Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
GVU Trojaner WinXP Professional SOS

GVU Trojaner WinXP Professional SOS


Plagegeister aller Art und deren Bekämpfung: GVU Trojaner WinXP Professional SOS

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Thema geschlossen
Alt 06.11.2012, 19:41   #1
cookie82
 
GVU Trojaner WinXP Professional SOS - Standard

GVU Trojaner WinXP Professional SOS


Hallo liebe Leute brauche dringend Eure Hilfe habe mir eben einen GVU Trojaner runter geschossen habe schon Defogger runter geladen und mit OTL gescannt dabei sind folgende TxT Editor heraus gekommen was soll ich nun tun? Hilfe


OTL Extras logfile created on: 06.11.2012 18:39:13 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2,00 Gb Total Physical Memory | 1,58 Gb Available Physical Memory | 78,87% Memory free
3,85 Gb Paging File | 3,61 Gb Available in Paging File | 93,66% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 58,59 Gb Total Space | 39,32 Gb Free Space | 67,10% Space Free | Partition Type: NTFS

Computer Name: PRIVAT-E11FD89E | User Name: Administrator | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-1417001333-1409082233-1202660629-500\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
http [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Facebook\Video\Skype\FacebookVideoCalling.exe" = C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Facebook\Video\Skype\FacebookVideoCalling.exe:*:Enabled:Facebook Video Calling Plugin -- (Skype Limited)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00C2AF74-C739-B278-22BB-90F92772635E}" = CCC Help Japanese
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{056F567C-E1FB-840B-1389-FAEBF3EA9568}" = CCC Help Korean
"{08777C3E-910E-F79C-5864-D2A17A91A1E7}" = Catalyst Control Center Localization French
"{0B7CC558-113F-6CBF-BC60-5BC1A9AB0935}" = Catalyst Control Center Localization Italian
"{0D81EE92-CA0C-E0B3-8D1B-C7D2BEA28ED6}" = Catalyst Control Center Localization Spanish
"{0F9178BF-5531-CDF0-BB10-AEEF23EF7896}" = Skins
"{101AA343-44A3-39A2-5716-D16C9A380E3E}" = Catalyst Control Center Graphics Light
"{10E1E87C-656C-4D08-86D6-5443D28583BE}" = TrayApp
"{12673141-C46A-3B11-06CE-6C3948886B34}" = Catalyst Control Center Localization Korean
"{13730213-FCB1-96DA-A5EB-D7F9BBD5D4DF}" = CCC Help Czech
"{1753255A-0AEB-4220-8C75-607B73F0C133}" = Copy
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{22466889-7642-488d-AA0E-F619704CF7AB}" = DeviceDiscovery
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java(TM) 6 Update 12
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg
"{2F28B3C9-2C89-4206-8B33-8ADC9577C49B}" = Scan
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{350CCF27-81F6-2D0F-92B0-8D9B16C96D35}" = Catalyst Control Center Localization Danish
"{3E358932-0375-1619-4A7E-82973C77EDF9}" = CCC Help English
"{43AC517E-E59C-8B59-225F-CC2218A62BAF}" = CCC Help Spanish
"{47ADB60A-9C9A-31C3-316E-6258F90BDF0D}" = Catalyst Control Center Localization Polish
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport
"{55B18E1C-0693-420B-09F9-ED6F4FE04625}" = CCC Help Swedish
"{603D3347-F382-5A60-6C69-3FC2A5BB41F0}" = Catalyst Control Center Localization Hungarian
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{651F2BAB-2EFB-BA61-DF83-81F746B98A21}" = Catalyst Control Center Localization Dutch
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{71D9FA06-60A7-4EFD-C07D-772F0E734EC0}" = Catalyst Control Center Localization Russian
"{77878FCF-CC5A-6B7D-8D38-44CE96A0B4FF}" = CCC Help Finnish
"{7C31BD57-5CB1-72F8-2ACA-04011645E8EF}" = Catalyst Control Center Localization German
"{86D747DF-DCFE-235F-38AC-58EDFFBAB928}" = Catalyst Control Center Localization Thai
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A562D2B-F0FA-90A1-F15A-15BFEACBE79F}" = Catalyst Control Center Localization Japanese
"{8B0A5B0D-A9B1-FC3C-5D91-89EF6E38CCB4}" = CCC Help Polish
"{8D96C10A-AC25-C21C-4847-BFCD29CA4011}" = CCC Help Russian
"{8E186BE9-56D0-BD47-6CC7-72DCC54FE07D}" = CCC Help Portuguese
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{93FFACAA-A498-A775-5023-3E7BA7E78605}" = Catalyst Control Center Localization Portuguese
"{96A7CA3E-D25F-886F-5568-6E668065D12F}" = Catalyst Control Center Graphics Full Existing
"{974B7DCF-D588-4B8F-4C45-D58114F9DC08}" = ccc-core-static
"{9E3361F6-510E-0D23-F55B-06944568B370}" = Catalyst Control Center Localization Swedish
"{9EBD9409-9212-DA57-BF61-826BCC9EBB79}" = Catalyst Control Center Localization Chinese Traditional
"{9F41BDE7-5013-4BE0-A59F-C01454F28C64}" = CCC Help Chinese Standard
"{9F4589FF-123B-7720-7FD1-B27E0E4481FA}" = CCC Help Turkish
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A7E89E62-B428-67CD-CE72-5B4F3C398626}" = Catalyst Control Center Localization Czech
"{AB40272D-92AB-4F30-B36B-22EDE16F8FE5}" = HP Update
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{AD72CFB4-C2BF-424E-9DF0-C7BAD1F30A11}" = Adobe Shockwave Player
"{ADB9A69D-8C04-EA19-EB28-955E2C99C862}" = CCC Help Thai
"{AEA07F97-9088-497c-8821-0F36BD5DC251}" = HPProductAssistant
"{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan
"{B182E10E-BFB9-1A30-0D89-0F6EE164DDC7}" = CCC Help Danish
"{B2CC748E-7E50-9FAD-4C4F-6248B615F359}" = Catalyst Control Center Graphics Full New
"{B406CF92-6E86-AED9-6552-A2AC72F7DB44}" = Catalyst Control Center Localization Norwegian
"{B4F35A00-24FD-4fb3-BF5E-413D5423434D}" = DJ_AIO_Software_min
"{B61F99C0-F3E7-F860-065D-A0C913141BB9}" = CCC Help French
"{B6729F2E-0E52-0347-28F9-56DAC5D55546}" = CCC Help Greek
"{B6F9DDD8-9071-75F7-129B-882CEFF89E87}" = CCC Help Hungarian
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"{BCD6CD1A-0DBE-412E-9F25-3B500D1E6BA1}" = SolutionCenter
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1480F12-72C3-B22F-10FD-732FFB78E179}" = Catalyst Control Center Localization Greek
"{C5717CBD-CB8D-1317-63BF-00433B78350C}" = Catalyst Control Center Core Implementation
"{CA50045C-5119-48e7-9BA7-6B317379857A}" = DJ_AIO_Software
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component
"{D4517639-0A0A-3438-DCD1-6E036E1AB71E}" = ccc-core-preinstall
"{D454C165-5149-E6A9-2C88-E8E2C20D54CF}" = CCC Help Italian
"{D94DE4D5-21A6-20EA-3683-3307517F2147}" = CCC Help Dutch
"{D984C0B5-F350-213C-487A-1480D1684DEC}" = Catalyst Control Center Localization Finnish
"{DBB59EA9-F563-4FFB-0DCE-C7C42DF5735B}" = Catalyst Control Center Localization Turkish
"{DBE8F18D-EBAE-66DB-B503-7E6F50F473C7}" = CCC Help German
"{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm
"{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox
"{EB0D8A2A-5BF2-7AD2-1870-DD101E91F6AB}" = CCC Help Chinese Traditional
"{EDC7A758-99CE-07F7-99DF-F0280CFF4DD1}" = Catalyst Control Center Localization Chinese Standard
"{F0631A62-934C-D43C-6EDA-C9BFB6B724B1}" = CCC Help Norwegian
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{FA8A44D7-3E8A-4034-9C4F-088FA6B72BC4}" = HP Deskjet All-In-One Software 9.0
"{FD8D8B04-BEAD-4A55-AA1D-62D2373E7DEA}" = Status
"{FEAB1D9A-7B80-B05F-8CCE-C3E6B286EEC5}" = ccc-utility
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"All ATI Software" = ATI - Dienstprogramm zur Deinstallation der Software
"Ashampoo Burning Studio 2012_is1" = Ashampoo Burning Studio 2012 v.10.0.15
"Ashampoo_DE Toolbar" = Ashampoo DE Toolbar
"ATI Display Driver" = ATI Display Driver
"avast" = avast! Free Antivirus
"BabylonToolbar" = Babylon toolbar
"DXAddon" = DirectX 9.0c Zusatzdateien
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"HP Imaging Device Functions" = HP Imaging Device Functions 9.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 9.0
"ie7" = Internet Explorer 7
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Motherboard Monitor 5.3.7.0 Languages_is1" = Motherboard Monitor 5 Languages
"Mozilla Firefox 16.0.2 (x86 de)" = Mozilla Firefox 16.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSNINST" = MSN
"Runtimes" = Allgemeine Runtime Dateien
"Savings Sidekick" = Savings Sidekick
"Updater Service" = Updater Service
"VideoPerformer" = VideoPerformer
"VLC media player" = VLC media player 2.0.3
"WUV30" = Windows Update Agent 3.0

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 13.07.2012 15:43:02 | Computer Name = PRIVAT-E11FD89E | Source = .NET Runtime Optimization Service | ID = 1111
Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32)
- Service reached limit of transient errors. Will shut down. Last error returned
from Service Manager: 0x800736b1.

Error - 14.07.2012 12:37:40 | Computer Name = PRIVAT-E11FD89E | Source = MsiInstaller | ID = 1013
Description = Produkt: Microsoft .NET Framework 2.0 -- Setup cannot continue because
this version of the .NET Framework is incompatible with a previously installed
one. For more information, see hxxp://support.microsoft.com/support/kb/articles/q312/5/00.asp

Error - 14.07.2012 12:54:34 | Computer Name = PRIVAT-E11FD89E | Source = HotFixInstaller | ID = 5000
Description = EventType visualstudio8setup, P1 microsoft .net framework 2.0-kb2686828,
P2 1031, P3 1642, P4 msi, P5 f, P6 9.0.40215.0, P7 install, P8 x86, P9 xp, P10
0.

Error - 14.07.2012 12:55:27 | Computer Name = PRIVAT-E11FD89E | Source = HotFixInstaller | ID = 5000
Description = EventType visualstudio8setup, P1 microsoft .net framework 2.0-kb979909,
P2 1031, P3 1642, P4 msi, P5 f, P6 9.0.40302.0, P7 install, P8 x86, P9 xp, P10
0.

Error - 11.09.2012 12:41:20 | Computer Name = PRIVAT-E11FD89E | Source = MsiInstaller | ID = 11904
Description = Produkt: SolutionCenter -- Fehler 1904. Fehler bei der Registrierung
des Moduls C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx. HRESULT -2147220473.
Wenden Sie sich an den Support.

Error - 16.09.2012 04:25:52 | Computer Name = PRIVAT-E11FD89E | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung firefox.exe, Version 15.0.1.4631, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.

Error - 16.09.2012 04:26:37 | Computer Name = PRIVAT-E11FD89E | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung firefox.exe, Version 15.0.1.4631, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.

Error - 16.09.2012 04:28:35 | Computer Name = PRIVAT-E11FD89E | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung firefox.exe, Version 15.0.1.4631, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.

Error - 16.09.2012 04:30:31 | Computer Name = PRIVAT-E11FD89E | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung firefox.exe, Version 15.0.1.4631, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.

Error - 11.10.2012 13:00:53 | Computer Name = PRIVAT-E11FD89E | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung avastui.exe, Version 7.0.1466.549, fehlgeschlagenes
Modul unknown, Version 0.0.0.0, Fehleradresse 0x20006aa9.

[ System Events ]
Error - 27.09.2012 12:32:04 | Computer Name = PRIVAT-E11FD89E | Source = Dhcp | ID = 1001
Description = Diesem Computer konnte keine Netzwerkadresse durch den DHCP-Server
für die Netzwerkkarte mit der Netzwerkadresse 001B9E66BC3F zugeteilt werden. Der
folgende Fehler ist aufgetreten: %%121. Es wird weiterhin im Hintergrund versucht,
eine Adresse vom Netzwerkadressserver (DHCP) zugeteilt zu bekommen.


< End of report >

OTL logfile created on: 06.11.2012 18:39:13 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2,00 Gb Total Physical Memory | 1,58 Gb Available Physical Memory | 78,87% Memory free
3,85 Gb Paging File | 3,61 Gb Available in Paging File | 93,66% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 58,59 Gb Total Space | 39,32 Gb Free Space | 67,10% Space Free | Partition Type: NTFS

Computer Name: PRIVAT-E11FD89E | User Name: Administrator | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)


========== Modules (No Company Name) ==========

MOD - c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Video Performer Manager\2.4.897.175\{16cdff19-861d-48e3-a751-d99a27784753}\videomngr.dll ()
MOD - C:\Programme\Mozilla Firefox\mozjs.dll ()
MOD - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
MOD - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.DEU ()


========== Services (SafeList) ==========

SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found
SRV - (IBUpdaterService) -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\IBUpdaterService\ibsvc.exe ()
SRV - (Video Performer Manager) -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Video Performer Manager\2.4.897.175\{16cdff19-861d-48e3-a751-d99a27784753}\videomngr.exe ()
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (JavaQuickStarterService) -- C:\Programme\Java\jre7\bin\jqs.exe (Oracle Corporation)
SRV - (avast! Antivirus) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (WDICA) -- File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (lbrtfdc) -- File not found
DRV - (i2omgmt) -- File not found
DRV - (Changer) -- File not found
DRV - (aswSnx) -- C:\WINDOWS\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\WINDOWS\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswTdi) -- C:\WINDOWS\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswMon2) -- C:\WINDOWS\System32\drivers\aswmon2.sys (AVAST Software)
DRV - (AswRdr) -- C:\WINDOWS\System32\drivers\aswRdr.sys (AVAST Software)
DRV - (Aavmker4) -- C:\WINDOWS\System32\drivers\aavmker4.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (AR5416) -- C:\WINDOWS\system32\drivers\athw.sys (Atheros Communications, Inc.)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (IntcAzAudAddService) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems)
DRV - (yukonwxp) -- C:\WINDOWS\system32\drivers\yk51x86.sys (Marvell)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1417001333-1409082233-1202660629-500\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://search.babylon.com/?affID=117116&tt=4512_5&babsrc=HP_ss&mntrId=c8f3b1d8000000000000001b9e66bc3f
IE - HKU\S-1-5-21-1417001333-1409082233-1202660629-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.babylon.com/?affID=117116&tt=4512_5&babsrc=HP_ss&mntrId=c8f3b1d8000000000000001b9e66bc3f
IE - HKU\S-1-5-21-1417001333-1409082233-1202660629-500\..\URLSearchHook: {5786d022-540e-4699-b350-b4be0ae94b79} - C:\Programme\Ashampoo_DE\prxtbAsha.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-1417001333-1409082233-1202660629-500\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-1417001333-1409082233-1202660629-500\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKU\S-1-5-21-1417001333-1409082233-1202660629-500\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=117116&tt=4512_5&babsrc=SP_ss&mntrId=c8f3b1d8000000000000001b9e66bc3f
IE - HKU\S-1-5-21-1417001333-1409082233-1202660629-500\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2481020
IE - HKU\S-1-5-21-1417001333-1409082233-1202660629-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledAddons: crossriderapp5060@crossrider.com:0.85.37


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw_1167637.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Programme\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Programme\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Programme\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Programme\AVAST Software\Avast\WebRep\FF [2012.09.11 17:57:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.10.28 16:45:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{dfefbe51-ca52-484b-adf0-6b158b05262d}: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Video Performer Manager\2.4.897.175\{16cdff19-861d-48e3-a751-d99a27784753}\FirefoxExtension [2012.11.06 15:07:50 | 000,000,000 | ---D | M]

[2012.09.16 09:33:33 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Extensions
[2012.11.06 18:16:48 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\myb0h814.default\extensions
[2012.11.06 15:07:29 | 000,000,000 | ---D | M] ("Savings Sidekick") -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\myb0h814.default\extensions\crossriderapp5060@crossrider.com
[2012.11.06 15:07:29 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\myb0h814.default\extensions\crossriderapp5060@crossrider.com\chrome\content\exten sionCode
[2012.10.28 16:45:04 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.10.28 16:45:13 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2012.09.06 03:07:37 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.11.06 15:07:46 | 000,002,349 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\babylon.xml
[2012.09.06 03:07:37 | 000,002,465 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2012.09.06 03:07:37 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2012.09.06 03:07:37 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.09.06 03:07:37 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.09.06 03:07:37 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2008.04.14 12:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Savings Sidekick) - {11111111-1111-1111-1111-110011501160} - C:\Programme\Savings Sidekick\Savings Sidekick.dll (215 Apps)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Programme\BabylonToolbar\BabylonToolbar\1.8.3.8\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (Ashampoo DE Toolbar) - {5786d022-540e-4699-b350-b4be0ae94b79} - C:\Programme\Ashampoo_DE\prxtbAsha.dll (Conduit Ltd.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Ashampoo DE Toolbar) - {5786d022-540e-4699-b350-b4be0ae94b79} - C:\Programme\Ashampoo_DE\prxtbAsha.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Programme\BabylonToolbar\BabylonToolbar\1.8.3.8\BabylonToolbarTlbr.dll (Babylon Ltd.)
O3 - HKU\S-1-5-21-1417001333-1409082233-1202660629-500\..\Toolbar\WebBrowser: (Ashampoo DE Toolbar) - {5786D022-540E-4699-B350-B4BE0AE94B79} - C:\Programme\Ashampoo_DE\prxtbAsha.dll (Conduit Ltd.)
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [avast] C:\Programme\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [StartCCC] C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKU\S-1-5-21-1417001333-1409082233-1202660629-500..\Run: [Facebook Update] C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKU\.DEFAULT..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 File not found
O4 - HKU\S-1-5-18..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 File not found
O4 - HKU\S-1-5-20..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 File not found
O4 - Startup: C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\Autostart\ctfmon.lnk = C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\lsass.exe (Microsoft Corporation)
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1417001333-1409082233-1202660629-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab (Java Plug-in 1.6.0_12)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BB6FAB69-358A-4715-A1D5-2F6AEC1C79B7}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (c:\dokume~1\alluse~1\anwend~1\videop~1\24897~1.175\{16cdf~1\videom~1.dll) - c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Video Performer Manager\2.4.897.175\{16cdff19-861d-48e3-a751-d99a27784753}\videomngr.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Desktop-Hintergrund.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Desktop-Hintergrund.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012.07.13 20:30:39 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012.11.06 18:16:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2012.11.06 17:47:28 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\PriceGong
[2012.11.06 17:42:57 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\BabylonToolbar
[2012.11.06 17:42:50 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\lsass.exe
[2012.11.06 15:08:12 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\VideoPerformer
[2012.11.06 15:08:10 | 000,000,000 | ---D | C] -- C:\Programme\BabylonToolbar
[2012.11.06 15:07:48 | 000,000,000 | ---D | C] -- C:\Programme\VideoPerformer
[2012.11.06 15:07:32 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Babylon
[2012.11.06 15:07:31 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Babylon
[2012.11.06 15:07:30 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Savings Sidekick
[2012.11.06 15:07:24 | 000,000,000 | ---D | C] -- C:\Programme\Savings Sidekick
[2012.11.06 15:07:12 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Video Performer Manager
[2012.11.06 15:07:02 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\IBUpdaterService
[2012.10.28 16:45:04 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Firefox
[2012.10.11 19:06:38 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Adobe
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012.11.06 18:20:23 | 000,458,402 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2012.11.06 18:20:23 | 000,440,684 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012.11.06 18:20:23 | 000,084,500 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2012.11.06 18:20:23 | 000,071,002 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012.11.06 18:16:28 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.11.06 18:16:02 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.11.06 18:14:00 | 083,023,306 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\dsgsdgdsgdsgw.pad
[2012.11.06 18:11:24 | 000,000,370 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2012.11.06 17:42:54 | 000,001,088 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\Autostart\ctfmon.lnk
[2012.11.06 17:42:50 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\lsass.exe
[2012.11.06 17:40:03 | 000,001,050 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-1417001333-1409082233-1202660629-500UA.job
[2012.11.06 17:29:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012.11.06 15:08:12 | 000,000,740 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Video Performer.lnk
[2012.11.05 20:40:00 | 000,001,028 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-1417001333-1409082233-1202660629-500Core.job
[2012.10.09 16:31:33 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012.10.09 16:31:33 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012.11.06 17:42:54 | 000,001,088 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\Autostart\ctfmon.lnk
[2012.11.06 17:42:51 | 083,023,306 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\dsgsdgdsgdsgw.pad
[2012.11.06 15:08:12 | 000,000,740 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Video Performer.lnk
[2012.09.11 17:37:21 | 000,159,911 | ---- | C] () -- C:\WINDOWS\hpoins14.dat
[2012.09.11 17:37:21 | 000,002,000 | ---- | C] () -- C:\WINDOWS\hpomdl14.dat
[2012.09.11 17:21:49 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2012.07.14 18:24:09 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2012.07.14 17:36:22 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012.07.14 17:03:16 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativvaxx.dat
[2012.07.14 17:03:16 | 000,972,072 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2012.07.14 17:03:15 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2012.07.14 17:03:13 | 000,151,367 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2012.07.13 21:15:28 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2012.07.13 21:13:23 | 000,191,384 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012.07.13 20:48:38 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2012.07.13 20:41:24 | 000,059,904 | ---- | C] () -- C:\WINDOWS\System32\zlib1.dll
[2012.07.13 20:41:23 | 000,162,304 | ---- | C] () -- C:\WINDOWS\System32\libpng13.dll
[2012.07.13 20:41:22 | 000,394,752 | ---- | C] () -- C:\WINDOWS\System32\cygwinb19.dll
[2012.07.13 20:23:52 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

========== ZeroAccess Check ==========

[2012.07.13 20:34:54 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2009.02.19 19:29:27 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2008.04.14 12:00:00 | 000,472,064 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008.04.14 12:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012.09.11 17:29:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Ashampoo
[2012.11.06 15:07:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Babylon
[2012.11.06 17:42:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\BabylonToolbar
[2012.09.18 18:29:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\MSNInstaller
[2012.11.06 18:11:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\PriceGong
[2012.09.11 17:29:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ashampoo
[2012.09.11 17:57:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVAST Software
[2012.11.06 15:07:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Babylon
[2012.11.06 15:07:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\IBUpdaterService
[2012.11.06 17:46:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Video Performer Manager

========== Purity Check ==========



< End of report >

Alt 07.11.2012, 05:48   #2
t'john
/// Helfer-Team
 
GVU Trojaner WinXP Professional SOS - Standard

GVU Trojaner WinXP Professional SOS


Warum erstellst du zwei Themen?

http://www.trojaner-board.de/126608-...ional-sos.html
__________________

__________________
Thema geschlossen

Themen zu GVU Trojaner WinXP Professional SOS
.dll, 32 bit, administrator, adobe, avast, babylontoolbar, bho, continue, desktop, dringend, einstellungen, error, explorer, fehler, flash player, format, help, helper, home, ibupdaterservice, limited.com/facebook, logfile, mozilla, msiinstaller, plug-in, realtek, registry, rundll, savings, savings sidekick, security, sidekick, software, trojaner


« GVU, Polizei, BKA Trojaner kommt immer und immer wieder | GVU Trojaner comeback »


Ähnliche Themen: GVU Trojaner WinXP Professional SOS


  1. Windows XP Professional: Ukash-Trojaner entfernen.
    Log-Analyse und Auswertung - 28.12.2013 (10)
  2. WinXP SP3 Malware - Virenscanner usw. lassen sich nicht installieren! Dualbootsystem WinXP/Win7
    Log-Analyse und Auswertung - 13.12.2013 (15)
  3. Windows 7 Professional - nach Trojaner, vor Trojaner?
    Plagegeister aller Art und deren Bekämpfung - 30.09.2013 (3)
  4. BKA-Trojaner Windows XP Professional (ohne Abgesicherten Modus)
    Log-Analyse und Auswertung - 29.08.2013 (44)
  5. Trojaner Ava Soft Professional Antivirus auf meinem Laptop
    Plagegeister aller Art und deren Bekämpfung - 10.08.2013 (42)
  6. GVU Trojaner Windows XP Professional
    Plagegeister aller Art und deren Bekämpfung - 18.06.2013 (4)
  7. bka trojaner winxp professional
    Plagegeister aller Art und deren Bekämpfung - 18.06.2013 (21)
  8. Rechner sauber nach AVASoft Professional Antivirus (=Trojaner)?
    Log-Analyse und Auswertung - 22.04.2013 (25)
  9. WinXP: BKA-Trojaner füllt Bildschirm voll aus, davor sah ich einen Film an. Trojaner: Trojan.Agent
    Plagegeister aller Art und deren Bekämpfung - 14.04.2013 (15)
  10. GVU-Trojaner und Disk Antivirus Professional-Trojaner
    Plagegeister aller Art und deren Bekämpfung - 13.03.2013 (11)
  11. GVU/BKA Trojaner eingefangen auf Windows 7 64 Professional
    Log-Analyse und Auswertung - 25.02.2013 (1)
  12. GVU Trojaner WinXP Professional SOS
    Log-Analyse und Auswertung - 16.12.2012 (2)
  13. WinXP BKA-Trojaner v1.13
    Log-Analyse und Auswertung - 21.09.2012 (16)
  14. WinXP GVU Trojaner 2.07
    Log-Analyse und Auswertung - 17.07.2012 (9)
  15. GVU Trojaner WinXP SP3 - weg?
    Log-Analyse und Auswertung - 07.06.2012 (5)
  16. Bundespolizei Trojaner Win XP Professional, abgesichert nicht möglich
    Log-Analyse und Auswertung - 20.10.2011 (23)
  17. WINXP Professional erkennt Satafestplatten nicht
    Alles rund um Windows - 01.11.2007 (4)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema GVU Trojaner WinXP Professional SOS - Hallo liebe Leute brauche dringend Eure Hilfe habe mir eben einen GVU Trojaner runter geschossen habe schon Defogger runter geladen und mit OTL gescannt dabei sind folgende TxT Editor heraus - GVU Trojaner WinXP Professional SOS...
Archiv
Du betrachtest: GVU Trojaner WinXP Professional SOS auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19