|
Plagegeister aller Art und deren Bekämpfung: GVU-Trojaner nach Systemwiderherstellung noch aktiv ?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
08.11.2012, 10:15 | #1 |
| GVU-Trojaner nach Systemwiderherstellung noch aktiv ? Hallo Leute, gestern war es auch bei mir soweit, der GVU-Trojaner hat nun auch bei mir zugeschlagen. Zur Sicherheit führte ich ersteinmal eine Systemwiderherstellung durch und setzte alles auf die Werkseinstellungen zurück. Danach scannte ich mit antivir und malewarebyte meinen PC, aber ohne Fund. Bei meiner Recherche stieß ich dann auf trojaner-board. Also ich habe nun einen ersten schritt gemacht und mit otl durchgescannt im Anhang sind die beiden Logfiles. Ich hoffe wirklich, dass ihr mir schnell helfen könnt und ich bedanke mich im voraus schonmal für all eure mühen! Vielen Dank ! Mfg |
08.11.2012, 12:11 | #2 |
| GVU-Trojaner nach Systemwiderherstellung noch aktiv ? hier mal noch als code
__________________Otl: OTL Logfile: Code:
ATTFilter OTL logfile created on: 08.11.2012 09:36:36 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,89 Gb Total Physical Memory | 5,06 Gb Available Physical Memory | 64,09% Memory free 15,78 Gb Paging File | 12,77 Gb Available in Paging File | 80,94% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 372,60 Gb Total Space | 309,31 Gb Free Space | 83,01% Space Free | Partition Type: NTFS Drive D: | 533,59 Gb Total Space | 533,48 Gb Free Space | 99,98% Space Free | Partition Type: NTFS Drive E: | 3,70 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: *****-PC | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Windows\AsScrPro.exe (ASUS) PRC - C:\Users\***\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe (Avira Operations GmbH & Co. KG) PRC - C:\ProgramData\Browser Manager\2.3.796.11\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe () PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe (Microsoft Corporation.) PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) PRC - C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe (ASUS) PRC - C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe (ASUS) PRC - C:\Program Files (x86)\ASUS\ASUS Virtual Touch\QuickGesture\x86\QuickGesture.exe (ASUSTeK Computer Inc.) PRC - C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe (Atheros) PRC - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation) PRC - C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe (ASUSTek Computer Inc.) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) PRC - C:\Program Files (x86)\ASUS\Splendid\ACMON.exe (ASUS) PRC - C:\Windows\SysWOW64\ACEngSvr.exe (ASUSTeK) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe () PRC - C:\Program Files (x86)\ASUS\FaceLogon\sensorsrv.exe (ASUSTek Computer Inc.) PRC - C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUSTek Computer Inc.) PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe (ASUSTek Computer Inc.) PRC - C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe (ASUSTeK Computer Inc.) PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe (ASUS) PRC - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (ASUS) PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS) PRC - C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG) PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS) PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe (ASUS) PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe (ASUS) PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe (ASUS) ========== Modules (No Company Name) ========== MOD - C:\ProgramData\Browser Manager\2.3.796.11\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe () MOD - C:\ProgramData\Browser Manager\2.3.796.11\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.dll () MOD - C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll () MOD - C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll () MOD - C:\Program Files (x86)\ASUS\Wireless Console 3\acAuth.dll () ========== Services (SafeList) ========== SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (Browser Manager) -- C:\ProgramData\Browser Manager\2.3.796.11\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe () SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (BBUpdate) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe (Microsoft Corporation.) SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe (Microsoft Corporation.) SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (ASUS InstantOn) -- C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe (ASUS) SRV - (cphs) -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe (Intel Corporation) SRV - (ZAtheros Bt&Wlan Coex Agent) -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe (Atheros) SRV - (AtherosSvc) -- C:\Program Files (x86)\Bluetooth Suite\adminservice.exe (Atheros Commnucations) SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (jhi_service) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation) SRV - (Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe () SRV - (ASLDRService) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe (ASUS) SRV - (ATKGFNEXSrv) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (ASUS) SRV - (Fabs) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG) SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe (MAGIX®) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (AiCharger) -- C:\Windows\SysWOW64\drivers\AiCharger.sys (ASUSTek Computer Inc.) DRV - (ATKWMIACPIIO) -- C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys (ASUS) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) DRV - (ASMMAP64) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys (ASUS) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-4046236496-1397666211-1651137616-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com IE - HKU\S-1-5-21-4046236496-1397666211-1651137616-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com IE - HKU\S-1-5-21-4046236496-1397666211-1651137616-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com IE - HKU\S-1-5-21-4046236496-1397666211-1651137616-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com IE - HKU\S-1-5-21-4046236496-1397666211-1651137616-1001\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - No CLSID value found IE - HKU\S-1-5-21-4046236496-1397666211-1651137616-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-4046236496-1397666211-1651137616-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~2\mcafee\msc\npmcsn~1.dll () FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files (x86)\Common Files\McAfee\SystemCore [2012.02.24 03:52:05 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2012.11.08 00:42:01 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.11.08 01:03:17 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{b64982b1-d112-42b5-b1e4-d3867c4533f8}: C:\ProgramData\Browser Manager\2.3.796.11\{16cdff19-861d-48e3-a751-d99a27784753}\FirefoxExtension [2012.11.08 08:38:49 | 000,000,000 | ---D | M] [2012.11.08 01:03:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mario\AppData\Roaming\mozilla\Extensions [2012.11.08 08:38:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mario\AppData\Roaming\mozilla\Firefox\Profiles\a7bnw9bl.default\Extensions [2012.11.08 01:03:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.10.24 18:50:04 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.10.24 23:03:12 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.10.24 23:03:11 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.10.24 23:03:12 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.10.24 23:03:12 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.10.24 23:03:12 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.10.24 23:03:11 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2 - BHO: (no name) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - No CLSID value found. O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations) O2 - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No CLSID value found. O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4 - HKLM..\Run: [ACMON] C:\Program Files (x86)\ASUS\Splendid\ACMON.exe (ASUS) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [ASUS InstantKey] C:\Program Files (x86)\ASUS\ASUS Instant Key\Ikey_start.exe (ASUS) O4 - HKLM..\Run: [ASUS Screen Saver Protector] C:\Windows\AsScrPro.exe (ASUS) O4 - HKLM..\Run: [ASUSPRP] C:\Program Files (x86)\ASUS\APRP\APRP.EXE (ASUSTek Computer Inc.) O4 - HKLM..\Run: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe (ecareme) O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS) O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUSTek Computer Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS) O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation) O4 - HKLM..\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe (ASUSTeK Computer Inc.) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-4046236496-1397666211-1651137616-1000..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-21-4046236496-1397666211-1651137616-1000..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\S-1-5-21-4046236496-1397666211-1651137616-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations) O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 141.28.230.16 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{43ABC3F8-0C02-49EA-98F8-AC9EFC643EBB}: DhcpNameServer = 141.28.230.16 O20 - AppInit_DLLs: (c:\progra~3\browse~1\23796~1.11\{16cdf~1\browse~1.dll) - c:\ProgramData\Browser Manager\2.3.796.11\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.dll () O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 12:25:20 | 000,000,052 | R--- | M] () - E:\AUTORUN.INF -- [ UDF ] O33 - MountPoints2\{bfcb6e4c-297c-11e2-92a5-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{bfcb6e4c-297c-11e2-92a5-806e6f6e6963}\Shell\AutoRun\command - "" = E:\InstAll.exe -- [2011.12.05 03:31:12 | 002,016,720 | R--- | M] (ASUSTek Computer INC.) O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.11.08 09:36:00 | 000,000,000 | ---D | C] -- C:\ProgramData\USBChargerPlus [2012.11.08 09:33:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS Video Magic [2012.11.08 09:32:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CyberLink [2012.11.08 09:32:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Temp [2012.11.08 09:32:18 | 000,000,000 | ---D | C] -- C:\ProgramData\CyberLink [2012.11.08 09:32:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS Music Maker [2012.11.08 09:32:00 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\ASUS Music Maker [2012.11.08 09:32:00 | 000,000,000 | ---D | C] -- C:\ProgramData\ASUS Music Maker [2012.11.08 09:32:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ASUS Music Maker [2012.11.08 09:31:39 | 000,080,512 | ---- | C] (ASUS) -- C:\Windows\AsusScr_N6 Series_ENG Uninstaller.exe [2012.11.08 09:31:37 | 003,058,304 | ---- | C] (ASUS) -- C:\Windows\AsScrPro.exe [2012.11.08 09:31:33 | 000,162,456 | ---- | C] (ASUSTeK) -- C:\Windows\SysWow64\ACEngSvr.exe [2012.11.08 09:31:03 | 000,000,000 | ---D | C] -- C:\ProgramData\MAGIX [2012.11.08 09:30:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\MAGIX Services [2012.11.08 09:30:35 | 000,000,000 | ---D | C] -- C:\ProgramData\P4G [2012.11.08 09:30:22 | 000,000,000 | ---D | C] -- C:\ProgramData\ASUS Resource Center [2012.11.08 09:29:50 | 000,000,000 | ---D | C] -- C:\ProgramData\AmUStor [2012.11.08 09:29:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AmIcoSingLun [2012.11.08 09:29:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Atheros [2012.11.08 09:26:01 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BT Program [2012.11.08 09:26:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Atheros [2012.11.08 09:25:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bluetooth Suite [2012.11.08 09:25:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Qualcomm Atheros WiFi Driver Installation [2012.11.08 09:24:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Qualcomm Atheros [2012.11.08 09:24:34 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Atheros_L1e [2012.11.08 09:24:01 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM [2012.11.08 09:23:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation [2012.11.08 09:23:47 | 000,074,064 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysWow64\SFCOM.dll [2012.11.08 09:23:45 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Temp [2012.11.08 09:23:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek [2012.11.08 09:23:44 | 001,698,408 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\RtlExUpd.dll [2012.11.08 09:23:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield [2012.11.08 09:23:26 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\NV [2012.11.08 09:22:14 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA [2012.11.08 09:21:43 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation [2012.11.08 09:21:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation [2012.11.08 09:21:29 | 019,468,096 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll [2012.11.08 09:21:29 | 015,035,200 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll [2012.11.08 09:21:29 | 007,734,592 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll [2012.11.08 09:21:29 | 002,518,336 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll [2012.11.08 09:21:29 | 002,438,464 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll [2012.11.08 09:21:29 | 000,813,376 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvumdshim.dll [2012.11.08 09:21:29 | 000,301,376 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvdecodemft.dll [2012.11.08 09:21:29 | 000,215,360 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvinit.dll [2012.11.08 09:21:28 | 017,543,488 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll [2012.11.08 09:21:28 | 005,924,672 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll [2012.11.08 09:21:28 | 002,324,288 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll [2012.11.08 09:20:10 | 000,053,248 | ---- | C] (Windows XP Bundled build C-Centric Single User) -- C:\Windows\SysWow64\CSVer.dll [2012.11.08 09:18:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Intel [2012.11.08 09:16:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel [2012.11.08 09:16:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Intel [2012.11.08 09:16:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\postureAgent [2012.11.08 09:16:12 | 000,000,000 | ---D | C] -- C:\Intel [2012.11.08 09:16:11 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information [2012.11.08 09:16:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Intel [2012.11.08 09:12:24 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution [2012.11.08 09:07:05 | 000,000,000 | -HSD | C] -- C:\System Volume Information [2012.11.08 09:06:41 | 000,000,000 | ---D | C] -- C:\eSupport [2012.11.08 08:43:32 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Mario\Desktop\OTL.exe [2012.11.08 08:43:15 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2012.11.08 08:38:51 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Browser Manager [2012.11.08 08:38:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Browser Manager [2012.11.08 08:38:38 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Babylon [2012.11.08 08:38:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon [2012.11.08 08:26:48 | 000,000,000 | R--D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices [2012.11.08 01:21:36 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Adobe [2012.11.08 01:19:56 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Avira [2012.11.08 01:16:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2012.11.08 01:16:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2012.11.08 01:16:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira [2012.11.08 01:11:43 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes [2012.11.08 01:11:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.11.08 01:11:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.11.08 01:11:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.11.08 01:06:47 | 000,826,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpcore.dll [2012.11.08 01:03:22 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Mozilla [2012.11.08 01:03:22 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Mozilla [2012.11.08 01:03:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service [2012.11.08 01:03:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla [2012.11.08 01:03:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2012.11.08 00:59:25 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\CrashDumps [2012.11.08 00:58:46 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Macromedia [2012.11.08 00:58:45 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Adobe [2012.11.08 00:46:14 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\ASUS WebStorage [2012.11.08 00:44:08 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\ASUS [2012.11.08 00:43:59 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\BMExplorer [2012.11.08 00:43:59 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Bluetooth Folder [2012.11.08 00:43:56 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Atheros [2012.11.08 00:42:53 | 000,000,000 | R--D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [2012.11.08 00:42:53 | 000,000,000 | R--D | C] -- C:\Users\***\Searches [2012.11.08 00:42:53 | 000,000,000 | R--D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [2012.11.08 00:42:42 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Identities [2012.11.08 00:42:39 | 000,000,000 | R--D | C] -- C:\Users\***\Contacts [2012.11.08 00:42:36 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\VirtualStore [2012.11.08 00:41:48 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\ASUS [2012.11.08 00:41:45 | 000,000,000 | --SD | C] -- C:\Users\***\AppData\Roaming\Microsoft [2012.11.08 00:41:45 | 000,000,000 | R--D | C] -- C:\Users\***\Videos [2012.11.08 00:41:45 | 000,000,000 | R--D | C] -- C:\Users\***\Saved Games [2012.11.08 00:41:45 | 000,000,000 | R--D | C] -- C:\Users\***\Pictures [2012.11.08 00:41:45 | 000,000,000 | R--D | C] -- C:\Users\***\Music [2012.11.08 00:41:45 | 000,000,000 | R--D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance [2012.11.08 00:41:45 | 000,000,000 | R--D | C] -- C:\Users\***\Links [2012.11.08 00:41:45 | 000,000,000 | R--D | C] -- C:\Users\***\Favorites [2012.11.08 00:41:45 | 000,000,000 | R--D | C] -- C:\Users\***\Downloads [2012.11.08 00:41:45 | 000,000,000 | R--D | C] -- C:\Users\***\Documents [2012.11.08 00:41:45 | 000,000,000 | R--D | C] -- C:\Users\***\Desktop [2012.11.08 00:41:45 | 000,000,000 | R--D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories [2012.11.08 00:41:45 | 000,000,000 | -HSD | C] -- C:\Users\***\Vorlagen [2012.11.08 00:41:45 | 000,000,000 | -HSD | C] -- C:\Users\***\AppData\Local\Verlauf [2012.11.08 00:41:45 | 000,000,000 | -HSD | C] -- C:\Users\***\AppData\Local\Temporary Internet Files [2012.11.08 00:41:45 | 000,000,000 | -HSD | C] -- C:\Users\***\Startmenü [2012.11.08 00:41:45 | 000,000,000 | -HSD | C] -- C:\Users\***\SendTo [2012.11.08 00:41:45 | 000,000,000 | -HSD | C] -- C:\Users\***\Recent [2012.11.08 00:41:45 | 000,000,000 | -HSD | C] -- C:\Users\***\Netzwerkumgebung [2012.11.08 00:41:45 | 000,000,000 | -HSD | C] -- C:\Users\***\Lokale Einstellungen [2012.11.08 00:41:45 | 000,000,000 | -HSD | C] -- C:\Users\***\Documents\Eigene Videos [2012.11.08 00:41:45 | 000,000,000 | -HSD | C] -- C:\Users\***\Documents\Eigene Musik [2012.11.08 00:41:45 | 000,000,000 | -HSD | C] -- C:\Users\***\Eigene Dateien [2012.11.08 00:41:45 | 000,000,000 | -HSD | C] -- C:\Users\***\Documents\Eigene Bilder [2012.11.08 00:41:45 | 000,000,000 | -HSD | C] -- C:\Users\***\Druckumgebung [2012.11.08 00:41:45 | 000,000,000 | -HSD | C] -- C:\Users\***\Cookies [2012.11.08 00:41:45 | 000,000,000 | -HSD | C] -- C:\Users\***\AppData\Local\Anwendungsdaten [2012.11.08 00:41:45 | 000,000,000 | -HSD | C] -- C:\Users\***\Anwendungsdaten [2012.11.08 00:41:45 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData [2012.11.08 00:41:45 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Temp [2012.11.08 00:41:45 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Microsoft [2012.11.08 00:41:45 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Media Center Programs [2012.11.07 19:55:28 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Processing [2012.11.05 21:14:18 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\DOCUMENT [2012.11.05 21:12:47 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\DOKUMENTE UNSORTIERT !!! ========== Files - Modified Within 30 Days ========== [2012.11.08 09:39:00 | 000,159,772 | ---- | M] () -- C:\Windows\SysWow64\license.rtf [2012.11.08 09:34:05 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.11.08 09:31:43 | 000,002,609 | ---- | M] () -- C:\Users\Public\Desktop\ASUS N Series Demo.lnk [2012.11.08 09:31:39 | 000,080,512 | ---- | M] (ASUS) -- C:\Windows\AsusScr_N6 Series_ENG Uninstaller.exe [2012.11.08 09:31:37 | 003,058,304 | ---- | M] (ASUS) -- C:\Windows\AsScrPro.exe [2012.11.08 09:31:23 | 000,000,716 | ---- | M] () -- C:\Users\Public\Desktop\eManual.Lnk [2012.11.08 09:30:27 | 000,002,605 | ---- | M] () -- C:\Users\Public\Desktop\ASUS Instant Key Menu.lnk [2012.11.08 09:24:07 | 000,541,569 | ---- | M] () -- C:\Users\***\Desktop\adwcleaner.exe [2012.11.08 09:24:06 | 000,001,355 | ---- | M] () -- C:\Users\Public\Desktop\Waves MAXXAudio.lnk [2012.11.08 09:17:52 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job [2012.11.08 09:14:26 | 009,031,740 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.11.08 08:43:33 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2012.11.08 08:26:49 | 000,000,359 | ---- | M] () -- C:\Users\***\AppData\Roaming\sp_data.sys [2012.11.08 08:26:24 | 000,000,828 | ---- | M] () -- C:\Windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job [2012.11.08 08:26:21 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.11.08 08:21:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.11.08 08:21:22 | 2057,695,231 | -HS- | M] () -- C:\hiberfil.sys [2012.11.08 02:05:25 | 000,160,882 | ---- | M] () -- C:\Windows\AsCD_Item_39.jpg [2012.11.08 01:41:02 | 000,001,117 | ---- | M] () -- C:\Users\***\Desktop\HFU - Verknüpfung.lnk [2012.11.08 01:11:16 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.11.07 20:53:51 | 000,002,006 | -H-- | M] () -- C:\Users\***\Documents\Default.rdp ========== Files Created - No Company Name ========== [2012.11.08 09:31:43 | 000,002,609 | ---- | C] () -- C:\Users\Public\Desktop\ASUS N Series Demo.lnk [2012.11.08 09:31:23 | 000,000,716 | ---- | C] () -- C:\Users\Public\Desktop\eManual.Lnk [2012.11.08 09:30:27 | 000,002,605 | ---- | C] () -- C:\Users\Public\Desktop\ASUS Instant Key Menu.lnk [2012.11.08 09:24:06 | 000,001,355 | ---- | C] () -- C:\Users\Public\Desktop\Waves MAXXAudio.lnk [2012.11.08 09:24:02 | 000,541,569 | ---- | C] () -- C:\Users\***\Desktop\adwcleaner.exe [2012.11.08 09:17:03 | 000,000,828 | ---- | C] () -- C:\Windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job [2012.11.08 09:17:02 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job [2012.11.08 09:08:06 | 2057,695,231 | -HS- | C] () -- C:\hiberfil.sys [2012.11.08 02:03:35 | 000,160,882 | ---- | C] () -- C:\Windows\AsCD_Item_39.jpg [2012.11.08 01:41:02 | 000,001,117 | ---- | C] () -- C:\Users\***\Desktop\HFU - Verknüpfung.lnk [2012.11.08 01:11:16 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.11.08 01:03:19 | 000,001,165 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2012.11.08 00:43:59 | 000,000,359 | ---- | C] () -- C:\Users\***\AppData\Roaming\sp_data.sys [2012.11.08 00:43:01 | 000,001,411 | ---- | C] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk [2012.11.08 00:42:54 | 000,001,445 | ---- | C] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk [2012.10.09 17:39:31 | 000,002,006 | -H-- | C] () -- C:\Users\***\Documents\Default.rdp [2012.05.08 09:25:13 | 000,755,188 | ---- | C] () -- C:\Windows\SysWow64\igkrng700.bin [2012.05.08 09:25:01 | 000,561,508 | ---- | C] () -- C:\Windows\SysWow64\igfcg700m.bin [2012.05.08 09:24:47 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll [2012.05.08 09:24:30 | 013,024,256 | ---- | C] () -- C:\Windows\SysWow64\ig7icd32.dll [2012.04.24 00:35:04 | 000,417,600 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe [2012.02.24 03:42:37 | 000,131,984 | ---- | C] () -- C:\ProgramData\FullRemove.exe [2012.02.24 03:28:11 | 009,031,740 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.02.03 07:08:26 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.02.24 02:22:57 | 014,173,184 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.02.24 02:22:57 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] < End of report > [\code] Extras: OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 08.11.2012 09:36:36 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\*****\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,89 Gb Total Physical Memory | 5,06 Gb Available Physical Memory | 64,09% Memory free 15,78 Gb Paging File | 12,77 Gb Available in Paging File | 80,94% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 372,60 Gb Total Space | 309,31 Gb Free Space | 83,01% Space Free | Partition Type: NTFS Drive D: | 533,59 Gb Total Space | 533,48 Gb Free Space | 99,98% Space Free | Partition Type: NTFS Drive E: | 3,70 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: *****-PC | User Name: ***** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) [HKEY_USERS\S-1-5-21-4046236496-1397666211-1651137616-1001\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{7200A232-CB9A-4548-89E0-CF072E6C2E3E}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{A56F99CF-933B-4F79-9B77-D54139039647}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{F4A462E5-2C2E-4110-9012-8F08395053F4}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{19E284DE-FE65-45E9-8827-69D5454439A1}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | "{56048913-2EE4-4FB6-9B10-B11FD9535645}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | "{B47DCE39-BD05-4FD0-BC5F-8FCE7C3FBB7F}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | "{BE0EC94A-88B6-4356-B121-F67FE5BE0F40}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | "{EDA33C67-02FC-4CBB-B8DE-B369AC2BA16B}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{039480EE-6933-4845-88B8-77FD0C3D059D}" = Windows Live Mesh "{04668DF2-D32F-4555-9C7E-35523DCD6544}" = Control ActiveX de Windows Live Mesh para conexiones remotas "{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack "{062E4D94-8306-46D5-81B6-45E6AD09C799}" = Windows Live Messenger "{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology "{0A4C4B29-5A9D-4910-A13C-B920D5758744}" = بريد Windows Live "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{0D261C88-454B-46FE-B43B-640E621BDA11}" = Windows Live Mail "{0EC0B576-90F9-43C3-8FAD-A4902DF4B8F4}" = Galeria de Fotografias do Windows Live "{128133D3-037A-4C62-B1B7-55666A10587A}" = Windows Live UX Platform Language Pack "{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources "{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}" = Browser Manager "{168E7302-890A-4138-9109-A225ACAF7AD1}" = Windows Live Photo Common "{17F99FCE-8F03-4439-860A-25C5A5434E18}" = Windows Live Essentials "{198EA334-8A3F-4CB2-9D61-6C10B8168A6F}" = Windows Live Writer "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker "{19EA33FB-B34E-40EA-8B8A-61743AEB795A}" = Wireless Console 3 "{1A82AE99-84D3-486D-BAD6-675982603E14}" = Windows Live Writer "{1AE46C09-2AB8-4EE5-88FB-08CD0FF7F2DF}" = Bing Bar "{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger "{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3 "{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel(R) USB 3.0 eXtensible Host Controller Driver "{246B4AFF-6540-4B72-93E8-B9EB86D37589}" = ASUS N Series Demo "{2511AAD7-82DF-4B97-B0B3-E1B933317010}" = Windows Live Writer Resources "{25A381E1-0AB9-4E7A-ACCE-BA49D519CF4E}" = Windows Live Mail "{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections "{29373E24-AC72-424E-8F2A-FB0F9436F21F}" = Windows Live Photo Common "{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials "{2A3A883D-B2AB-427D-B094-27D6241E0944}" = ASUS Photo Manager "{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger "{2B962F32-78E6-4585-AF24-073AD36B6590}" = ASUS Photo Designer "{2C4E06CC-1F04-4C25-8B3C-93A9049EC42C}" = Windows Live UX Platform Language Pack "{2C865FB0-051E-4D22-AC62-428E035AEAF0}" = Windows Live Mesh "{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery "{370F888E-42A7-4911-9E34-7D74632E17EB}" = Windows Live Photo Common "{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack "{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer "{3F4143A1-9C21-4011-8679-3BC1014C6886}" = Windows Live Mesh "{40BFD84C-64CD-42CC-9909-8734C50429C6}" = Windows Live UX Platform Language Pack "{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh "{46ED2B64-85C7-4E1F-920C-A555B21F2E4C}" = NVIDIA PhysX "{48294D95-EE9A-4377-8213-44FC4265FB27}" = Windows Live Messenger "{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live "{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer "{4B28D47A-5FF0-45F8-8745-11DC2A1C9D0F}" = Windows Live Writer "{4D83F339-5A5C-4B21-8FD3-5D407B981E72}" = Windows Live Photo Common "{506FC723-8E6C-4417-9CFF-351F99130425}" = Windows Live UX Platform Language Pack "{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack "{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker "{5DB1DF0C-AABC-4362-8A6D-CEFDFB036E41}" = Suite "{622DE1BE-9EDE-49D3-B349-29D64760342A}" = 適用遠端連線的 Windows Live Mesh ActiveX 控制項 "{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources "{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS FaceLogon "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components "{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail "{6807427D-8D68-4D30-AF5B-0B38F8F948C8}" = Windows Live Writer Resources "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{6A4ABCDC-0A49-4132-944E-01FBCCB3465C}" = Windows Live UX Platform Language Pack "{6C5F8503-55D2-4398-858C-362B7A7AF51C}" = Firebird SQL Server - MAGIX Edition "{6CB36609-E3A6-446C-A3C1-C71E311D2B9C}" = Windows Live Movie Maker "{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker "{6E8AFC13-F7B8-41D8-88AB-F1D0CFC56305}" = Windows Live Messenger "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common "{7465A996-0FCA-4D2D-A52C-F833B0829B5B}" = Windows Live Movie Maker "{7496FD31-E5CB-4AE4-82D3-31099558BF6A}" = Windows Live Mesh "{749F674B-2674-47E8-879C-5626A06B2A91}" = InstantOn for NB "{74E8A7F6-575D-42C7-9178-E87D1B3BEFE8}" = Windows Live UX Platform Language Pack "{77477AEA-5757-47D8-8B33-939F43D82218}" = Windows Live UX Platform Language Pack "{77F69CA1-E53D-4D77-8BA3-FA07606CC851}" = Фотоальбом Windows Live "{78DAE910-CA72-450E-AD22-772CB1A00678}" = Windows Live Mesh "{78DBE8CE-61F6-4D6C-806C-A0FFF65F5E1D}" = Windows Live Messenger "{7CFE1371-8710-4846-9772-1F9A09F8EF2F}" = Alcor Micro USB Card Reader "{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials "{7D916FA5-DAE9-4A25-B089-655C70EAF607}" = Qualcomm Atheros WiFi Driver Installation "{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer "{7FF11E53-C002-4F40-8D68-6BE751E5DD62}" = Windows Live Writer Resources "{804DE397-F82C-4867-9085-E0AA539A3294}" = Windows Live Writer "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111249233}" = Dream Vacation Solitaire "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}" = Galapago "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}" = Dream Day First Home "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115320460}" = Turbo Fiesta "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-117948443}" = Mahjong Memoirs "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-118716773}" = Deadtime Stories "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh "{84A411F9-40A5-4CDA-BF46-E09FBB2BC313}" = Windows Live Essentials "{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{8F21291E-0444-4B1D-B9F9-4370A73E346D}" = WinFlash "{8FF3891F-01B5-4A71-BFCD-20761890471C}" = Windows Live Messenger "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{938CFBD4-0652-49E5-BB8B-153948865941}" = ASUS Virtual Touch "{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010 "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common "{9D4C7DFA-CBBB-4F06-BDAC-94D831406DF0}" = פקד ActiveX של Windows Live Mesh עבור חיבורים מרוחקים "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{9DB90178-B5B0-45BD-B0A7-D40A6A1DF1CA}" = Windows Live Movie Maker "{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail "{A0B91308-6666-4249-8FF6-1E11AFD75FE1}" = Windows Live Mail "{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh "{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common "{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery "{A6C48A9F-694A-4234-B3AA-62590B668927}" = Intel(R) Manageability Engine Firmware Recovery Agent "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer "{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}" = ASUS USB Charger Plus "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer "{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}" = ATK Package "{AB61A2E9-37D3-485D-9085-19FBDF8CEF4A}" = Windows Live Messenger "{ABD534B7-E951-470E-92C2-CD5AF1735726}" = Windows Live Essentials "{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X MUI "{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh "{ADE85655-8D1E-4E4B-BF88-5E312FB2C74F}" = Windows Live Mail "{ADFE4AED-7F8E-4658-8D6E-742B15B9F120}" = Windows Live Photo Common "{AF01B90A-D25C-4F60-AECD-6EEDF509DC11}" = Windows Live Mesh "{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie "{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail "{B2BCA478-EC0F-45EE-A9E9-5EABE87EA72D}" = Windows Live Photo Common "{B2E90616-C50D-4B89-A40D-92377AC669E5}" = Windows Live Messenger "{B618C3BF-5142-4630-81DD-F96864F97C7E}" = Windows Live Essentials "{B63F0CE3-CCD0-490A-9A9C-E1A3B3A17137}" = Почта Windows Live "{BAEE89D5-6E87-4F89-9603-A1C100479181}" = Windows Live Messenger "{BCB0D6F7-7EAB-4009-A6F2-8E0E7F317773}" = Элемент управления Windows Live Mesh ActiveX для удаленных подключений "{BF022D76-9F72-4203-B8FA-6522DC66DFDA}" = Windows Live Movie Maker "{C00C2A91-6CB3-483F-80B3-2958E29468F1}" = Συλλογή φωτογραφιών του Windows Live "{C29FC15D-E84B-4EEC-8505-4DED94414C59}" = Windows Live Writer Resources "{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common "{C32CE55C-12BA-4951-8797-0967FDEF556F}" = Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen "{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections "{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}" = Windows Live Mesh ActiveX Control for Remote Connections "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail "{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common "{C95A5A77-622F-45CA-9540-84468FCB18B1}" = Windows Live Messenger "{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker "{CBFD061C-4B27-4A89-ADD8-210316EEFA11}" = Windows Live Messenger "{CDC39BF2-9697-4959-B893-A2EE05EF6ACB}" = Windows Live Writer "{CE929F09-3853-4180-BD90-30764BFF7136}" = גלריית התמונות של Windows Live "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64 "{D299197D-CDEA-41A6-A363-F532DE4114FD}" = Windows Live UX Platform Language Pack "{D39F0676-163E-4595-A917-E28F99BBD4D2}" = ASUS AI Recovery "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail "{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack "{D97A1B80-131F-4692-9543-E652956D8B99}" = ASUS Instant Key "{DAEF48AD-89C8-4A93-B1DD-45B7E4FB6071}" = Windows Live Movie Maker "{DBAA2B17-D596-4195-A169-BA2166B0D69B}" = Windows Live Mail "{DD47370C-E0F1-407F-9DB0-3FF98907F1BC}" = ASUS Music Maker "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources "{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer "{DE8F99FD-2FC7-4C98-AA67-2729FDE1F040}" = Windows Live Writer Resources "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh "{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E18B30AA-6E2D-480C-B918-AF61009F4010}" = عنصر تحكم ActiveX الخاص بـ Windows Live Mesh للاتصالات البعيدة "{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker "{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}" = Controlo ActiveX do Windows Live Mesh para Ligações Remotas "{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger "{E62E0550-C098-43A2-B54B-03FB1E634483}" = Windows Live Writer "{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources "{E83DC314-C926-4214-AD58-147691D6FE9F}" = Основные компоненты Windows Live "{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galería fotográfica de Windows Live "{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}" = ASUS Virtual Camera "{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live "{EEF99142-3357-402C-B298-DEC303E12D92}" = Windows Live 影像中心 "{EF7EAB13-46FC-49DD-8E3C-AAF8A286C5BB}" = Windows Live 程式集 "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F52C5BE7-3F57-464E-8A54-908402E43CE8}" = Windows Live Writer Resources "{F665F3B8-01B4-46A9-8E47-FF8DC2208C9F}" = Στοιχείο ελέγχου ActiveX του Windows Live Mesh για απομακρυσμένες συνδέσεις "{F7E80BA7-A09D-4DD1-828B-C4A0274D4720}" = Windows Live Mesh "{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials "{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}" = ASUS Live Update "{FBCA06D2-4642-4F33-B20A-A7AB3F0D2E69}" = معرض صور Windows Live "{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel(R) OpenCL CPU Runtime "{FCDE76CB-989D-4E32-9739-6A272D2B0ED7}" = Windows Live Mesh "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials "{FF105207-8423-4E13-B0B1-50753170B245}" = Windows Live Movie Maker "{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "AmUStor" = Alcor Micro USB Card Reader "Asus Vibe2.0" = AsusVibe2.0 "ASUS WebStorage" = ASUS WebStorage "AsusScr_N6 Series_ENG" = AsusScr_N6 Series_ENG "Avira AntiVir Desktop" = Avira Free Antivirus "Google Chrome" = Google Chrome "InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = CyberLink MediaEspresso "MAGIX_{2A3A883D-B2AB-427D-B094-27D6241E0944}" = ASUS Photo Manager "MAGIX_{2B962F32-78E6-4585-AF24-073AD36B6590}" = ASUS Photo Designer "MAGIX_MSI_mm17_silver_asus" = ASUS Music Maker "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000 "Mozilla Firefox 16.0.2 (x86 de)" = Mozilla Firefox 16.0.2 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "MSC" = McAfee Internet Security "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver "WinLiveSuite" = Windows Live Essentials ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 07.11.2012 19:59:20 | Computer Name = *****-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16421, Zeitstempel: 0x4d76255d Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0806ef5a ID des fehlerhaften Prozesses: 0x1604 Startzeit der fehlerhaften Anwendung: 0x01cdbd43cb545f57 Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\iexplore.exe Pfad des fehlerhaften Moduls: unknown Berichtskennung: 24f8966c-2937-11e2-97ee-dc85de1f5570 Error - 07.11.2012 20:04:51 | Computer Name = *****-PC | Source = SideBySide | ID = 16842832 Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\*****\Downloads\SoftonicDownloader_for_cmaptools.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Error - 07.11.2012 20:06:50 | Computer Name = *****-PC | Source = Microsoft-Windows-CAPI2 | ID = 513 Description = Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer". Details: AddLegacyDriverFiles: Unable to back up image of binary ATKWMIACPI Driver. System Error: Das System kann die angegebene Datei nicht finden. . Error - 07.11.2012 20:15:30 | Computer Name = *****-PC | Source = McLogEvent | ID = 5004 Description = Error - 07.11.2012 21:07:14 | Computer Name = *****-PC | Source = McLogEvent | ID = 5004 Description = Error - 08.11.2012 03:21:31 | Computer Name = *****-PC | Source = McLogEvent | ID = 5004 Description = Error - 08.11.2012 04:21:17 | Computer Name = *****-PC | Source = SideBySide | ID = 16842832 Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\*****\Downloads\SoftonicDownloader_for_cmaptools.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. [ System Events ] Error - 07.11.2012 20:02:07 | Computer Name = *****-PC | Source = Service Control Manager | ID = 7031 Description = Der Dienst "McAfee Proxy Service" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts. Error - 07.11.2012 20:02:07 | Computer Name = *****-PC | Source = Service Control Manager | ID = 7031 Description = Der Dienst "McAfee Anti-Spam Service" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts. Error - 07.11.2012 20:03:07 | Computer Name = *****-PC | Source = Service Control Manager | ID = 7003 Description = Der Dienst "McAfee Personal Firewall Service" ist von folgendem Dienst abhängig: mfefire. Dieser Dienst ist eventuell nicht installiert. Error - 07.11.2012 20:15:30 | Computer Name = *****-PC | Source = Service Control Manager | ID = 7003 Description = Der Dienst "McAfee Personal Firewall Service" ist von folgendem Dienst abhängig: MfeFire. Dieser Dienst ist eventuell nicht installiert. Error - 07.11.2012 21:07:08 | Computer Name = *****-PC | Source = Service Control Manager | ID = 7003 Description = Der Dienst "McAfee Personal Firewall Service" ist von folgendem Dienst abhängig: MfeFire. Dieser Dienst ist eventuell nicht installiert. Error - 07.11.2012 23:03:06 | Computer Name = *****-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001 Description = Fehler beim Starten des Assistenten für das Sprachpaket-Setup. Führen Sie einen Neustart des Systems aus, und führen Sie den Assistenten erneut aus. Error - 08.11.2012 03:14:19 | Computer Name = *****-PC | Source = DCOM | ID = 10010 Description = Error - 08.11.2012 03:21:31 | Computer Name = *****-PC | Source = Service Control Manager | ID = 7003 Description = Der Dienst "McAfee Personal Firewall Service" ist von folgendem Dienst abhängig: MfeFire. Dieser Dienst ist eventuell nicht installiert. Error - 08.11.2012 03:23:46 | Computer Name = *****-PC | Source = DCOM | ID = 10010 Description = Error - 08.11.2012 03:23:46 | Computer Name = *****-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1000 Description = Fehler bei der CBS-Clientinitialisierung. Letzter Fehler: 0x80080005 < End of report > [\code] |
14.11.2012, 10:17 | #3 |
/// Helfer-Team | GVU-Trojaner nach Systemwiderherstellung noch aktiv ?1. Schritt Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.
__________________ |
14.11.2012, 11:20 | #4 |
| GVU-Trojaner nach Systemwiderherstellung noch aktiv ? hier der malewarbytes scan Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.65.1.1000 www.malwarebytes.org Datenbank Version: v2012.11.07.10 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 ***** :: *****-PC [Administrator] Schutz: Aktiviert 08.11.2012 02:12:31 mbam-log-2012-11-08 (02-12-31).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 220374 Laufzeit: 4 Minute(n), 33 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) |
14.11.2012, 11:31 | #5 |
/// Helfer-Team | GVU-Trojaner nach Systemwiderherstellung noch aktiv ? Downloade Dir bitte AdwCleaner auf deinen Desktop.Schließe alle offenen Programme und Browser.
danach: Malware-Scan mit Emsisoft Anti-Malware Lade die Gratisversion von => Emsisoft Anti-Malware herunter und installiere das Programm. Lade über Jetzt Updaten die aktuellen Signaturen herunter. Wähle den Freeware-Modus aus. Wähle Detail Scan und starte über den Button Scan die Überprüfung des Computers. Am Ende des Scans nichts loeschen lassen!. Mit Klick auf Bericht speichern das Logfile auf dem Desktop speichern und hier in den Thread posten. Anleitung: http://www.trojaner-board.de/103809-...i-malware.html |
14.11.2012, 18:26 | #6 |
| GVU-Trojaner nach Systemwiderherstellung noch aktiv ? Adw-Cleaner Code:
ATTFilter # AdwCleaner v2.007 - Datei am 14/11/2012 um 13:05:54 erstellt # Aktualisiert am 06/11/2012 von Xplode # Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits) # Benutzer : *****- *****-PC # Bootmodus : Normal # Ausgeführt unter : C:\Users\*****\Desktop\adwcleaner.exe # Option [Löschen] **** [Dienste] **** Gestoppt & Gelöscht : Browser Manager ***** [Dateien / Ordner] ***** Gelöscht mit Neustart : C:\ProgramData\Browser Manager Ordner Gelöscht : C:\ProgramData\Babylon Ordner Gelöscht : C:\Users\*****\AppData\Roaming\Babylon Ordner Gelöscht : C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Browser Manager ***** [Registrierungsdatenbank] ***** Daten Gelöscht : HKLM\..\Windows [AppInit_DLLs] = c:\progra~3\browse~1\23796~1.11\{16cdf~1\browse~1.dll Schlüssel Gelöscht : HKCU\Software\DataMngr Schlüssel Gelöscht : HKCU\Software\DataMngr_Toolbar Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings Schlüssel Gelöscht : HKLM\Software\Babylon Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap Schlüssel Gelöscht : HKLM\Software\DataMngr Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693} Wert Gelöscht : HKCU\Software\Mozilla\Firefox\Extensions [{b64982b1-d112-42b5-b1e4-d3867c4533f8}] ***** [Internet Browser] ***** -\\ Internet Explorer v9.0.8112.16421 [OK] Die Registrierungsdatenbank ist sauber. -\\ Mozilla Firefox v16.0.2 (de) Profilname : default Datei : C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\a7bnw9bl.default\prefs.js [OK] Die Datei ist sauber. ************************* AdwCleaner[S2].txt - [1817 octets] - [14/11/2012 13:05:54] ########## EOF - C:\AdwCleaner[S2].txt - [1877 octets] ########## Code:
ATTFilter Emsisoft Anti-Malware - Version 7.0 Letztes Update: 14.11.2012 17:31:34 Scan Einstellungen: Scan Methode: Detail Scan Objekte: Rootkits, Speicher, Traces, C:\, D:\ Riskware-Erkennung: Aus Archiv Scan: An ADS Scan: An Dateitypen-Filter: Aus Erweitertes Caching: An Direkter Festplattenzugriff: Aus Scan Beginn: 14.11.2012 17:31:54 Gescannt 482460 Gefunden 0 Scan Ende: 14.11.2012 18:21:31 Scan Zeit: 0:49:37 |
14.11.2012, 21:04 | #7 |
/// Helfer-Team | GVU-Trojaner nach Systemwiderherstellung noch aktiv ? Sehr gut! Deinstalliere: Emsisoft Anti-Malware ESET Online Scanner Vorbereitung
|
14.11.2012, 22:24 | #8 |
| GVU-Trojaner nach Systemwiderherstellung noch aktiv ? hey erstmal danke noch für deine super hilfe t`john, aber ich hätte da noch eine frage, soll ich beim scan mit eset nun die internetverbindung bestehen lassen und den browser geöffnet haben und dabei firewall und antivieren programm deaktiviert haben, oder habe ich das jetz falsch verstanden ? |
15.11.2012, 00:36 | #9 | |
/// Helfer-Team | GVU-Trojaner nach Systemwiderherstellung noch aktiv ?Zitat:
Browser kannst du dann zumachen. |
15.11.2012, 03:15 | #10 |
| GVU-Trojaner nach Systemwiderherstellung noch aktiv ? und hier das Log Code:
ATTFilter ESETSmartInstaller@High as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=93d9ef83f00df74aaf4f4fd1bb1f9949 # end=stopped # remove_checked=true # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2012-11-14 09:19:17 # local_time=2012-11-14 10:19:17 (+0100, Mitteleuropäische Zeit) # country="Germany" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=1792 16777215 100 0 597571 597571 0 0 # compatibility_mode=5121 16777213 83 75 599648 52548017 0 0 # compatibility_mode=5893 16776574 66 85 572235 104557623 0 0 # compatibility_mode=8192 67108863 100 0 3893 3893 0 0 # scanned=1986 # found=0 # cleaned=0 # scan_time=184 ESETSmartInstaller@High as downloader log: all ok esets_scanner_update returned -1 esets_gle=53251 # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=93d9ef83f00df74aaf4f4fd1bb1f9949 # end=finished # remove_checked=true # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2012-11-15 02:09:07 # local_time=2012-11-15 03:09:07 (+0100, Mitteleuropäische Zeit) # country="Germany" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=1792 16777215 100 0 609943 609943 0 0 # compatibility_mode=5121 16777213 83 75 612020 52560389 0 0 # compatibility_mode=5893 16776574 66 85 584607 104569995 0 0 # compatibility_mode=8192 67108863 100 0 16265 16265 0 0 # scanned=210500 # found=4 # cleaned=4 # scan_time=5202 C:\Users\*****\Documents\DOCUMENT\Downloads\FreeYouTubeDownload.exe Win32/Adware.ADON application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Users\*****\Documents\DOKUMENTE **********!!!\Downloads\FreeYouTubeDownload.exe Win32/Adware.ADON application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Users\*****\Downloads\SoftonicDownloader_for_cmaptools.exe a variant of Win32/SoftonicDownloader.E application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C F:\DOCUMENT\Downloads\FreeYouTubeDownload.exe Win32/Adware.ADON application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C |
15.11.2012, 11:17 | #11 |
/// Helfer-Team | GVU-Trojaner nach Systemwiderherstellung noch aktiv ? Java aktualisieren Dein Java ist nicht mehr aktuell. Älter Versionen enthalten Sicherheitslücken, die von Malware missbraucht werden können.
Dann so einstellen: http://www.trojaner-board.de/105213-...tellungen.html Danach poste (kopieren und einfuegen) mir, was du hier angezeigt bekommst: PluginCheck Java deaktivieren Aufgrund derezeitigen Sicherheitsluecke: http://www.trojaner-board.de/122961-...ktivieren.html Danach poste mir (kopieren und einfuegen), was du hier angezeigt bekommst: PluginCheck |
16.11.2012, 00:32 | #12 |
| GVU-Trojaner nach Systemwiderherstellung noch aktiv ? erledigt PluginCheck Der PluginCheck hilft die größten Sicherheitslücken beim Surfen im Internet zu schliessen. Überprüft wird: Browser, Flash, Java und Adobe Reader Version. Firefox 16.0 ist aktuell Flash (11,5,502,110) ist aktuell. Java (1,7,0,9) ist aktuell. Adobe Reader 11,0,0,379 ist aktuell. nach dem abschalten des java plugins PluginCheck Der PluginCheck hilft die größten Sicherheitslücken beim Surfen im Internet zu schliessen. Überprüft wird: Browser, Flash, Java und Adobe Reader Version. Firefox 16.0 ist aktuell Flash (11,5,502,110) ist aktuell. Java ist Installiert aber nicht aktiviert. Adobe Reader 11,0,0,379 ist aktuell. |
16.11.2012, 23:53 | #13 |
/// Helfer-Team | GVU-Trojaner nach Systemwiderherstellung noch aktiv ? Sehr gut! damit bist Du sauber und entlassen! adwCleaner entfernen
Tool-Bereinigung mit OTL Wir werden nun die CleanUp!-Funktion von OTL nutzen, um die meisten Programme, die wir zur Bereinigung installiert haben, wieder von Deinem System zu löschen.
Zurücksetzen der Sicherheitszonen Lasse die Sicherheitszonen wieder zurücksetzen, da diese manipuliert wurden um den Browser für weitere Angriffe zu öffnen. Gehe dabei so vor: http://www.trojaner-board.de/111805-...ecksetzen.html Systemwiederherstellungen leeren Damit der Rechner nicht mit einer infizierten Systemwiederherstellung erneut infiziert werden kann, muessen wir diese leeren. Dazu schalten wir sie einmal aus und dann wieder ein: Systemwiederherstellung deaktivieren Tutorial fuer Windows XP, Windows Vista, Windows 7 Danach wieder aktivieren. Aufräumen mit CCleaner Lasse mit CCleaner (Download) (Anleitung) Fehler in der
Lektuere zum abarbeiten: http://www.trojaner-board.de/90880-d...tallation.html http://www.trojaner-board.de/105213-...tellungen.html PluginCheck http://www.trojaner-board.de/96344-a...-rechners.html Secunia Online Software Inspector http://www.trojaner-board.de/71715-k...iendungen.html http://www.trojaner-board.de/83238-a...sschalten.html http://www.trojaner-board.de/109844-...ren-seite.html PC wird immer langsamer - was tun? |
17.11.2012, 14:44 | #14 |
| GVU-Trojaner nach Systemwiderherstellung noch aktiv ? hey vielen dank für die hilfe bin alles durchgegangen bis auf das löschen der registry, weil in der anleitung stand man sollte das bloß nicht machen |
17.11.2012, 16:44 | #15 |
/// Helfer-Team | GVU-Trojaner nach Systemwiderherstellung noch aktiv ? Schoen, dass dir das auffaellt! Ich verlinke die Anleitung, weil man es nicht aus Spass tun soll. Hier ist es aber geboten. |
Themen zu GVU-Trojaner nach Systemwiderherstellung noch aktiv ? |
aktiv, anhang, antivir, ellung, ersteinmal, führte, gvu-trojaner, hoffe, leute, scan, scann, schnell, schonmal, schritt, sicherheit, systemwiderherstellung, werkseinstellungen, wirklich |