[2012.09.09 20:09:28 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Spigot
[2012.09.09 20:09:28 | 000,000,000 | ---D | C] -- C:\Program Files\pdfforge Toolbar
:Files
C:\ProgramData\*.exe
C:\ProgramData\TEMP
C:\Users\intan\*.tmp
C:\Users\intan\AppData\Local\{*}
C:\Users\intan\AppData\Local\Temp\*.exe
C:\Users\intan\AppData\LocalLow\Sun\Java\Deployment\cache
%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
ipconfig /flushdns /c
:Commands
[emptytemp]
Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden. Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen! |
|
15.09.2012, 15:36
| #9 |
| | GVU Trojaner - Österreichische Version eingefangen Hier der OTL Log Code:
ATTFilter All processes killed
========== OTL ==========
Service Application Updater stopped successfully!
Service Application Updater deleted successfully!
C:\Programme\Application Updater\ApplicationUpdater.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{64ead72b-ffd4-4e01-aa3a-4c71665d73e4} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{64ead72b-ffd4-4e01-aa3a-4c71665d73e4}\ deleted successfully.
C:\Programme\BittorrentBar_DE\tbBitt.dll moved successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-1428027426-2215384228-2540435377-1003\Software\Microsoft\Internet Explorer\URLSearchHooks\\{B922D405-6D13-4A2B-AE89-08A030DA4402} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ deleted successfully.
C:\Programme\pdfforge Toolbar\IE\6.2\pdfforgeToolbarIE.dll moved successfully.
HKEY_USERS\S-1-5-21-1428027426-2215384228-2540435377-1003\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-1428027426-2215384228-2540435377-1003\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_USERS\S-1-5-21-1428027426-2215384228-2540435377-1003\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
HKU\S-1-5-21-1428027426-2215384228-2540435377-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ deleted successfully.
C:\Programme\ConduitEngine\ConduitEngine.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64ead72b-ffd4-4e01-aa3a-4c71665d73e4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{64ead72b-ffd4-4e01-aa3a-4c71665d73e4}\ not found.
File C:\Programme\BittorrentBar_DE\tbBitt.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ not found.
File C:\Programme\pdfforge Toolbar\IE\6.2\pdfforgeToolbarIE.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{30F9B915-B755-4826-820B-08FBA6BD249D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.
File C:\Programme\ConduitEngine\ConduitEngine.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{64ead72b-ffd4-4e01-aa3a-4c71665d73e4} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{64ead72b-ffd4-4e01-aa3a-4c71665d73e4}\ not found.
File C:\Programme\BittorrentBar_DE\tbBitt.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{B922D405-6D13-4A2B-AE89-08A030DA4402} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ not found.
File C:\Programme\pdfforge Toolbar\IE\6.2\pdfforgeToolbarIE.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1428027426-2215384228-2540435377-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{043C5167-00BB-4324-AF7E-62013FAEDACF} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{043C5167-00BB-4324-AF7E-62013FAEDACF}\ deleted successfully.
C:\Programme\vShare\vshare_toolbar.dll moved successfully.
Registry value HKEY_USERS\S-1-5-21-1428027426-2215384228-2540435377-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{64EAD72B-FFD4-4E01-AA3A-4C71665D73E4} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{64EAD72B-FFD4-4E01-AA3A-4C71665D73E4}\ not found.
File C:\Programme\BittorrentBar_DE\tbBitt.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SearchSettings deleted successfully.
C:\Programme\Common Files\Spigot\Search Settings\SearchSettings.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\PromptOnSecureDesktop deleted successfully.
Starting removal of ActiveX control {67DABFBF-D0AB-41FA-9C46-CC0F21721616}
C:\Windows\Downloaded Program Files\DivXPlugin.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{67DABFBF-D0AB-41FA-9C46-CC0F21721616}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67DABFBF-D0AB-41FA-9C46-CC0F21721616}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{67DABFBF-D0AB-41FA-9C46-CC0F21721616}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67DABFBF-D0AB-41FA-9C46-CC0F21721616}\ not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\Windows\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
C:\Program Files\Application Updater folder moved successfully.
C:\Program Files\Common Files\Spigot\Search Settings\Res folder moved successfully.
C:\Program Files\Common Files\Spigot\Search Settings\Lang folder moved successfully.
C:\Program Files\Common Files\Spigot\Search Settings folder moved successfully.
C:\Program Files\Common Files\Spigot folder moved successfully.
C:\Program Files\pdfforge Toolbar\Res\Lang folder moved successfully.
C:\Program Files\pdfforge Toolbar\Res folder moved successfully.
C:\Program Files\pdfforge Toolbar\IE\6.2 folder moved successfully.
C:\Program Files\pdfforge Toolbar\IE folder moved successfully.
C:\Program Files\pdfforge Toolbar folder moved successfully.
========== FILES ==========
File\Folder C:\ProgramData\*.exe not found.
File\Folder C:\ProgramData\TEMP not found.
File\Folder C:\Users\intan\*.tmp not found.
File\Folder C:\Users\intan\AppData\Local\{*} not found.
File\Folder C:\Users\intan\AppData\Local\Temp\*.exe not found.
C:\Users\intan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\tmp folder moved successfully.
C:\Users\intan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\muffin folder moved successfully.
C:\Users\intan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\host folder moved successfully.
C:\Users\intan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9 folder moved successfully.
C:\Users\intan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8 folder moved successfully.
C:\Users\intan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7 folder moved successfully.
C:\Users\intan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63 folder moved successfully.
C:\Users\intan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62 folder moved successfully.
C:\Users\intan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61 folder moved successfully.
C:\Users\intan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60 folder moved successfully.
C:\Users\intan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6 folder moved successfully.
C:\Users\intan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59 folder moved successfully.
C:\Users\intan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58 folder moved successfully.
C:\Users\intan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57 folder moved successfully.
C:\Users\intan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56 folder moved successfully.
C:\Users\intan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55 folder moved successfully.
C:\Users\intan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54 folder moved successfully.
C:\Users\intan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53 folder moved successfully.
C:\Users\intan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52 folder moved successfully.
C:\Users\intan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51 folder moved successfully.
C:\Users\intan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50 folder moved successfully.
C:\Users\intan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5 folder moved successfully.
C:\Users\intan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49 folder moved successfully.
C:\Users\intan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48 folder moved successfully.
C:\Users\intan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47 folder moved successfully.
C:\Users\intan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46 folder moved successfully.
C:\Users\intan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45 folder moved successfully.
C:\Users\intan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44 folder moved successfully.
C:\Users\intan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43 folder moved successfully.
C:\Users\intan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42 folder moved successfully.
C:\Users\intan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41 folder moved successfully.
C:\Users\intan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40 folder moved successfully.
C:\Users\intan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4 folder moved successfully.
C:\Users\intan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39 folder moved successfully.
C:\Users\intan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38 folder moved successfully.
C:\Users\intan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37 folder moved successfully.
C:\Users\intan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36 folder moved successfully.
C:\Users\intan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35 folder moved successfully.
C:\Users\intan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34 folder moved successfully.
C:\Users\intan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33 folder moved successfully.
C:\Users\intan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32 folder moved successfully.
C:\Users\intan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31 folder moved successfully.
C:\Users\intan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30 folder moved successfully.
C:\Users\intan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3 folder moved successfully.
C:\Users\intan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29 folder moved successfully.
C:\Users\intan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28 folder moved successfully.
C:\Users\intan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27 folder moved successfully.
C:\Users\intan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26 folder moved successfully.
C:\Users\intan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25 folder moved successfully.
C:\Users\intan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24 folder moved successfully.
C:\Users\intan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23 folder moved successfully.
C:\Users\intan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22 folder moved successfully.
C:\Users\intan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21 folder moved successfully.
C:\Users\intan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20 folder moved successfully.
C:\Users\intan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2 folder moved successfully.
C:\Users\intan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19 folder moved successfully.
C:\Users\intan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18 folder moved successfully.
C:\Users\intan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17 folder moved successfully.
C:\Users\intan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16 folder moved successfully.
C:\Users\intan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15 folder moved successfully.
C:\Users\intan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14 folder moved successfully.
C:\Users\intan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13 folder moved successfully.
C:\Users\intan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12 folder moved successfully.
C:\Users\intan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11 folder moved successfully.
C:\Users\intan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10 folder moved successfully.
C:\Users\intan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1 folder moved successfully.
C:\Users\intan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0 folder moved successfully.
C:\Users\intan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0 folder moved successfully.
C:\Users\intan\AppData\LocalLow\Sun\Java\Deployment\cache folder moved successfully.
File/Folder C:\Users\admin_new\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk not found.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\admin_new\Desktop\cmd.bat deleted successfully.
C:\Users\admin_new\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: admin_new
->Temp folder emptied: 6320080 bytes
->Temporary Internet Files folder emptied: 5191603 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 7002149 bytes
->Flash cache emptied: 981 bytes
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: intan
->Temp folder emptied: 10235529 bytes
->Temporary Internet Files folder emptied: 170304159 bytes
->Flash cache emptied: 4103 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 7144409 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 197,00 mb
OTL by OldTimer - Version 3.2.61.3 log created on 09152012_162957
Files\Folders moved on Reboot...
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
|
|
16.09.2012, 17:39
| #10 |
| /// Helfer-Team | GVU Trojaner - Österreichische Version eingefangen Sehr gut! 
danach: Malware-Scan mit Emsisoft Anti-Malware Lade die Gratisversion von => Emsisoft Anti-Malware herunter und installiere das Programm. Lade über Jetzt Updaten die aktuellen Signaturen herunter. Wähle den Freeware-Modus aus. Wähle Detail Scan und starte über den Button Scan die Überprüfung des Computers. Am Ende des Scans nichts loeschen lassen!. Mit Klick auf Bericht speichern das Logfile auf dem Desktop speichern und hier in den Thread posten. Anleitung: http://www.trojaner-board.de/103809-...i-malware.html |
|
19.09.2012, 21:24
| #11 |
| | GVU Trojaner - Österreichische Version eingefangen adwcleaner log Code:
ATTFilter # AdwCleaner v2.001 - Datei am 09/16/2012 um 23:12:09 erstellt
# Aktualisiert am 09/09/2012 von Xplode
# Betriebssystem : Windows 7 Ultimate (32 bits)
# Benutzer : admin_new - INTAN-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\admin_new\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Ordner Gelöscht : C:\Program Files\BittorrentBar_DE
Ordner Gelöscht : C:\Program Files\Conduit
Ordner Gelöscht : C:\Program Files\ConduitEngine
Ordner Gelöscht : C:\Program Files\vShare
Ordner Gelöscht : C:\Users\admin_new\AppData\LocalLow\BittorrentBar_DE
Ordner Gelöscht : C:\Users\admin_new\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\admin_new\AppData\LocalLow\ConduitEngine
Ordner Gelöscht : C:\Users\admin_new\AppData\LocalLow\imeshbandmltbpi
Ordner Gelöscht : C:\Users\admin_new\AppData\LocalLow\mediabarim
Ordner Gelöscht : C:\Users\admin_new\AppData\LocalLow\pdfforge
Ordner Gelöscht : C:\Users\admin_new\AppData\LocalLow\Search Settings
Ordner Gelöscht : C:\Users\admin_new\AppData\LocalLow\vShare
Ordner Gelöscht : C:\Users\intan\AppData\LocalLow\BittorrentBar_DE
Ordner Gelöscht : C:\Users\intan\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\intan\AppData\LocalLow\ConduitEngine
Ordner Gelöscht : C:\Users\intan\AppData\LocalLow\imeshbandmltbpi
Ordner Gelöscht : C:\Users\intan\AppData\LocalLow\mediabarim
Ordner Gelöscht : C:\Users\intan\AppData\LocalLow\pdfforge
Ordner Gelöscht : C:\Users\intan\AppData\LocalLow\PriceGong
Ordner Gelöscht : C:\Users\intan\AppData\LocalLow\Search Settings
Ordner Gelöscht : C:\Users\intan\AppData\LocalLow\vShare
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\BittorrentBar_DE
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\conduitEngine
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\pdfforge
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Search Settings
Schlüssel Gelöscht : HKCU\Software\DataMngr_Toolbar
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{28387537-E3F9-4ED7-860C-11E69AF4A8A0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{64EAD72B-FFD4-4E01-AA3A-4C71665D73E4}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BE7A24F5-69CB-4708-B77B-B1EDA6043B95}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{043C5167-00BB-4324-AF7E-62013FAEDACF}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{28387537-E3F9-4ED7-860C-11E69AF4A8A0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{64EAD72B-FFD4-4E01-AA3A-4C71665D73E4}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BE7A24F5-69CB-4708-B77B-B1EDA6043B95}
Schlüssel Gelöscht : HKCU\Software\pdfforge
Schlüssel Gelöscht : HKCU\Software\Search Settings
Schlüssel Gelöscht : HKLM\Software\BittorrentBar_DE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{1FC41815-FA4C-4F8B-B143-2C045C8EA2FC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{21493C1F-D071-496A-9C27-450578888291}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{403A885F-CB00-40C1-BDC1-EB09053194F7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{55C1727F-5535-4C2A-9601-8C2458608B48}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{A7DDCBDE-5C86-415c-8A37-763AE183E7E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\DiscoveryHelper.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\GIFAnimator.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\IMTrProgress.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\IMWeb.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\WMHelper.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{2656B92B-0207-4afb-BEBF-F5FD231ECD39}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{27BF8F8D-58B8-D41C-F913-B7EEB57EF6F6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{28387537-E3F9-4ED7-860C-11E69AF4A8A0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{34CB0620-E343-4772-BBA8-D3074BC47516}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3B7599DF-3D5D-4EF5-BF51-9C2EDA788E83}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3BF72F68-72D8-461D-A884-329D936C5581}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{412CD209-DDA4-4275-8C79-55F1C93FBD47}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{474597C5-AB09-49D6-A4D5-2E8D7341384E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{59570C1F-B692-48c9-91B4-7809E6945287}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{63A0F7FA-2C95-4d7e-AF25-EFCC303D20A1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{6559E502-6EE1-46b8-A83C-F3A45BDA23EE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{78E9D883-93CD-4072-BEF3-38EE581E2839}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{83AC1413-FCE4-4A46-9DD5-4F31F306E71F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A2858A72-758F-4486-B6A1-7F1DCC0924FA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{B6C3F0AA-F0BA-4778-BC0B-B05B83FECFD3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{B6F8DA9F-2696-419e-A8A3-19BE41EF51BD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{BE7A24F5-69CB-4708-B77B-B1EDA6043B95}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{C63CA8A4-AB4E-49e5-A6C0-33FC86D80205}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{C6A7847E-8931-4a9a-B4EF-72A91E3CCF4D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{DD0F1D24-E250-4e93-966C-65615720AEFB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{EC1277BB-1C71-4c0d-BA6D-BFEA16E773A6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Conduit.Engine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\DiscoveryHelper.iMesh6Discovery
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\DiscoveryHelper.iMesh6Discovery.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\imweb.imwebcontrol
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{20ED5AF7-D9C4-409E-9EB3-D2A44A77FB6D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5E8CD073-21DF-4117-9BBD-D03C45D36CAE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B37B4BA6-334E-72C1-B57E-6AFE8F8A5AF3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B77AD4AC-C1C2-B293-7737-71E13A11FFEA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{CA1CE38C-F04C-471F-B9F3-083C58165C10}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E773F2CF-5E6E-FF2B-81A1-AC581A26B2B2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\vsharechrome
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2849855
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{252C2315-CCE0-4446-8DA7-C00292A690BA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{3E315C81-442B-431C-AEC8-ED189699EC24}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{403A885F-CB00-40C1-BDC1-EB09053194F7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{55C1727F-5535-4C2A-9601-8C2458608B48}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{96F7FABC-5789-EFA4-B6ED-1272F4C1D27B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\vShare.IMedixProtocol
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\vShare.IMedixProtocol.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\vShare.PugiObj
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\vShare.PugiObj.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\vShare.ScriptHelpers
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\vShare.ScriptHelpers.1
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\Software\conduitEngine
Schlüssel Gelöscht : HKLM\Software\DataMngr
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{043C5167-00BB-4324-AF7E-62013FAEDACF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1BAD33D7-EAB8-4A10-8041-AFF5F6C04919}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{28387537-E3F9-4ED7-860C-11E69AF4A8A0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E37ADDCB-6C65-4576-A4C2-5B33BCB86A66}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{043C5167-00BB-4324-AF7E-62013FAEDACF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{28387537-E3F9-4ED7-860C-11E69AF4A8A0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BE7A24F5-69CB-4708-B77B-B1EDA6043B95}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3B7599DF-3D5D-4EF5-BF51-9C2EDA788E83}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{872F3C0B-4462-424C-BB9F-74C6899B9F92}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B6C3F0AA-F0BA-4778-BC0B-B05B83FECFD3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B6F8DA9F-2696-419e-A8A3-19BE41EF51BD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BittorrentBar_DE Toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\iMesh 1 MediaBar
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\vShare
Schlüssel Gelöscht : HKLM\Software\pdfforge
Schlüssel Gelöscht : HKLM\Software\Search Settings
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{043C5167-00BB-4324-AF7E-62013FAEDACF}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{28387537-E3F9-4ED7-860C-11E69AF4A8A0}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [DataMngr]
***** [Internet Browser] *****
-\\ Internet Explorer v8.0.7600.16385
Wiederhergestellt : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
-\\ Google Chrome v21.0.1180.89
Datei : C:\Users\admin_new\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] Die Datei ist sauber.
*************************
AdwCleaner[R1].txt - [13749 octets] - [09/09/2012 22:39:23]
AdwCleaner[R2].txt - [13810 octets] - [09/09/2012 22:41:33]
AdwCleaner[R3].txt - [13871 octets] - [10/09/2012 10:08:12]
AdwCleaner[S1].txt - [11377 octets] - [16/09/2012 23:12:09]
########## EOF - C:\AdwCleaner[S1].txt - [11438 octets] ##########
Code:
ATTFilter Emsisoft Anti-Malware - Version 7.0
Letztes Update: 19.09.2012 21:04:12
Scan Einstellungen:
Scan Methode: Detail Scan
Objekte: Rootkits, Speicher, Traces, C:\
Riskware-Erkennung: Aus
Archiv Scan: An
ADS Scan: An
Dateitypen-Filter: Aus
Erweitertes Caching: An
Direkter Festplattenzugriff: Aus
Scan Beginn: 19.09.2012 21:05:57
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\imesh gefunden: Trace.File.IMesh (A)
C:\Program Files\iMesh Applications\iMesh gefunden: Trace.File.iMesh (A)
C:\Program Files\iMesh Applications\iMesh\HTML gefunden: Trace.File.iMesh (A)
C:\Program Files\iMesh Applications\iMesh\Skins gefunden: Trace.File.iMesh (A)
C:\Program Files\iMesh Applications\iMesh\Skins\Images gefunden: Trace.File.iMesh (A)
C:\Users\intan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\iMesh.lnk gefunden: Trace.File.iMesh (A)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\imesh\imesh.lnk gefunden: Trace.File.IMesh (A)
C:\Program Files\iMesh Applications\iMesh\DiscoveryHelper.dll gefunden: Trace.File.iMesh (A)
C:\Program Files\iMesh Applications\iMesh\HTML\error.html gefunden: Trace.File.iMesh (A)
C:\Program Files\iMesh Applications\iMesh\HTML\loading.html gefunden: Trace.File.iMesh (A)
C:\Program Files\iMesh Applications\iMesh\iMesh.exe gefunden: Trace.File.iMesh (A)
C:\Program Files\iMesh Applications\iMesh\IMWebControl.dll gefunden: Trace.File.iMesh (A)
C:\Program Files\iMesh Applications\iMesh\lame_enc.dll gefunden: Trace.File.iMesh (A)
C:\Program Files\iMesh Applications\iMesh\license.txt gefunden: Trace.File.iMesh (A)
C:\Program Files\iMesh Applications\iMesh\ResourcesLOC.dll gefunden: Trace.File.iMesh (A)
C:\Program Files\iMesh Applications\iMesh\Shw32.dll gefunden: Trace.File.iMesh (A)
C:\Program Files\iMesh Applications\iMesh\Skins\Default.skn gefunden: Trace.File.iMesh (A)
C:\Program Files\iMesh Applications\iMesh\Skins\Default.xml gefunden: Trace.File.iMesh (A)
C:\Program Files\iMesh Applications\iMesh\Skins\Images\DefArtwork.jpg gefunden: Trace.File.iMesh (A)
C:\Program Files\iMesh Applications\iMesh\Skins\Images\TAFLogo.PNG gefunden: Trace.File.iMesh (A)
C:\Program Files\iMesh Applications\iMesh\Skins\Images\ToGoLogo.PNG gefunden: Trace.File.iMesh (A)
C:\Program Files\iMesh Applications\iMesh\Skins\Settings.xml gefunden: Trace.File.iMesh (A)
C:\Program Files\iMesh Applications\iMesh\UpdateInst.exe gefunden: Trace.File.iMesh (A)
Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\player -> Volume gefunden: Trace.Registry.iMesh MediaBar (A)
Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\preferences\portableplayers\0 -> AutoStart gefunden: Trace.Registry.iMesh MediaBar (A)
Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\preferences\portableplayers\0 -> AutoSync gefunden: Trace.Registry.iMesh MediaBar (A)
Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\preferences\portableplayers\0 -> NoRemove gefunden: Trace.Registry.iMesh MediaBar (A)
Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\preferences\portableplayers\0 -> SerialNumber gefunden: Trace.Registry.iMesh MediaBar (A)
Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\preferences\portableplayers\0 -> Usages gefunden: Trace.Registry.iMesh MediaBar (A)
Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\preferences\portableplayers -> Devices gefunden: Trace.Registry.iMesh MediaBar (A)
Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\general -> AppData gefunden: Trace.Registry.iMesh (A)
Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\general -> DownloadDir gefunden: Trace.Registry.iMesh (A)
Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\general -> DownloadLimit gefunden: Trace.Registry.iMesh (A)
Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\general -> DSUniqueID gefunden: Trace.Registry.iMesh (A)
Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\general -> LimitTime gefunden: Trace.Registry.iMesh (A)
Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\general -> Login gefunden: Trace.Registry.iMesh (A)
Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\general -> MNEnabled gefunden: Trace.Registry.iMesh (A)
Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\general -> NetworkPaneShow gefunden: Trace.Registry.iMesh (A)
Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\general -> OKHashes gefunden: Trace.Registry.iMesh (A)
Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\general -> StatisticsFileName gefunden: Trace.Registry.iMesh (A)
Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\network\im2net -> AccessUploading gefunden: Trace.Registry.iMesh (A)
Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\network\im2net -> AntPort gefunden: Trace.Registry.iMesh (A)
Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\network\im2net -> ConnectIp gefunden: Trace.Registry.iMesh (A)
Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\network\im2net -> EnableLocalConnections gefunden: Trace.Registry.iMesh (A)
Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\network\im2net -> MaxConnForFile gefunden: Trace.Registry.iMesh (A)
Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\network\im2net -> MaxDownload gefunden: Trace.Registry.iMesh (A)
Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\network\im2net -> MaxDownloadSpeed gefunden: Trace.Registry.iMesh (A)
Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\network\im2net -> MaxUpload gefunden: Trace.Registry.iMesh (A)
Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\network\im2net -> MaxUploadSpeed gefunden: Trace.Registry.iMesh (A)
Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\network\im2net -> PreviewPort gefunden: Trace.Registry.iMesh (A)
Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\network\im2net -> ReassignSlowSources gefunden: Trace.Registry.iMesh (A)
Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\network\im2net -> SmartTraffic gefunden: Trace.Registry.iMesh (A)
Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\network\im2net -> StatusUploadPort gefunden: Trace.Registry.iMesh (A)
Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\network\im2net -> TimeLibraryReportSent gefunden: Trace.Registry.iMesh (A)
Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\network\im2net -> TimeUploadPort gefunden: Trace.Registry.iMesh (A)
Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\network\proxy -> Password gefunden: Trace.Registry.iMesh (A)
Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\network\proxy -> ServerAddress gefunden: Trace.Registry.iMesh (A)
Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\network\proxy -> ServerPort gefunden: Trace.Registry.iMesh (A)
Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\network\proxy -> Type gefunden: Trace.Registry.iMesh (A)
Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\network\proxy -> UseAuthentication gefunden: Trace.Registry.iMesh (A)
Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\network\proxy -> Username gefunden: Trace.Registry.iMesh (A)
Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\preferences\filelist -> DeleteFromDisk gefunden: Trace.Registry.iMesh (A)
Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\preferences\filelist -> MediaTypeFilter gefunden: Trace.Registry.iMesh (A)
Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\preferences\iehomepage -> DontShowIEHomepageOffer gefunden: Trace.Registry.iMesh (A)
Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\preferences\iehomepage -> DontShowIEHomepageOfferNever gefunden: Trace.Registry.iMesh (A)
Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\preferences\iehomepage -> IEHomepage gefunden: Trace.Registry.iMesh (A)
Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\preferences\iehomepage -> LastHomepageCheck gefunden: Trace.Registry.iMesh (A)
Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\preferences\invite -> DownloadCount gefunden: Trace.Registry.iMesh (A)
Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\preferences\invite -> InviteShowCount gefunden: Trace.Registry.iMesh (A)
Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\preferences\invite -> PlayCount gefunden: Trace.Registry.iMesh (A)
Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\preferences\search -> MaxResultsCount gefunden: Trace.Registry.iMesh (A)
Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\preferences\search -> MediaTypeFilter gefunden: Trace.Registry.iMesh (A)
Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\preferences\search -> PremiumEnabled gefunden: Trace.Registry.iMesh (A)
Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\preferences\security -> DoNotShare gefunden: Trace.Registry.iMesh (A)
Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\preferences -> AUDeclineDate gefunden: Trace.Registry.iMesh (A)
Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\preferences -> AutoResetPlayCount gefunden: Trace.Registry.iMesh (A)
Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\preferences -> CopyFromRemovable gefunden: Trace.Registry.iMesh (A)
Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\preferences -> IMHistoryFolderPath gefunden: Trace.Registry.iMesh (A)
Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\preferences -> IMPictureFolderPath gefunden: Trace.Registry.iMesh (A)
Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\preferences -> IsAutoVolume gefunden: Trace.Registry.iMesh (A)
Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\preferences -> IsCrossfadeEnable gefunden: Trace.Registry.iMesh (A)
Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\preferences -> IsIMAlertContacts gefunden: Trace.Registry.iMesh (A)
Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\preferences -> IsIMAlertMessages gefunden: Trace.Registry.iMesh (A)
Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\preferences -> IsIMDontPlayWhenPlaying gefunden: Trace.Registry.iMesh (A)
Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\preferences -> IsIMEveryone gefunden: Trace.Registry.iMesh (A)
Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\preferences -> IsIMSpecialAlers gefunden: Trace.Registry.iMesh (A)
Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\preferences -> IsNeedUpdateHisory gefunden: Trace.Registry.iMesh (A)
Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\preferences -> IsNotPresentAnyVideo gefunden: Trace.Registry.iMesh (A)
Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\preferences -> IsNotShowNick gefunden: Trace.Registry.iMesh (A)
Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\preferences -> IsPlayDownloadSound gefunden: Trace.Registry.iMesh (A)
Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\preferences -> IsSearchAutoSuggest gefunden: Trace.Registry.iMesh (A)
Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\preferences -> IsSecurityLock gefunden: Trace.Registry.iMesh (A)
Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\preferences -> IsShowCRQDialog gefunden: Trace.Registry.iMesh (A)
Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\preferences -> IsShowDownloadTray gefunden: Trace.Registry.iMesh (A)
Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\preferences -> IsShowFTPDialog gefunden: Trace.Registry.iMesh (A)
Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\preferences -> IsShowLQDialog gefunden: Trace.Registry.iMesh (A)
Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\preferences -> IsShowToday gefunden: Trace.Registry.iMesh (A)
Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\preferences -> ReceiveLooking gefunden: Trace.Registry.iMesh (A)
Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\preferences -> RootLicenseDate gefunden: Trace.Registry.iMesh (A)
Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\preferences -> SendLooking gefunden: Trace.Registry.iMesh (A)
Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\preferences -> ShowNILWarning gefunden: Trace.Registry.iMesh (A)
Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\preferences -> SubsType gefunden: Trace.Registry.iMesh (A)
Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\preferences -> UpdaterLocation gefunden: Trace.Registry.iMesh (A)
Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\preferences -> UsedMNPortable gefunden: Trace.Registry.iMesh (A)
Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\preferences -> UsedPortable gefunden: Trace.Registry.iMesh (A)
Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\preferences -> VideoRegime gefunden: Trace.Registry.iMesh (A)
Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\preferences -> VisualEnabled gefunden: Trace.Registry.iMesh (A)
Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\preferences -> VisualRegime gefunden: Trace.Registry.iMesh (A)
Key: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh gefunden: Trace.Registry.IMesh (A)
Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh -> LastOpenFileDir gefunden: Trace.Registry.iMesh (A)
C:\_OTL\MovedFiles\09152012_162957\C_Users\intan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2\44d54702-2fb49d1d -> json/Search.class gefunden: Trojan.Java.Downloader.T (B)
C:\_OTL\MovedFiles\09152012_162957\C_Users\intan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49\5ad21ab1-417f1f75 -> encode/ANSI.class gefunden: Java.Trojan.Downloader.OpenConnection.AN (B)
C:\_OTL\MovedFiles\09152012_162957\C_Users\intan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49\5ad21ab1-417f1f75 -> encode/KOI.class gefunden: Java.Trojan.Downloader.OpenConnection.AN (B)
C:\_OTL\MovedFiles\09152012_162957\C_Users\intan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49\5ad21ab1-417f1f75 -> encode/UTF.class gefunden: Java.Trojan.Downloader.OpenConnection.AN (B)
C:\_OTL\MovedFiles\09152012_162957\C_Users\intan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\6838e2bd-3bfd8680 -> ta/tb.class gefunden: Exploit.Java.CVE-2012-0507.N (B)
C:\_OTL\MovedFiles\09152012_162957\C_Users\intan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\6838e2bd-3bfd8680 -> ta/L.class gefunden: Exploit.Java.CVE-2012-0507.N (B)
C:\_OTL\MovedFiles\09152012_162957\C_Users\intan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8\1845ff08-2e46415d -> mail/Cid.class gefunden: Java.Exploit.CVE-2010-0840.J (B)
C:\_OTL\MovedFiles\09152012_162957\C_Users\intan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8\1845ff08-2e46415d -> mail/ClassId.class gefunden: Java.Exploit.CVE-2010-0840.J (B)
C:\_OTL\MovedFiles\09152012_162957\C_Users\intan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8\1845ff08-2e46415d -> mail/MailAgent.class gefunden: Java.Exploit.CVE-2010-0840.Y (B)
C:\_OTL\MovedFiles\09152012_162957\C_Users\intan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8\1845ff08-2e46415d -> mail/VirtualTable.class gefunden: Java.Exploit.CVE-2010-0840.J (B)
Gescannt 395280
Gefunden 138
Scan Ende: 19.09.2012 22:08:18
Scan Zeit: 1:02:21
C:\_OTL\MovedFiles\09152012_162957\C_Users\intan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8\1845ff08-2e46415d -> mail/MailAgent.class Quarantäne Java.Exploit.CVE-2010-0840.Y (B)
C:\_OTL\MovedFiles\09152012_162957\C_Users\intan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\6838e2bd-3bfd8680 -> ta/tb.class Quarantäne Exploit.Java.CVE-2012-0507.N (B)
C:\_OTL\MovedFiles\09152012_162957\C_Users\intan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49\5ad21ab1-417f1f75 -> encode/ANSI.class Quarantäne Java.Trojan.Downloader.OpenConnection.AN (B)
C:\_OTL\MovedFiles\09152012_162957\C_Users\intan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2\44d54702-2fb49d1d -> json/Search.class Quarantäne Trojan.Java.Downloader.T (B)
Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\general -> AppData Quarantäne Trace.Registry.iMesh (A)
Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\general -> DownloadDir Quarantäne Trace.Registry.iMesh (A)
Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\general -> DownloadLimit Quarantäne Trace.Registry.iMesh (A)
Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\general -> DSUniqueID Quarantäne Trace.Registry.iMesh (A)
Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\general -> LimitTime Quarantäne Trace.Registry.iMesh (A)
Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\general -> Login Quarantäne Trace.Registry.iMesh (A)
Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\general -> MNEnabled Quarantäne Trace.Registry.iMesh (A)
Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\general -> NetworkPaneShow Quarantäne Trace.Registry.iMesh (A)
Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\general -> OKHashes Quarantäne Trace.Registry.iMesh (A)
Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\general -> StatisticsFileName Quarantäne Trace.Registry.iMesh (A)
Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\network\im2net -> AccessUploading Quarantäne Trace.Registry.iMesh (A)
Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\network\im2net -> AntPort Quarantäne Trace.Registry.iMesh (A)
Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\network\im2net -> ConnectIp Quarantäne Trace.Registry.iMesh (A)
Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\network\im2net -> EnableLocalConnections Quarantäne Trace.Registry.iMesh (A)
Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\network\im2net -> MaxConnForFile Quarantäne Trace.Registry.iMesh (A)
Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\network\im2net -> MaxDownload Quarantäne Trace.Registry.iMesh (A)
Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\network\im2net -> MaxDownloadSpeed Quarantäne Trace.Registry.iMesh (A)
Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\network\im2net -> MaxUpload Quarantäne Trace.Registry.iMesh (A)
Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\network\im2net -> MaxUploadSpeed Quarantäne Trace.Registry.iMesh (A)
Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\network\im2net -> PreviewPort Quarantäne Trace.Registry.iMesh (A)
Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\network\im2net -> ReassignSlowSources Quarantäne Trace.Registry.iMesh (A)
Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\network\im2net -> SmartTraffic Quarantäne Trace.Registry.iMesh (A)
Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\network\im2net -> StatusUploadPort Quarantäne Trace.Registry.iMesh (A)
Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\network\im2net -> TimeLibraryReportSent Quarantäne Trace.Registry.iMesh (A)
Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\network\im2net -> TimeUploadPort Quarantäne Trace.Registry.iMesh (A)
Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\network\proxy -> Password Quarantäne Trace.Registry.iMesh (A)
Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\network\proxy -> ServerAddress Quarantäne Trace.Registry.iMesh (A)
Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\network\proxy -> ServerPort Quarantäne Trace.Registry.iMesh (A)
Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\network\proxy -> Type Quarantäne Trace.Registry.iMesh (A)
Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\network\proxy -> UseAuthentication Quarantäne Trace.Registry.iMesh (A)
Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\network\proxy -> Username Quarantäne Trace.Registry.iMesh (A)
Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\preferences\filelist -> DeleteFromDisk Quarantäne Trace.Registry.iMesh (A)
Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\preferences\filelist -> MediaTypeFilter Quarantäne Trace.Registry.iMesh (A)
Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\preferences\iehomepage -> DontShowIEHomepageOffer Quarantäne Trace.Registry.iMesh (A)
Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\preferences\iehomepage -> DontShowIEHomepageOfferNever Quarantäne Trace.Registry.iMesh (A)
Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\preferences\iehomepage -> IEHomepage Quarantäne Trace.Registry.iMesh (A)
Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\preferences\iehomepage -> LastHomepageCheck Quarantäne Trace.Registry.iMesh (A)
Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\preferences\invite -> DownloadCount Quarantäne Trace.Registry.iMesh (A)
Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\preferences\invite -> InviteShowCount Quarantäne Trace.Registry.iMesh (A)
Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\preferences\invite -> PlayCount Quarantäne Trace.Registry.iMesh (A)
Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\preferences\search -> MaxResultsCount Quarantäne Trace.Registry.iMesh (A)
Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\preferences\search -> MediaTypeFilter Quarantäne Trace.Registry.iMesh (A)
Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\preferences\search -> PremiumEnabled Quarantäne Trace.Registry.iMesh (A)
Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\preferences\security -> DoNotShare Quarantäne Trace.Registry.iMesh (A)
Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\preferences -> AUDeclineDate Quarantäne Trace.Registry.iMesh (A)
Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\preferences -> AutoResetPlayCount Quarantäne Trace.Registry.iMesh (A)
Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\preferences -> CopyFromRemovable Quarantäne Trace.Registry.iMesh (A)
Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\preferences -> IMHistoryFolderPath Quarantäne Trace.Registry.iMesh (A)
Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\preferences -> IMPictureFolderPath Quarantäne Trace.Registry.iMesh (A)
Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\preferences -> IsAutoVolume Quarantäne Trace.Registry.iMesh (A)
Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\preferences -> IsCrossfadeEnable Quarantäne Trace.Registry.iMesh (A)
Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\preferences -> IsIMAlertContacts Quarantäne Trace.Registry.iMesh (A)
Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\preferences -> IsIMAlertMessages Quarantäne Trace.Registry.iMesh (A)
Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\preferences -> IsIMDontPlayWhenPlaying Quarantäne Trace.Registry.iMesh (A)
Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\preferences -> IsIMEveryone Quarantäne Trace.Registry.iMesh (A)
Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\preferences -> IsIMSpecialAlers Quarantäne Trace.Registry.iMesh (A)
Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\preferences -> IsNeedUpdateHisory Quarantäne Trace.Registry.iMesh (A)
Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\preferences -> IsNotPresentAnyVideo Quarantäne Trace.Registry.iMesh (A)
Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\preferences -> IsNotShowNick Quarantäne Trace.Registry.iMesh (A)
Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\preferences -> IsPlayDownloadSound Quarantäne Trace.Registry.iMesh (A)
Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\preferences -> IsSearchAutoSuggest Quarantäne Trace.Registry.iMesh (A)
Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\preferences -> IsSecurityLock Quarantäne Trace.Registry.iMesh (A)
Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\preferences -> IsShowCRQDialog Quarantäne Trace.Registry.iMesh (A)
Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\preferences -> IsShowDownloadTray Quarantäne Trace.Registry.iMesh (A)
Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\preferences -> IsShowFTPDialog Quarantäne Trace.Registry.iMesh (A)
Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\preferences -> IsShowLQDialog Quarantäne Trace.Registry.iMesh (A)
Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\preferences -> IsShowToday Quarantäne Trace.Registry.iMesh (A)
Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\preferences -> ReceiveLooking Quarantäne Trace.Registry.iMesh (A)
Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\preferences -> RootLicenseDate Quarantäne Trace.Registry.iMesh (A)
Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\preferences -> SendLooking Quarantäne Trace.Registry.iMesh (A)
Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\preferences -> ShowNILWarning Quarantäne Trace.Registry.iMesh (A)
Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\preferences -> SubsType Quarantäne Trace.Registry.iMesh (A)
Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\preferences -> UpdaterLocation Quarantäne Trace.Registry.iMesh (A)
Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\preferences -> UsedMNPortable Quarantäne Trace.Registry.iMesh (A)
Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\preferences -> UsedPortable Quarantäne Trace.Registry.iMesh (A)
Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\preferences -> VideoRegime Quarantäne Trace.Registry.iMesh (A)
Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\preferences -> VisualEnabled Quarantäne Trace.Registry.iMesh (A)
Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\preferences -> VisualRegime Quarantäne Trace.Registry.iMesh (A)
Key: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh Quarantäne Trace.Registry.iMesh (A)
Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh -> LastOpenFileDir Quarantäne Trace.Registry.iMesh (A)
Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\player -> Volume Quarantäne Trace.Registry.iMesh MediaBar (A)
Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\preferences\portableplayers\0 -> AutoStart Quarantäne Trace.Registry.iMesh MediaBar (A)
Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\preferences\portableplayers\0 -> AutoSync Quarantäne Trace.Registry.iMesh MediaBar (A)
Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\preferences\portableplayers\0 -> NoRemove Quarantäne Trace.Registry.iMesh MediaBar (A)
Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\preferences\portableplayers\0 -> SerialNumber Quarantäne Trace.Registry.iMesh MediaBar (A)
Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\preferences\portableplayers\0 -> Usages Quarantäne Trace.Registry.iMesh MediaBar (A)
Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\preferences\portableplayers -> Devices Quarantäne Trace.Registry.iMesh MediaBar (A)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\imesh Quarantäne Trace.File.IMesh (A)
C:\Program Files\iMesh Applications\iMesh Quarantäne Trace.File.IMesh (A)
C:\Program Files\iMesh Applications\iMesh\HTML Quarantäne Trace.File.IMesh (A)
C:\Program Files\iMesh Applications\iMesh\Skins Quarantäne Trace.File.IMesh (A)
C:\Program Files\iMesh Applications\iMesh\Skins\Images Quarantäne Trace.File.IMesh (A)
C:\Users\intan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\iMesh.lnk Quarantäne Trace.File.IMesh (A)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\imesh\imesh.lnk Quarantäne Trace.File.IMesh (A)
C:\Program Files\iMesh Applications\iMesh\DiscoveryHelper.dll Quarantäne Trace.File.IMesh (A)
C:\Program Files\iMesh Applications\iMesh\HTML\error.html Quarantäne Trace.File.IMesh (A)
C:\Program Files\iMesh Applications\iMesh\HTML\loading.html Quarantäne Trace.File.IMesh (A)
C:\Program Files\iMesh Applications\iMesh\iMesh.exe Quarantäne Trace.File.IMesh (A)
C:\Program Files\iMesh Applications\iMesh\IMWebControl.dll Quarantäne Trace.File.IMesh (A)
C:\Program Files\iMesh Applications\iMesh\lame_enc.dll Quarantäne Trace.File.IMesh (A)
C:\Program Files\iMesh Applications\iMesh\license.txt Quarantäne Trace.File.IMesh (A)
C:\Program Files\iMesh Applications\iMesh\ResourcesLOC.dll Quarantäne Trace.File.IMesh (A)
C:\Program Files\iMesh Applications\iMesh\Shw32.dll Quarantäne Trace.File.IMesh (A)
C:\Program Files\iMesh Applications\iMesh\Skins\Default.skn Quarantäne Trace.File.IMesh (A)
C:\Program Files\iMesh Applications\iMesh\Skins\Default.xml Quarantäne Trace.File.IMesh (A)
C:\Program Files\iMesh Applications\iMesh\Skins\Images\DefArtwork.jpg Quarantäne Trace.File.IMesh (A)
C:\Program Files\iMesh Applications\iMesh\Skins\Images\TAFLogo.PNG Quarantäne Trace.File.IMesh (A)
C:\Program Files\iMesh Applications\iMesh\Skins\Images\ToGoLogo.PNG Quarantäne Trace.File.IMesh (A)
C:\Program Files\iMesh Applications\iMesh\Skins\Settings.xml Quarantäne Trace.File.IMesh (A)
C:\Program Files\iMesh Applications\iMesh\UpdateInst.exe Quarantäne Trace.File.IMesh (A)
Quarantäne 132
|
|
21.09.2012, 12:03
| #12 |
| /// Helfer-Team | GVU Trojaner - Österreichische Version eingefangen Sehr gut! Deinstalliere: Emsisoft Anti-Malware ESET Online Scanner Vorbereitung
|
|
24.09.2012, 23:48
| #13 |
| | GVU Trojaner - Österreichische Version eingefangen ich habe den scan jetzt durchgeführt - 7 objekte hat er noch gefunden; nur leider war keine log.txt mehr vorhanden :/ ich habe den scan dann nochmals durchgeführt und siehe da - es war eine log.txt vorhanden - jedoch keine infizierten objekte mehr vorhanden da ESET sie ja gelöscht hat; wobei das hauptsächlich infizierte dateien in den quarantäne ordnern durch andere scanner. hier die log beim 2. scan ohne gefundene objekte: Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=75652a43dd92594cadb1aa2058cc79d2
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-09-24 10:10:11
# local_time=2012-09-25 12:10:11 (+0100, Mitteleuropäische Sommerzeit)
# country="Austria"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=2817 16777215 100 100 12097917 16615136 0 0
# compatibility_mode=5893 16776573 100 94 605797 100152733 0 0
# compatibility_mode=8192 67108863 100 0 173575 173575 0 0
# scanned=93960
# found=0
# cleaned=0
# scan_time=3069
|
|
25.09.2012, 10:20
| #14 |
| /// Helfer-Team | GVU Trojaner - Österreichische Version eingefangen Java aktualisieren Dein Java ist nicht mehr aktuell. Älter Versionen enthalten Sicherheitslücken, die von Malware missbraucht werden können.
Dann so einstellen: http://www.trojaner-board.de/105213-...tellungen.html Danach poste (kopieren und einfuegen) mir, was du hier angezeigt bekommst: PluginCheck Java deaktivieren Aufgrund derezeitigen Sicherheitsluecke: http://www.trojaner-board.de/122961-...ktivieren.html Danach poste mir (kopieren und einfuegen), was du hier angezeigt bekommst: PluginCheck |
|
07.11.2012, 06:10
| #15 |
| /// Helfer-Team | GVU Trojaner - Österreichische Version eingefangen Fehlende Rückmeldung Gibt es Probleme beim Abarbeiten obiger Anleitung? Um Kapazitäten für andere Hilfesuchende freizumachen, lösche ich dieses Thema aus meinen Benachrichtigungen. Solltest Du weitermachen wollen, schreibe mir eine PN oder eröffne ein neues Thema. http://www.trojaner-board.de/69886-a...-beachten.html Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner sauber ist. |
|
| Themen zu GVU Trojaner - Österreichische Version eingefangen |
| adobe flash player, bho, conduit, defender, excel, explorer, flash player, format, homepage, iexplore.exe, install.exe, ntdll.dll, office 2007, pdfforge toolbar, plug-in, programme, registry, rundll, scan, searchcore, software, spyware.agent, spyware.password, suche, svchost.exe, trojan.agent, trojan.fakems, trojan.winlock, trojaner, udp, windows, wmp |
Textbox von OTL - wenn OTL auf deutsch ist wird sie mit 
beschriftet
.
Linear-Darstellung
