| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: GVU-TrojanerWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
24.10.2012, 19:43
| #1 |
| |  GVU-Trojaner Moin zusammen, ich habe hier vor mir einen Laptop den ich mal so eben nebenbei reparieren soll. Allen Anschein nach, handelt es sich dabei um den GVU-Trojaner. ( Kenne mich selber nicht so wirklich in Sachen Viren und Trojaner aus, weil ich momentan noch nen Mac verwende. ) Anbei die OTL-Datei: Code:
ATTFilter OTL logfile created on: 24.10.2012 20:07:41 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Brigitte Schult\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,99 Gb Total Physical Memory | 0,92 Gb Available Physical Memory | 46,15% Memory free 4,21 Gb Paging File | 3,06 Gb Available in Paging File | 72,63% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 93,08 Gb Total Space | 31,07 Gb Free Space | 33,38% Space Free | Partition Type: NTFS Drive D: | 14,83 Gb Total Space | 11,40 Gb Free Space | 76,88% Space Free | Partition Type: FAT32 Drive E: | 91,77 Gb Total Space | 86,87 Gb Free Space | 94,66% Space Free | Partition Type: NTFS Computer Name: BRIGITTESCHU-PC | User Name: Brigitte Schult | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.10.24 19:55:00 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Brigitte Schult\Desktop\OTL.exe PRC - [2012.10.16 17:50:33 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\ProgramData\lsass.exe PRC - [2012.08.29 17:12:55 | 000,307,856 | ---- | M] (Google Inc.) -- C:\Programme\Google\Google Toolbar\GoogleToolbarUser_32.exe PRC - [2012.08.24 09:34:41 | 000,748,680 | ---- | M] (Microsoft Corporation) -- C:\Programme\Internet Explorer\iexplore.exe PRC - [2010.02.04 23:47:34 | 000,093,376 | ---- | M] (OLYMPUS IMAGING CORP.) -- C:\Programme\Olympus\ib\olycamdetect.exe PRC - [2009.08.31 07:56:10 | 000,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG8\avgrsx.exe PRC - [2009.08.31 07:55:40 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG8\avgwdsvc.exe PRC - [2009.04.11 08:28:15 | 000,117,248 | ---- | M] () -- \\?\C:\Windows\System32\wbem\WMIADAP.EXE PRC - [2009.04.11 08:28:03 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2008.01.29 19:51:52 | 004,911,104 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe PRC - [2008.01.29 17:00:40 | 000,430,080 | ---- | M] () -- C:\Programme\TOSHIBA\TOSCDSPD\TOSCDSPD.exe PRC - [2008.01.25 13:33:50 | 000,509,816 | ---- | M] (TOSHIBA Corporation) -- C:\Programme\TOSHIBA\SmoothView\SmoothView.exe PRC - [2008.01.22 14:25:26 | 000,712,704 | ---- | M] (TOSHIBA Corporation) -- C:\Programme\TOSHIBA\FlashCards\TCrdMain.exe PRC - [2008.01.21 17:54:46 | 000,083,312 | ---- | M] (TOSHIBA Corporation) -- C:\Programme\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe PRC - [2008.01.21 04:23:32 | 000,319,544 | ---- | M] (Microsoft Corporation) -- c:\Programme\Windows Defender\MpCmdRun.exe PRC - [2008.01.17 16:27:52 | 000,431,456 | ---- | M] (TOSHIBA Corporation) -- C:\Programme\TOSHIBA\Power Saver\TPwrMain.exe PRC - [2008.01.17 16:27:34 | 000,431,456 | ---- | M] (TOSHIBA Corporation) -- c:\Programme\TOSHIBA\Power Saver\TosCoSrv.exe PRC - [2008.01.09 15:02:08 | 001,056,768 | ---- | M] (TOSHIBA CORPORATION) -- C:\Programme\TOSHIBA\ConfigFree\NDSTray.exe PRC - [2007.12.25 14:07:14 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe PRC - [2007.12.25 14:06:52 | 000,405,504 | ---- | M] (TOSHIBA CORPORATION) -- C:\Programme\TOSHIBA\ConfigFree\CFSwMgr.exe PRC - [2007.12.03 17:03:52 | 000,126,976 | ---- | M] (TOSHIBA Corporation) -- c:\Programme\TOSHIBA\SMARTLogService\TosIPCSrv.exe PRC - [2007.11.21 18:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe PRC - [2006.09.28 11:20:00 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Programme\Common Files\Ulead Systems\DVD\ULCDRSvr.exe ========== Modules (No Company Name) ========== MOD - [2012.10.16 17:33:52 | 000,007,424 | ---- | M] () -- C:\Users\Brigitte Schult\AppData\Roaming\BAcroIEHelpe217.dll MOD - [2008.01.29 17:00:40 | 000,430,080 | ---- | M] () -- C:\Programme\TOSHIBA\TOSCDSPD\TOSCDSPD.exe MOD - [2007.12.25 12:03:40 | 000,015,184 | ---- | M] () -- C:\Programme\TOSHIBA\PCDiag\NotifyPCD.dll MOD - [2007.12.14 21:40:00 | 000,090,112 | ---- | M] () -- C:\Programme\TOSHIBA\FlashCards\TWarnMsg\TWarnMsg.dll MOD - [2007.12.14 21:28:38 | 004,726,784 | ---- | M] () -- C:\Programme\TOSHIBA\FlashCards\BlackPng.dll MOD - [2007.09.13 15:11:18 | 000,249,856 | ---- | M] () -- C:\Windows\System32\igfxTMM.dll MOD - [2007.01.18 10:30:00 | 000,094,208 | ---- | M] () -- C:\Programme\IDM\Desktop SMS\oehook.dll MOD - [2006.10.10 12:44:16 | 000,009,728 | ---- | M] () -- C:\Programme\TOSHIBA\TOSHIBA Assist\NotifyX.dll MOD - [2006.10.07 12:57:04 | 000,053,248 | ---- | M] () -- c:\Programme\TOSHIBA\TOSHIBA Disc Creator\NotifyTDC.dll ========== Services (SafeList) ========== SRV - [2012.10.09 17:33:25 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2009.08.31 07:55:40 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Programme\AVG\AVG8\avgwdsvc.exe -- (avg8wd) SRV - [2008.01.21 17:54:46 | 000,083,312 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Programme\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv) SRV - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2008.01.17 16:27:34 | 000,431,456 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- c:\Programme\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv) SRV - [2007.12.25 14:07:14 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service) SRV - [2007.12.03 17:03:52 | 000,126,976 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- c:\Programme\TOSHIBA\SMARTLogService\TosIPCSrv.exe -- (TOSHIBA SMART Log Service) SRV - [2007.11.21 18:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv) SRV - [2006.10.26 20:49:34 | 000,441,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2006.10.26 15:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) SRV - [2006.09.28 11:20:00 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Programme\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper) SRV - [2005.11.17 15:18:52 | 001,527,900 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Programme\MAGIX\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance) SRV - [2005.02.09 12:59:00 | 000,014,165 | ---- | M] (Pinnacle Systems GmbH) [Auto | Stopped] -- C:\Windows\System32\drivers\Pclepci.sys -- (PCLEPCI) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - [2009.09.10 16:58:26 | 000,021,648 | ---- | M] (OLYMPUS IMAGING CORP.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\OlyCamComm.sys -- (OlyCamComm) DRV - [2009.08.31 07:56:10 | 000,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (AvgLdx86) DRV - [2009.08.31 07:56:10 | 000,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (AvgMfx86) DRV - [2008.01.21 16:42:24 | 000,285,184 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\tos_sps32.sys -- (tos_sps32) DRV - [2008.01.21 04:23:20 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) DRV - [2007.12.28 20:21:54 | 000,104,448 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169) DRV - [2007.12.26 11:20:32 | 000,290,304 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rtl8187B.sys -- (RTL8187B) DRV - [2007.11.09 14:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TVALZ_O.SYS -- (TVALZ) DRV - [2007.10.17 23:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio) DRV - [2007.04.23 10:50:50 | 000,025,896 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | System | Running] -- C:\Windows\System32\drivers\RtlProt.sys -- (RtlProt) DRV - [2007.01.04 10:07:00 | 000,171,520 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MarvinBus.sys -- (MarvinBus) DRV - [2006.11.20 15:11:14 | 000,007,168 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\FwLnk.sys -- (FwLnk) DRV - [2006.10.18 12:50:04 | 000,016,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst) DRV - [2001.09.09 09:43:58 | 000,038,401 | ---- | M] (Samsung Electronics) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dvc.sys -- (DVC) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.arcor.de IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.arcor.de IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = hxxp://www.arcor.de IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.arcor.de IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.arcor.de IE - HKLM\..\SearchScopes,DefaultScope = {344721BC-7E2A-4B02-A00C-4AFFE316B0B7} IE - HKLM\..\SearchScopes\{344721BC-7E2A-4B02-A00C-4AFFE316B0B7}: "URL" = hxxp://www.google.de/search?q={searchTerms}&rls=com.microsoft:*:IE-SearchBox&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7; IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = www.google.de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\SearchScopes,DefaultScope = {344721BC-7E2A-4B02-A00C-4AFFE316B0B7} IE - HKCU\..\SearchScopes\{344721BC-7E2A-4B02-A00C-4AFFE316B0B7}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7TSEA_deDE277 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.update: false FF - prefs.js..browser.search.update: false FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..extensions.enabledAddons: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.4.6.20120119024823 FF - prefs.js..extensions.enabledAddons: {9A207F60-3F1C-4ED0-972D-0A4CDFBFF803}:1.0 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG8\Firefox [2009.12.30 09:51:26 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.04.19 19:41:55 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{9A207F60-3F1C-4ED0-972D-0A4CDFBFF803}: C:\Users\Brigitte Schult\AppData\Roaming\11001.072 [2012.10.16 17:33:37 | 000,000,000 | ---D | M] [2011.12.24 11:05:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Brigitte Schult\AppData\Roaming\mozilla\Extensions [2012.04.19 19:42:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Brigitte Schult\AppData\Roaming\mozilla\Firefox\Profiles\1co2dgkn.default\extensions [2012.04.19 19:38:04 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Brigitte Schult\AppData\Roaming\mozilla\Firefox\Profiles\1co2dgkn.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2012.04.19 19:42:17 | 000,020,591 | ---- | M] () (No name found) -- C:\Users\Brigitte Schult\AppData\Roaming\mozilla\firefox\profiles\1co2dgkn.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi [2012.04.19 19:41:59 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.04.19 19:36:44 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\distribution\extensions [2012.04.19 19:36:44 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Programme\Mozilla Firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2012.10.16 17:33:37 | 000,000,000 | ---D | M] (Java Link Helper) -- C:\USERS\BRIGITTE SCHULT\APPDATA\ROAMING\11001.072 [2012.04.19 19:41:54 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.04.19 19:41:48 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.04.19 19:41:48 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.04.19 19:41:48 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.04.19 19:41:48 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.04.19 19:41:48 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.04.19 19:41:48 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programme\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O4 - HKLM..\Run: [00TCrdMain] C:\Programme\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [AVG8_TRAY] C:\Programme\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [Desktop SMS] C:\Program Files\IDM\Desktop SMS\DesktopSMS.exe (Interactive Digital Media) O4 - HKLM..\Run: [MDS_Menu] C:\Program Files\Olympus\ib\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [NDSTray.exe] NDSTray.exe File not found O4 - HKLM..\Run: [NWEReboot] File not found O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [SmoothView] C:\Programme\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe (TOSHIBA) O4 - HKLM..\Run: [Toshiba Registration] C:\Programme\TOSHIBA\Registration\ToshibaRegistration.exe (Toshiba) O4 - HKLM..\Run: [TPwrMain] C:\Programme\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [UVS10 Preload] C:\Programme\Ulead Systems\Ulead VideoStudio SE DVD\uvPL.exe (Ulead Systems, Inc.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [Olympus ib] C:\Program Files\Olympus\ib\olycamdetect.exe (OLYMPUS IMAGING CORP.) O4 - HKCU..\Run: [Philips Intelligent Agent] C:\Program Files\Philips Intelligent Agent\Philips Intelligent Agent.exe (Philips Consumer Electronics) O4 - HKCU..\Run: [TOSCDSPD] C:\Programme\TOSHIBA\TOSCDSPD\TOSCDSPD.exe () O4 - HKCU..\Run: [Userinit] C:\Users\Brigitte Schult\AppData\Roaming\appConf32.exe () O4 - Startup: C:\Users\Brigitte Schult\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk = C:\ProgramData\lsass.exe (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: eBay - Der weltweite Online Marktplatz - {76577871-04EC-495E-A12B-91F7C3600AFA} - hxxp://rover.ebay.com/rover/1/707-44556-9400-3/4 File not found O9 - Extra Button: Amazon.de - {8A918C1D-E123-4E36-B562-5C1519E434CE} - hxxp://www.amazon.de/exec/obidos/redirect-home?tag=Toshibadebholink-21&site=home File not found O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Ranges: GD ([http] in Lokales Intranet) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{53D2C9D6-8D6C-4F3C-B245-22E7070D4565}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programme\Common Files\microsoft shared\Web Folders\PKMCDO.DLL (Microsoft Corporation) O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programme\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google) O20 - AppInit_DLLs: (avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img22.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img22.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008.05.20 21:07:07 | 000,000,121 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.10.24 20:04:54 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Brigitte Schult\Desktop\OTL.exe [2012.10.16 17:50:33 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\ProgramData\lsass.exe [2012.10.16 17:33:37 | 000,000,000 | ---D | C] -- C:\Users\Brigitte Schult\AppData\Roaming\11001.072 [2012.10.16 17:21:43 | 000,000,000 | ---D | C] -- C:\Users\Brigitte Schult\AppData\Roaming\UAs [2012.10.12 15:35:32 | 000,000,000 | ---D | C] -- C:\Users\Brigitte Schult\AppData\Roaming\11001.071 [2012.10.12 15:35:05 | 000,000,000 | ---D | C] -- C:\Users\Brigitte Schult\AppData\Roaming\xmldm [2012.10.12 15:35:03 | 000,000,000 | ---D | C] -- C:\Users\Brigitte Schult\AppData\Roaming\kock [2008.05.31 21:29:38 | 000,010,752 | ---- | C] (Arcor Online GmbH) -- C:\Users\Brigitte Schult\AppData\Local\cmdial32.dll [2 C:\Users\Brigitte Schult\AppData\Roaming\*.tmp files -> C:\Users\Brigitte Schult\AppData\Roaming\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.10.24 20:09:05 | 000,618,442 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.10.24 20:09:05 | 000,587,178 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.10.24 20:09:05 | 000,122,842 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.10.24 20:09:05 | 000,101,250 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.10.24 19:55:00 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Brigitte Schult\Desktop\OTL.exe [2012.10.24 19:28:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.10.24 19:23:14 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.10.24 19:23:03 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.10.24 19:23:03 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.10.24 19:22:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.10.24 19:22:42 | 2136,956,928 | -HS- | M] () -- C:\hiberfil.sys [2012.10.24 19:17:11 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.10.24 19:14:54 | 083,023,306 | ---- | M] () -- C:\ProgramData\sqj.pad [2012.10.21 17:59:22 | 000,000,017 | ---- | M] () -- C:\Users\Brigitte Schult\AppData\Roaming\blckdom.res [2012.10.16 17:50:37 | 000,000,763 | ---- | M] () -- C:\Users\Brigitte Schult\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk [2012.10.16 17:33:52 | 000,181,904 | ---- | M] () -- C:\Users\Brigitte Schult\AppData\Roaming\AcroIEHelpe217.dll [2012.10.16 17:33:52 | 000,007,424 | ---- | M] () -- C:\Users\Brigitte Schult\AppData\Roaming\BAcroIEHelpe217.dll [2012.10.16 17:22:48 | 059,079,994 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm [2012.10.15 16:38:20 | 000,003,906 | ---- | M] () -- C:\Users\Brigitte Schult\AppData\Roaming\wklnhst.dat [2012.10.15 16:31:14 | 000,011,776 | ---- | M] () -- C:\Users\Brigitte Schult\Documents\Schr.an RA Raschendorfer.wps [2012.10.12 15:35:48 | 000,181,904 | ---- | M] () -- C:\Users\Brigitte Schult\AppData\Roaming\AcroIEHelpe.dll [2012.10.11 18:31:49 | 000,018,432 | ---- | M] () -- C:\Users\Brigitte Schult\Documents\Renate Bericht 2009.xlr [2012.10.09 20:07:05 | 000,023,552 | ---- | M] () -- C:\Users\Brigitte Schult\Documents\Jahresbericht 2011 Renate.xlr [2012.10.09 19:27:41 | 000,011,264 | ---- | M] () -- C:\Users\Brigitte Schult\Documents\kündigungaz.wps [2 C:\Users\Brigitte Schult\AppData\Roaming\*.tmp files -> C:\Users\Brigitte Schult\AppData\Roaming\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.10.16 17:50:37 | 000,000,763 | ---- | C] () -- C:\Users\Brigitte Schult\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk [2012.10.16 17:50:33 | 083,023,306 | ---- | C] () -- C:\ProgramData\sqj.pad [2012.10.16 17:33:52 | 000,181,904 | ---- | C] () -- C:\Users\Brigitte Schult\AppData\Roaming\AcroIEHelpe217.dll [2012.10.16 17:33:52 | 000,007,424 | ---- | C] () -- C:\Users\Brigitte Schult\AppData\Roaming\BAcroIEHelpe217.dll [2012.10.15 15:59:58 | 000,011,776 | ---- | C] () -- C:\Users\Brigitte Schult\Documents\Schr.an RA Raschendorfer.wps [2012.10.12 15:35:48 | 000,181,904 | ---- | C] () -- C:\Users\Brigitte Schult\AppData\Roaming\AcroIEHelpe.dll [2012.10.12 15:35:19 | 000,000,017 | ---- | C] () -- C:\Users\Brigitte Schult\AppData\Roaming\blckdom.res [2012.10.09 11:06:24 | 000,011,264 | ---- | C] () -- C:\Users\Brigitte Schult\Documents\kündigungaz.wps [2012.08.22 18:18:55 | 000,000,256 | ---- | C] () -- C:\Users\Brigitte Schult\mxcdr.ini [2011.10.29 19:08:25 | 000,000,016 | -H-- | C] () -- C:\ProgramData\mxfilerelatedcache.mxc2 [2011.10.16 20:37:55 | 000,000,000 | -H-- | C] () -- C:\Users\Brigitte Schult\AppData\Roaming\LhhLIMyKK7EK [2010.10.30 20:50:40 | 009,941,702 | ---- | C] () -- C:\Users\Brigitte Schult\Trucks 1_2010.zip [2008.12.09 17:23:13 | 000,051,768 | RHS- | C] () -- C:\Users\Brigitte Schult\AppData\Roaming\appConf32.exe [2008.06.15 21:52:01 | 000,006,174 | ---- | C] () -- C:\Users\Brigitte Schult\hupe 22.wav [2008.06.15 20:53:37 | 000,279,992 | ---- | C] () -- C:\Users\Brigitte Schult\Lanz Bulldog Motor sehr gut.wav [2008.05.17 20:06:43 | 000,013,312 | ---- | C] () -- C:\Users\Brigitte Schult\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.05.04 12:27:46 | 000,000,016 | -H-- | C] () -- C:\Users\Brigitte Schult\AppData\Roaming\mxfilerelatedcache.mxc2 [2008.05.04 12:27:46 | 000,000,016 | -H-- | C] () -- C:\Users\Brigitte Schult\AppData\Local\mxfilerelatedcache.mxc2 [2008.05.04 12:27:43 | 000,000,016 | -H-- | C] () -- C:\Users\Brigitte Schult\mxfilerelatedcache.mxc2 [2008.05.03 11:23:40 | 000,003,906 | ---- | C] () -- C:\Users\Brigitte Schult\AppData\Roaming\wklnhst.dat ========== ZeroAccess Check ========== [2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 08:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2012.10.12 15:35:33 | 000,000,000 | ---D | M] -- C:\Users\Brigitte Schult\AppData\Roaming\11001.071 [2012.10.16 17:33:37 | 000,000,000 | ---D | M] -- C:\Users\Brigitte Schult\AppData\Roaming\11001.072 [2012.10.12 15:35:03 | 000,000,000 | ---D | M] -- C:\Users\Brigitte Schult\AppData\Roaming\kock [2008.12.08 18:53:23 | 000,000,000 | ---D | M] -- C:\Users\Brigitte Schult\AppData\Roaming\MAGIX [2008.12.08 18:47:36 | 000,000,000 | ---D | M] -- C:\Users\Brigitte Schult\AppData\Roaming\myphotobook [2008.05.20 22:06:45 | 000,000,000 | ---D | M] -- C:\Users\Brigitte Schult\AppData\Roaming\proDAD [2008.05.03 11:24:04 | 000,000,000 | ---D | M] -- C:\Users\Brigitte Schult\AppData\Roaming\Template [2012.10.16 17:21:43 | 000,000,000 | ---D | M] -- C:\Users\Brigitte Schult\AppData\Roaming\UAs [2010.06.10 21:08:25 | 000,000,000 | ---D | M] -- C:\Users\Brigitte Schult\AppData\Roaming\Ulead Systems [2012.10.12 15:35:05 | 000,000,000 | ---D | M] -- C:\Users\Brigitte Schult\AppData\Roaming\xmldm ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 24.10.2012 20:07:41 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Brigitte Schult\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1,99 Gb Total Physical Memory | 0,92 Gb Available Physical Memory | 46,15% Memory free
4,21 Gb Paging File | 3,06 Gb Available in Paging File | 72,63% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 93,08 Gb Total Space | 31,07 Gb Free Space | 33,38% Space Free | Partition Type: NTFS
Drive D: | 14,83 Gb Total Space | 11,40 Gb Free Space | 76,88% Space Free | Partition Type: FAT32
Drive E: | 91,77 Gb Total Space | 86,87 Gb Free Space | 94,66% Space Free | Partition Type: NTFS
Computer Name: BRIGITTESCHU-PC | User Name: Brigitte Schult | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{22197C16-5EDC-484B-B2A4-511407DED270}" = lport=139 | protocol=6 | dir=in | app=system |
"{4687E16F-414E-4496-845F-06F4A5050E6E}" = rport=138 | protocol=17 | dir=out | app=system |
"{4DA89C76-5458-417F-A118-AC08B9766CF2}" = lport=137 | protocol=17 | dir=in | app=system |
"{51975533-D320-44F0-990F-54B77C4A4A85}" = lport=445 | protocol=6 | dir=in | app=system |
"{7937B787-8ED7-455E-BB06-8F5DF42B960F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{90FCF08D-EC5F-43DE-BA15-43388720549D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{918EBA85-657C-4705-ABF3-2F1281C8920A}" = rport=139 | protocol=6 | dir=out | app=system |
"{A2B7ACE3-57FA-4F85-9681-0E527CD45028}" = rport=445 | protocol=6 | dir=out | app=system |
"{E7B551B5-51DF-4DF2-8158-7FF6C6848F2C}" = rport=137 | protocol=17 | dir=out | app=system |
"{FB94EEC3-3A04-41C9-B449-D3AE6BF541C7}" = lport=138 | protocol=17 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0DC72EF3-43F6-4597-ABD2-B7676C57DBB4}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{2CC0C0B8-C286-462E-AB98-1B21922EC9EC}" = protocol=6 | dir=in | app=c:\program files\pinnacle\studio 11\programs\studio.exe |
"{339FD4F8-A869-4481-A191-BFCA975A6388}" = protocol=17 | dir=in | app=c:\program files\pinnacle\studio 11\programs\pmsregisterfile.exe |
"{3819E3E5-7076-4329-9EEE-D7F3D3429549}" = protocol=17 | dir=in | app=c:\program files\pinnacle\studio 11\programs\studio.exe |
"{4280FE46-1986-4166-A191-B638F6034D02}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{45D535BD-7CDA-43EA-9F0B-554602CD9564}" = dir=in | app=c:\program files\avg\avg8\avgupd.exe |
"{466D3A99-38CF-4171-97B2-D19BCF57DB88}" = protocol=6 | dir=in | app=c:\program files\pinnacle\studio 11\programs\rm.exe |
"{77EA3867-ADF6-4B7B-B62A-4E9848B31672}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{86EAC92A-6CF3-4428-9F2E-991EA287930A}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{94EF47C5-1A24-421A-8713-7F70B4A48189}" = protocol=6 | dir=in | app=c:\program files\pinnacle\studio 11\programs\umi.exe |
"{9948CE44-4709-4824-9C5E-E539BCFBE554}" = protocol=6 | dir=in | app=c:\program files\pinnacle\studio 11\programs\pmsregisterfile.exe |
"{A35E6403-BAA3-46AD-96FE-3A0488EE0BF0}" = protocol=17 | dir=in | app=c:\program files\pinnacle\studio 11\programs\umi.exe |
"{B208F38C-5CA7-48C8-A331-37BF0D3B48F6}" = protocol=17 | dir=in | app=c:\program files\pinnacle\studio 11\programs\rm.exe |
"{E098DD7A-980B-4C23-901B-7D260F559EF5}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{FCB51C6E-9EFE-443D-97CD-63FE51109BEC}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"TCP Query User{EE9F0522-F4EB-4003-B954-D111FE5C172E}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{DBDB4824-098A-4AB5-AD07-1B1F9974B9FE}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02CA24DD-C8B0-4280-BE53-7862869C2EB1}" = Realtek WiFi Protected Setup Library
"{110B1ADF-2EAE-4E8F-B501-D2A1E6D8ED9D}" = Studio 11
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Earth
"{2290A680-4083-410A-ADCC-7092C67FC052}" = Toshiba Online Product Information
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{262DA23B-4BAB-463F-B1DC-9B5287CAB5CA}}_is1" = Deinstallation der Arcor Online Software
"{26A24AE4-039D-4CA4-87B4-2F83216030FF}" = Java(TM) 6 Update 30
"{2883F6F5-0509-43F3-868C-D50330DD9DD3}" = TOSHIBA Hardware Setup
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{45A1BF92-700A-4408-B95E-79F462E3D67D}" = Studio 11 Bonus DVD
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B1E87C3-00DE-4898-8E39-E390AAEF2391}" = TOSHIBA Supervisor Password
"{56995235-B76E-44A6-BA17-8FF13D3F907A}" = TOSHIBA Benutzerhandbücher
"{5980B928-1C95-4B3E-957B-B02D8147FF9E}" = Desktop SMS
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6AB749DD-670E-42D7-AC1B-6E579E496DDA}" = Studio 11
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TRDCReminder
"{78C6A78A-8B03-48C8-A47C-78BA1FCA2307}" = TOSHIBA ConfigFree
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista
"{895722FE-25FE-4854-95AC-B0C42F9DBEDA}" = REALTEK RTL8187B Wireless LAN Driver
"{89A43E80-AC6C-4DA8-9800-F4B30ED577C0}" = OLYMPUS ib
"{8F8D9297-FDD2-405A-97E7-E52C7B2F97B3}" = Ulead VideoStudio SE DVD
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A81200000003}" = Adobe Reader 8.1.2 - Deutsch
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Disc Creator
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9-Reihe
"{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORDCLauncher
"{EF781A5C-58F5-4BFD-87F9-E4F14D382F25}" = Pinnacle Instant DVD Recorder
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA
"{F9AEEC34-CF00-4CBD-9E36-DF9DC4002685}" = Yahoo! Desktop Login
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AVG8Uninstall" = AVG Free 8.5
"CNXT_MODEM_PCI_VEN_14F1&DEV_2C06&SUBSYS_14F10000" = HDAUDIO Soft Data Fax Modem with SmartCP
"E77704EF5E71F4F18CADFBFA68595AFE036D5D97" = Windows-Treiberpaket - OLYMPUS IMAGING CORP. Camera Communication Driver Package (09/09/2009 1.0.0.0)
"Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition 2.0.0.1 (D)
"Google Desktop" = Google Desktop
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TRDCReminder
"InstallShield_{89A43E80-AC6C-4DA8-9800-F4B30ED577C0}" = OLYMPUS ib
"InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORDCLauncher
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"MAGIX Digital Foto Maker SE D" = MAGIX Digital Foto Maker SE 4.1.0.835 (D)
"MAGIX Foto Suite D" = MAGIX Foto Suite 1.12.0.89 (D)
"MAGIX Online Druck Service D" = MAGIX Online Druck Service 2.3.2.0 (D)
"MEDION DVC Media" = MEDION DVC Media
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 11.0 (x86 de)" = Mozilla Firefox 11.0 (x86 de)
"myphotobook" = myphotobook 3.5
"Philips Intelligent Agent_is1" = Philips Intelligent Agent
"proDAD-Heroglyph-2.5" = proDAD Heroglyph 2.5
"proDAD-Vitascene-1.0" = proDAD Vitascene 1.0
"ST6UNST #1" = USM-BN Sound-Teacher V2.00
"ST6UNST #10" = USM-BN Sound-Teacher V2.00 (C:\Program Files\USM-BN Sound-Teacher\) #10
"ST6UNST #11" = USM-BN Sound-Teacher V2.00 (C:\Program Files\USM-BN Sound-Teacher\) #11
"ST6UNST #2" = USM-BN Sound-Teacher V2.00 (C:\Program Files\USM-BN Sound-Teacher\)
"ST6UNST #3" = USM-BN Sound-Teacher V2.00 (C:\Program Files\USM-BN Sound-Teacher\) #3
"ST6UNST #4" = USM-BN Sound-Teacher V2.00 (C:\Program Files\USM-BN Sound-Teacher\) #4
"ST6UNST #5" = USM-BN Sound-Teacher V2.00 (C:\Program Files\USM-BN Sound-Teacher\) #5
"ST6UNST #6" = USM-BN Sound-Teacher V2.00 (C:\Program Files\USM-BN Sound-Teacher\) #6
"ST6UNST #7" = USM-BN Sound-Teacher V2.00 (C:\Program Files\USM-BN Sound-Teacher\) #7
"ST6UNST #8" = USM-BN Sound-Teacher V2.00 (C:\Program Files\USM-BN Sound-Teacher\) #8
"ST6UNST #9" = USM-BN Sound-Teacher V2.00 (C:\Program Files\USM-BN Sound-Teacher\) #9
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Windows Media Encoder 9" = Windows Media Encoder 9-Reihe
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 26.09.2012 07:13:11 | Computer Name = BrigitteSchu-PC | Source = WinMgmt | ID = 10
Description =
Error - 29.09.2012 14:31:38 | Computer Name = BrigitteSchu-PC | Source = WinMgmt | ID = 10
Description =
Error - 29.09.2012 16:24:45 | Computer Name = BrigitteSchu-PC | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 9.0.8112.16448 arbeitet nicht mehr
mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
"Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen
über das Problem zu suchen. Prozess-ID: 9e8 Anfangszeit: 01cd9e7ba6b5aefe Zeitpunkt
der Beendigung: 11529
Error - 30.09.2012 13:43:02 | Computer Name = BrigitteSchu-PC | Source = WinMgmt | ID = 10
Description =
Error - 30.09.2012 14:11:10 | Computer Name = BrigitteSchu-PC | Source = WinMgmt | ID = 10
Description =
Error - 02.10.2012 03:41:05 | Computer Name = BrigitteSchu-PC | Source = WinMgmt | ID = 10
Description =
Error - 02.10.2012 11:12:08 | Computer Name = BrigitteSchu-PC | Source = WinMgmt | ID = 10
Description =
Error - 09.10.2012 04:39:37 | Computer Name = BrigitteSchu-PC | Source = WinMgmt | ID = 10
Description =
Error - 09.10.2012 05:07:19 | Computer Name = BrigitteSchu-PC | Source = RasClient | ID = 20227
Description =
Error - 09.10.2012 05:07:47 | Computer Name = BrigitteSchu-PC | Source = RasClient | ID = 20227
Description =
[ System Events ]
Error - 29.09.2012 15:17:31 | Computer Name = BrigitteSchu-PC | Source = DCOM | ID = 10005
Description =
Error - 29.09.2012 15:17:31 | Computer Name = BrigitteSchu-PC | Source = Service Control Manager | ID = 7009
Description =
Error - 29.09.2012 15:17:31 | Computer Name = BrigitteSchu-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 30.09.2012 14:08:19 | Computer Name = BrigitteSchu-PC | Source = DCOM | ID = 10010
Description =
Error - 09.10.2012 05:09:19 | Computer Name = BrigitteSchu-PC | Source = DCOM | ID = 10016
Description =
Error - 09.10.2012 05:09:19 | Computer Name = BrigitteSchu-PC | Source = DCOM | ID = 10016
Description =
Error - 09.10.2012 06:23:38 | Computer Name = BrigitteSchu-PC | Source = DCOM | ID = 10010
Description =
Error - 12.10.2012 09:30:22 | Computer Name = BrigitteSchu-PC | Source = Service Control Manager | ID = 7011
Description =
Error - 21.10.2012 11:59:59 | Computer Name = BrigitteSchu-PC | Source = DCOM | ID = 10010
Description =
Error - 21.10.2012 11:59:59 | Computer Name = BrigitteSchu-PC | Source = DCOM | ID = 10000
Description =
< End of report >
Habe ich irgendwelche Infos vergessen? Schon jetzt vielen Dank für die Unterstützung. Grüße. |
| Themen zu GVU-Trojaner |
| adobe, autorun, avg, bho, defender, error, excel, firefox, flash player, format, google, home, install.exe, intranet, logfile, object, olympus, plug-in, realtek, registry, rundll, scan, security, senden, software, udp, usb, usb 2.0, viren, vista |
Baum-Darstellung