|
Log-Analyse und Auswertung: GVU Trojaner (2.07?) Vista 32Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
09.11.2012, 21:55 | #1 |
| GVU Trojaner (2.07?) Vista 32 Hallo zusammen, auf meinem VISTA 32 Bit System ist eines der Nutzerkonten vom GVU Trojaner befallen. Es wäre toll, wenn ihr mir helfen könntet. Habe die Log Files aus dem OTL Scan angehängt (All users, LOP und Purity Prüfung, SafeList für Extra Registrierung). Vielen Dank ! blue |
09.11.2012, 22:02 | #2 |
/// TB-Ausbilder | GVU Trojaner (2.07?) Vista 32Ich habe dein Thema in Arbeit und melde mich in Kürze mit Anweisungen.
__________________ |
09.11.2012, 22:11 | #3 | |
/// TB-Ausbilder | GVU Trojaner (2.07?) Vista 32Ich werde dir bei deinem Problem helfen. Eine Bereinigung ist mitunter mit viel Arbeit für Dich (und mich) verbunden. Bevor es los geht, habe ich etwas Lesestoff für dich. Nach Durchsicht des Logfiles sehe ich nicht die klassischen Anzeichen des von dir beschriebenen Schädlings. Was passiert denn, wenn du das infizierte Benutzerkonto einloggen willst?
__________________ |
09.11.2012, 22:29 | #4 |
| GVU Trojaner (2.07?) Vista 32 --- ...Nach Durchsicht des Logfiles sehe ich nicht die klassischen Anzeichen des von dir beschriebenen Schädlings. Was passiert denn, wenn du das infizierte Benutzerkonto einloggen willst? ----- Desktop erscheint und Taskbar ist sichtbar, nach wenigen Sekunden kommt der GVU Lock Screen. Sieht genauso aus wie der GVU 2.07 mit Webcam nur mit einem statischen Bild rechts oben. blue |
09.11.2012, 22:33 | #5 |
/// TB-Ausbilder | GVU Trojaner (2.07?) Vista 32 Ok. Wir müssen uns das mal anders ansehen. Schritt 1: AdwCleaner: Werbeprogramme suchen und löschen Schritt 2: Scan mit DDS (+ attach) Downloade dir bitte DDS (von sUBs) von einem der folgenden Downloadspiegel und speichere die Datei auf deinem Desktop.
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
09.11.2012, 23:18 | #6 |
| GVU Trojaner (2.07?) Vista 32 o.k. hier das log aus dem AdwCleaner Code:
ATTFilter # AdwCleaner v2.007 - Datei am 09/11/2012 um 22:37:11 erstellt # Aktualisiert am 06/11/2012 von Xplode # Betriebssystem : Windows Vista (TM) Home Premium Service Pack 1 (32 bits) # Benutzer : root - LAPTOP # Bootmodus : Normal # Ausgeführt unter : C:\Users\root\Desktop\adwcleaner.exe # Option [Löschen] **** [Dienste] **** ***** [Dateien / Ordner] ***** Datei Gelöscht : C:\Users\Public\Desktop\eBay.lnk Ordner Gelöscht : C:\Program Files\Ask.com Ordner Gelöscht : C:\Program Files\Complitly Ordner Gelöscht : C:\Users\****\AppData\Local\AskToolbar Ordner Gelöscht : C:\Users\****\AppData\LocalLow\AskToolbar Ordner Gelöscht : C:\Users\****\AppData\LocalLow\facemoods.com Ordner Gelöscht : C:\Users\****\AppData\Local\AskToolbar Ordner Gelöscht : C:\Users\****\AppData\LocalLow\AskToolbar Ordner Gelöscht : C:\Users\****\AppData\LocalLow\facemoods.com Ordner Gelöscht : C:\Users\root\AppData\Local\AskToolbar Ordner Gelöscht : C:\Users\root\AppData\Local\Temp\AskSearch Ordner Gelöscht : C:\Users\root\AppData\LocalLow\AskToolbar Ordner Gelöscht : C:\Users\root\AppData\LocalLow\facemoods.com Ordner Gelöscht : C:\Users\root\AppData\Roaming\AD ON Multimedia Ordner Gelöscht : C:\Users\ttemp\AppData\Local\AskToolbar Ordner Gelöscht : C:\Users\ttemp\AppData\LocalLow\AskToolbar Ordner Gelöscht : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE} ***** [Registrierungsdatenbank] ***** Schlüssel Gelöscht : HKCU\Software\APN Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\AskToolbar Schlüssel Gelöscht : HKCU\Software\Ask.com Schlüssel Gelöscht : HKCU\Software\Ask.com.tmp Schlüssel Gelöscht : HKCU\Software\AskToolbar Schlüssel Gelöscht : HKCU\Software\Complitly Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A} Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416D-A838-AB665251703A} Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D27FC31C-6E3D-4305-8D53-ACDAEFA5F862} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{64182481-4F71-486B-A045-B233BD0DA8FC} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D27FC31C-6E3D-4305-8D53-ACDAEFA5F862} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DB4E9724-F518-4DFD-9C7C-78B52103CAB9} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0} Schlüssel Gelöscht : HKLM\Software\APN Schlüssel Gelöscht : HKLM\Software\AskToolbar Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escort.DLL Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{64182481-4F71-486B-A045-B233BD0DA8FC} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{DDE2C74F-58CC-4D71-8CE1-09DEBB8CFB78} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\facemoods.facemoodsHlpr Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\facemoods.facemoodsHlpr.1 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6E4C89CF-3061-4EE4-B22A-B7A8AAEA5CB3} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{09C554C3-109B-483C-A06B-F14172F1A947} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE} Schlüssel Gelöscht : HKLM\SOFTWARE\Software Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}] Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}] Wert Gelöscht : HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel [Homepage] Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}] ***** [Internet Browser] ***** -\\ Internet Explorer v8.0.6001.19088 Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Search Page] = hxxp://search.searchcompletion.com/?si=10197&home=1 --> hxxp://www.google.com Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Default_Search_URL] = hxxp://search.searchcompletion.com/?si=10197&home=1 --> hxxp://www.google.com Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Search Bar] = hxxp://search.searchcompletion.com/?si=10197&home=1 --> hxxp://www.google.com Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Default_Page_URL] = hxxp://search.searchcompletion.com/?si=10197&home=1 --> hxxp://www.google.com Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Search - Default_Search_URL] = hxxp://search.searchcompletion.com/?si=10197&home=1 --> hxxp://www.google.com Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Search - Search Page] = hxxp://search.searchcompletion.com/?si=10197&home=1 --> hxxp://www.google.com Ersetzt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://start.facemoods.com/?a=audio&s={searchTerms}&f=4 --> hxxp://www.google.com ************************* AdwCleaner[S1].txt - [7251 octets] - [09/11/2012 22:37:11] ########## EOF - C:\AdwCleaner[S1].txt - [7311 octets] ########## DDS Logfile: DDS Logfile: DDS Logfile: Code:
ATTFilter DDS (Ver_2012-11-07.01) - NTFS_x86 Internet Explorer: 8.0.6001.19088 Run by root at 22:54:39 on 2012-11-09 #Option MBR scan is disabled. Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.49.1031.18.2037.1143 [GMT 1:00] . AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C} SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691} SP: SPYWAREfighter *Disabled/Updated* {54CEAF19-6DDF-F31A-F96A-11F730C2EC03} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes ================ . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe C:\Windows\system32\SLsvc.exe C:\Windows\System32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\PROGRA~1\SQUEEZ~1\server\Bin\MSWIN3~1\mysqld.exe C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe C:\Windows\system32\TODDSrv.exe c:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe c:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe C:\Program Files\Synology\Assistant\UsbClientService.exe C:\Windows\system32\taskeng.exe C:\Program Files\Avira\AntiVir Desktop\avshadow.exe C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\igfxsrvc.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\TOSHIBA\Toshiba Online Product Information\TOPI.exe C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe C:\Program Files\FreePDF_XP\fpassist.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Windows\System32\M-AudioTaskBarIcon.exe C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Squeezebox\SqueezeTray.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Windows\system32\wuauclt.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\conime.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k rpcss C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\System32\svchost.exe -k Akamai C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\System32\svchost.exe -k WerSvcGroup . ============== Pseudo HJT Report =============== . uStart Page = about:blank uSearch Bar = hxxp://www.google.com uSearch Page = hxxp://www.google.com uDefault_Page_URL = hxxp://www.google.de uDefault_Search_URL = hxxp://www.google.com mDefault_Page_URL = hxxp://www.google.de mSearchAssistant = hxxp://www.google.com BHO: AutorunsDisabled - <orphaned> BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: EpsonToolBandKicker Class: {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll TB: EPSON Web-To-Page: {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll TB: EPSON Web-To-Page: {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [IgfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [RtHDVCpl] RtHDVCpl.exe mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe mRun: [topi] c:\program files\toshiba\toshiba online product information\topi.exe -startup mRun: [TPwrMain] c:\program files\toshiba\power saver\TPwrMain.EXE mRun: [SmoothView] c:\program files\toshiba\smoothview\SmoothView.exe mRun: [00TCrdMain] c:\program files\toshiba\flashcards\TCrdMain.exe mRun: [Toshiba Registration] c:\program files\toshiba\registration\ToshibaRegistration.exe mRun: [FreePDF Assistant] "c:\program files\freepdf_xp\fpassist.exe" mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min mRun: [M-Audio Taskbar Icon] c:\windows\system32\M-AudioTaskBarIcon.exe mRun: [NetFxUpdate_v1.1.4322] "c:\windows\microsoft.net\framework\v1.1.4322\netfxupdate.exe" 1 v1.1.4322 GAC + NI NID mRun: [LexwareInfoService] c:\program files\common files\lexware\update manager\LxUpdateManager.exe /autostart mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe" mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" StartupFolder: c:\users\root\appdata\roaming\micros~1\windows\startm~1\programs\startup\trdcre~1.lnk - c:\program files\toshiba\trdcreminder\TRDCReminder.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\squeez~1.lnk - c:\program files\squeezebox\SqueezeTray.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\autoru~1\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\autoru~1\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\autoru~1\motion~1.lnk - c:\program files\panasonic\motionsd studio\sd_browser\AutoLauncher.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\autoru~1\secuni~1.lnk - c:\program files\secunia\psi\psi_tray.exe mPolicies-System: EnableUIADesktopToggle = dword:0 IE: Free YouTube to MP3 Converter - c:\users\root\appdata\roaming\dvdvideosoftiehelpers\freeyoutubetomp3converter.htm LSP: c:\program files\avira\antivir desktop\avsda.dll DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab TCP: NameServer = 192.168.2.1 TCP: Interfaces\{0472F0CA-6F36-44A9-BFBB-EFB5664E630F} : DHCPNameServer = 192.168.2.1 TCP: Interfaces\{E24FDE4E-5600-4E8B-938B-42DEC3A50CE8} : DHCPNameServer = 192.168.2.1 Handler: AutorunsDisabled - <Clsid value has no data> Handler: haufereader - <Clsid value has no data> Notify: igfxcui - igfxdev.dll LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg . ============= SERVICES / DRIVERS =============== . R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2011-10-11 36000] R1 RtlProt;Realtke RtlProt WLAN Utility Protocol Driver;c:\windows\system32\drivers\RtlProt.sys [2008-5-22 25896] R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2008-1-21 21504] R2 AntiVirSchedulerService;Avira Planer;c:\program files\avira\antivir desktop\sched.exe [2011-10-11 86224] R2 AntiVirService;Avira Echtzeit Scanner;c:\program files\avira\antivir desktop\avguard.exe [2011-10-11 110032] R2 AntiVirWebService;Avira Browser Schutz;c:\program files\avira\antivir desktop\avwebgrd.exe [2011-10-11 465360] R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-10-11 83392] R2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2007-12-25 40960] R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-11-9 399432] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-11-9 676936] R2 SqueezeMySQL;SqueezeMySQL;c:\progra~1\squeez~1\server\bin\mswin3~1\mysqld.exe --defaults-file=c:\progra~2\squeez~1\cache\my.cnf squeezemysql --> c:\progra~1\squeez~1\server\bin\mswin3~1\mysqld.exe --defaults-file=c:\progra~2\squeez~1\cache\my.cnf SqueezeMySQL [?] R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\toshiba\smartlogservice\TosIPCSrv.exe [2007-12-3 126976] R2 UsbClientService;UsbClientService;c:\program files\synology\assistant\UsbClientService.exe [2011-2-18 245760] R3 busenum;Synology Virtual USB Hub;c:\windows\system32\drivers\busenum.sys [2011-2-18 46304] R3 EuMusDesignVirtualAudioCableWdm;Virtual Audio Cable (WDM);c:\windows\system32\drivers\vrtaucbl.sys [2011-11-23 61096] R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [2008-2-18 7168] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-11-9 22856] R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54 MBit/s USB 2.0 Netzwerkadapter;c:\windows\system32\drivers\rtl8187B.sys [2008-5-22 290304] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S3 AVFSFilter;AVFSFilter;c:\windows\system32\drivers\avfsfilter.sys [2010-12-24 10264] S3 MADFUTRANSIT;Service for M-Audio Transit DFU;c:\windows\system32\drivers\MAudioTransit_DFU.sys [2009-9-2 42248] S3 MAUSBTRANSIT;Service for M-Audio Transit;c:\windows\system32\drivers\MAudioTransit.sys [2009-9-2 158344] S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-9-1 15544] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504] S4 AV Engine Scanning Service;AV Engine Scanning Service;c:\program files\common files\common toolkit suite\avengine\AVScanningService.exe [2010-12-24 797848] S4 AV Watch Service;AV Watch Service;c:\program files\common files\common toolkit suite\avengine\AVWatchService.exe [2010-12-24 93328] S4 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\magix\common\database\bin\fbserver.exe [2008-2-18 1527900] S4 NitroDriverReadSpool;NitroPDFDriverCreatorReadSpool;c:\program files\nitro pdf\professional\NitroPDFDriverService.exe [2011-3-21 196928] S4 nlsX86cc;NLS Service;c:\windows\system32\NLSSRV32.EXE [2011-3-21 68928] S4 Secunia PSI Agent;Secunia PSI Agent;c:\program files\secunia\psi\psia.exe [2011-4-19 993848] S4 Secunia Update Agent;Secunia Update Agent;c:\program files\secunia\psi\sua.exe [2011-4-19 399416] S4 Suite Service;Suite Service;c:\program files\fighters\FighterSuiteService.exe [2010-12-24 1141896] . =============== Created Last 30 ================ . 2012-11-09 20:56:43 6918632 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{afefabbd-88cd-4491-acfa-3d8b63eb8434}\mpengine.dll 2012-11-08 23:36:57 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-11-08 23:36:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-11-06 21:52:21 -------- d-----w- c:\programdata\Norton 2012-11-06 21:52:12 -------- d-----w- c:\users\root\appdata\local\NPE . ==================== Find3M ==================== . 2012-10-14 14:37:18 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-10-14 14:37:18 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe . ============= FINISH: 22:55:46,51 =============== --- --- --- ...und hier attach.txt Code:
ATTFilter . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-07.01) . Microsoft® Windows Vista™ Home Premium Boot Device: \Device\HarddiskVolume2 Install Date: 22.05.2008 12:36:21 System Uptime: 09.11.2012 22:40:46 (0 hours ago) . Motherboard: Intel Corp. | | Base Board Product Name Processor: Intel(R) Pentium(R) Dual CPU T2370 @ 1.73GHz | CPU | 1733/533mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 116 GiB total, 7,345 GiB free. E: is FIXED (NTFS) - 115 GiB total, 81,998 GiB free. F: is CDROM () . ==== Disabled Device Manager Items ============= . Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318} Description: Microsoft-ISATAP-Adapter Device ID: ROOT\*ISATAP\0015 Manufacturer: Microsoft Name: Microsoft-ISATAP-Adapter #8 PNP Device ID: ROOT\*ISATAP\0015 Service: tunnel . Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318} Description: Microsoft-ISATAP-Adapter Device ID: ROOT\*ISATAP\0030 Manufacturer: Microsoft Name: Microsoft-ISATAP-Adapter #11 PNP Device ID: ROOT\*ISATAP\0030 Service: tunnel . ==== System Restore Points =================== . RP802: 06.11.2012 07:25:51 - Geplanter Prüfpunkt RP803: 06.11.2012 20:18:35 - Windows Update RP804: 07.11.2012 09:17:58 - Geplanter Prüfpunkt RP805: 08.11.2012 01:34:57 - Geplanter Prüfpunkt RP806: 09.11.2012 04:24:10 - Geplanter Prüfpunkt RP807: 09.11.2012 21:55:56 - Windows Update . ==== Installed Programs ====================== . 7-Zip 4.64 Adobe Flash Player 11 ActiveX Adobe Photoshop 7.0 Adobe Reader 8.3.1 AFPL Ghostscript 8.54 AFPL Ghostscript Fonts AkAbak 2.1 Akamai NetSession Interface Service Apple Application Support Apple Mobile Device Support Apple Software Update ASIO4ALL Audio Transcoder Audiolense version 4.4 Avira Free Antivirus Bonjour CD/DVD Drive Acoustic Silencer CDBurnerXP cMP 1.2 Convolver cPlay 2.0b34 Cuttermaran 1.70 CyberLink PowerDVD 10 dBpoweramp DSP Effects dBpoweramp Music Converter Digelaty 3.01 dm-Fotowelt dm Digi Foto DVD MovieFactory for TOSHIBA EPSON-Drucker-Software EPSON Copy Utility 3 EPSON PhotoQuicker3.5 EPSON PRINT Image Framer Tool2.1 EPSON Scan EPSON Smart Panel EPSON Web-To-Page ESPRX420 Ref. Handbuch ESPRX420 Softwarehandbuch Eusing Free Registry Cleaner Exact Audio Copy 1.0beta2 Firebird SQL Server - MAGIX Edition 2.0.0.1 (D) Free YouTube to MP3 Converter version 3.10.15.1228 FreePCB 1.2 FreePDF (Remove only) Gogo MP3 To CD Burner Google Earth Google SketchUp 8 Google Update Helper Haufe iDesk-Browser Haufe iDesk-Service HBX V.6.0.5 HDAUDIO Soft Data Fax Modem with SmartCP HOLMImpulse Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) In-Tune Multi-Instrument Tuner v1.97 Intel(R) Graphics Media Accelerator Driver Intel® Matrix Storage Manager InterVideo FilterSDK for Panasonic iTunes Java Auto Updater Java(TM) 6 Update 26 Java(TM) 6 Update 3 Ken Ward's Zipper 1.4000 Löwenzahn Lexikon Lexware Info Service M-Audio Transit Driver 6.0.1 (x86) MAGIX Digital Foto Maker SE 4.1.0.835 (D) MAGIX Foto Suite 1.12.0.89 (D) MAGIX Online Druck Service 2.3.2.0 (D) Malwarebytes Anti-Malware version 1.65.1.1000 Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Security Update (KB2416447) Microsoft .NET Framework 3.5 Language Pack SP1 - deu Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Office 2000 Professional Microsoft Silverlight Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft XML Parser Min Tuner 2.00 MotionSD STUDIO 1.2E MP3 CD Converter 4.00 MP3 CD Converter Professional 5.03 MSXML 4.0 SP2 (KB941833) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MuseScore 1.1 MuseScore score typesetter myphotobook 3.5 NetWaiting Nitro PDF Professional Notepad++ Photo Transport PhotoImpression 5 PhotoRescue Expert PC 2.1.703 Demo PIF DESIGNER2.1 PuTTY version 0.61 QuickSteuer 2009 DB QuickSteuer 2010 DB QuickSteuer 2011 DB QuickSteuer 2012 DB QuickSteuer Wissens-Center 2009 Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista Realtek High Definition Audio Driver REALTEK RTL8187B Wireless LAN Driver Realtek USB 2.0 Card Reader Realtek WiFi Protected Setup Library RedMon - Redirection Port Monitor RescuePRO 3.4.0.34 ScanToWeb Secunia PSI (2.0.0.3003) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile DEU Language Pack (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile DEU Language Pack (KB2518870) Security Update for Windows Media Encoder (KB2447961) Security Update for Windows Media Encoder (KB954156) Security Update for Windows Media Encoder (KB979332) SmartMusic 10 SPYWAREfighter Squeezebox Server 7.5.4 Stellar Phoenix Photo Recovery v3.5 SteuerSparpaket 2008 Synaptics Pointing Device Driver Synology Assistant (remove only) TOSHIBA Assist TOSHIBA Benutzerhandbücher TOSHIBA ConfigFree TOSHIBA Disc Creator TOSHIBA DVD PLAYER TOSHIBA Extended Tiles for Windows Mobility Center TOSHIBA Hardware Setup Toshiba Online Product Information TOSHIBA Recovery Disc Creator TOSHIBA Supervisor Password TOSHIBA Value Added Package TRDCReminder TRORDCLauncher Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Virtual Audio Cable 4.10 Virtual Tuner Willi wills wissen - SOS Rettung auf See Windows Media Encoder 9-Reihe WinSCP 4.3.4 . ==== End Of File =========================== |
10.11.2012, 00:35 | #7 |
/// TB-Ausbilder | GVU Trojaner (2.07?) Vista 32 Das ist der Hammer, absolut nichts zu sehen, was es ist - oder ich bin blind. Evtl bringt ein genauerer Scan das zum Vorschein und mache bitte die Benutzernamen nicht unkenntlich, wenns nicht unbedingt sein muss. Customscan mit OTL
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
10.11.2012, 02:14 | #8 |
| GVU Trojaner (2.07?) Vista 32 hm, OTL.txt wird erzeugt, s.u. extra.txt fehlt allerdings, meine Wahl "extra Registrierung aus SafeList" wird durch den quick scan wieder geändert .... Sorry für die Namensänderung, geht leider im Moment nicht anders. OTL Logfile: Code:
ATTFilter OTL logfile created on: 10.11.2012 01:50:38 - Run 6 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\root\Desktop Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19088) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,99 Gb Total Physical Memory | 0,90 Gb Available Physical Memory | 45,12% Memory free 7,90 Gb Paging File | 6,62 Gb Available in Paging File | 83,76% Paging File free Paging file location(s): c:\pagefile.sys 3055 3055e:\pagef [Binary data over 200 bytes] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 116,37 Gb Total Space | 7,70 Gb Free Space | 6,61% Space Free | Partition Type: NTFS Drive E: | 115,05 Gb Total Space | 82,00 Gb Free Space | 71,27% Space Free | Partition Type: NTFS Computer Name: LAPTOP | User Name: root | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\root\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Haufe-Lexware GmbH & Co. KG) PRC - C:\Programme\Squeezebox\SqueezeTray.exe (SlimDevices - A Logitech Company) PRC - C:\Programme\Squeezebox\server\Bin\MSWin32-x86-multi-thread\mysqld.exe () PRC - C:\Programme\FreePDF_XP\fpassist.exe (shbox.de) PRC - C:\Programme\Synology\Assistant\UsbClientService.exe () PRC - C:\Windows\System32\M-AudioTaskBarIcon.exe (Avid Technology, Inc.) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Programme\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation) PRC - C:\Programme\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation) PRC - C:\Programme\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) PRC - C:\Programme\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation) PRC - c:\Programme\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation) PRC - C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION) PRC - c:\Programme\TOSHIBA\SMARTLogService\TosIPCSrv.exe (TOSHIBA Corporation) PRC - C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation) PRC - C:\Programme\TOSHIBA\Toshiba Online Product Information\TOPI.exe (TOSHIBA) PRC - C:\Programme\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.) ========== Modules (No Company Name) ========== MOD - C:\Users\root\AppData\Local\Temp\pdk-root-2924\23fe5d76b9491fa255db2281ac7687d5\Service.dll () MOD - C:\Users\root\AppData\Local\Temp\pdk-root-2924\b7b4505cb0a127c242f14d779e410e03\POSIX.dll () MOD - C:\Users\root\AppData\Local\Temp\pdk-root-2924\c3da4aa4c02db51c7f94d5eaf2438023\OLE.dll () MOD - C:\Users\root\AppData\Local\Temp\pdk-root-2924\20252d6e001ae3774b425e81ba09b666\Fcntl.dll () MOD - C:\Users\root\AppData\Local\Temp\pdk-root-2924\6a834a555edd63cb8706466e7c1666f2\Hostname.dll () MOD - C:\Users\root\AppData\Local\Temp\pdk-root-2924\f48694173221cfa9bad4275e2389b498\Win32.dll () MOD - C:\Users\root\AppData\Local\Temp\pdk-root-2924\7020d50af327e3fc94b98242c307fc81\Cwd.dll () MOD - C:\Users\root\AppData\Local\Temp\pdk-root-2924\7dd16cc839f33995d1a58e2773aa29b8\WinError.dll () MOD - C:\Users\root\AppData\Local\Temp\pdk-root-2924\23ae7fb85999872530b5a5d4d67a4f44\Registry.dll () MOD - C:\Users\root\AppData\Local\Temp\pdk-root-2924\2d2847f7dd2a1fddd0fdb79d9d64ba93\List.dll () MOD - C:\Users\root\AppData\Local\Temp\pdk-root-2924\855297e7b4b860331fdbdd53426f5e15\Dumper.dll () MOD - C:\Users\root\AppData\Local\Temp\pdk-root-2924\2076671ee5d0a5323570c92c74abac6f\Process.dll () MOD - C:\Users\root\AppData\Local\Temp\pdk-root-2924\86351894c58e4804ca004825fea78bbb\Encode.dll () MOD - C:\Users\root\AppData\Local\Temp\pdk-root-2924\a7c0cce4e1ac2c1f6d3e71bbe3c9bdd3\Socket.dll () MOD - C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll () MOD - C:\Programme\Notepad++\NppShell_04.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\381fb23cb39e1a61e13b8770eb9800ba\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\f1aa2385c0109f3059e0e6ba8b58ff68\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dff86a62a525ec8dc827fe9f50298b7\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\0309936a8e1672d39b9cf14463ce69f9\mscorlib.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\f3e016a2e799cfe233b13d88e90c0e0b\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\618e6d3cd8824d6d72ae1767acaa1078\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\7cc17b90932adaad5651ceb526cade44\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\53591520988a6ee49924e1efc911df30\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\5a8bf6ab1a6ba60e7355fa4cc61fd0c5\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\74353039393f68f4c068cc37f759e5be\mscorlib.ni.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\Programme\TOSHIBA\PCDiag\NotifyPCD.dll () MOD - C:\Programme\TOSHIBA\FlashCards\TWarnMsg\TWarnMsg.dll () MOD - C:\Programme\TOSHIBA\FlashCards\BlackPng.dll () MOD - C:\Windows\System32\igfxTMM.dll () MOD - C:\Programme\TOSHIBA\TOSHIBA Assist\NotifyX.dll () MOD - c:\Programme\TOSHIBA\TOSHIBA Disc Creator\NotifyTDC.dll () MOD - C:\Programme\Common Files\Adobe\Shell\psicon.dll () ========== Services (SafeList) ========== SRV - (Akamai) -- c:\program files\common files\akamai/netsession_win_b5e8a4c.dll () SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirWebService) -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (Secunia PSI Agent) -- C:\Programme\Secunia\PSI\psia.exe (Secunia) SRV - (Secunia Update Agent) -- C:\Programme\Secunia\PSI\sua.exe (Secunia) SRV - (SqueezeMySQL) -- C:\Programme\Squeezebox\server\Bin\MSWin32-x86-multi-thread\mysqld.exe () SRV - (nlsX86cc) -- C:\Windows\System32\NLSSRV32.EXE (Nalpeiron Ltd.) SRV - (NitroDriverReadSpool) -- C:\Programme\Nitro PDF\Professional\NitroPDFDriverService.exe (Nitro PDF Software) SRV - (UsbClientService) -- C:\Programme\Synology\Assistant\UsbClientService.exe () SRV - (Suite Service) -- C:\Programme\Fighters\FighterSuiteService.exe (SPAMfighter ApS) SRV - (AV Engine Scanning Service) -- C:/Program Files/Common Files/Common Toolkit Suite/AVEngine/AVScanningService.exe () SRV - (AV Watch Service) -- C:/Program Files/Common Files/Common Toolkit Suite/AVEngine/AVWatchService.exe () SRV - (TNaviSrv) -- C:\Programme\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation) SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (TosCoSrv) -- c:\Programme\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation) SRV - (ConfigFree Service) -- C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION) SRV - (TOSHIBA SMART Log Service) -- c:\Programme\TOSHIBA\SMARTLogService\TosIPCSrv.exe (TOSHIBA Corporation) SRV - (TODDSrv) -- C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation) SRV - (bgsvcgen) -- C:\Windows\System32\bgsvcgen.exe (B.H.A Corporation) SRV - (UleadBurningHelper) -- C:\Programme\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.) SRV - (FirebirdServerMAGIXInstance) -- C:\Programme\MAGIX\Common\Database\bin\fbserver.exe (MAGIX®) ========== Driver Services (SafeList) ========== DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found DRV - (MAUSBTZ) -- system32\DRIVERS\mausbts.sys File not found DRV - (MADFU006) -- SYSTEM32\DRIVERS\MADFU006.sys File not found DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (EuMusDesignVirtualAudioCableWdm) -- C:\Windows\System32\drivers\vrtaucbl.sys (Eugene V. Muzychenko) DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (busenum) -- C:\Windows\System32\drivers\busenum.sys (Windows (R) Win 7 DDK provider) DRV - (AVFSFilter) -- C:\Windows\System32\drivers\avfsfilter.sys () DRV - (PSI) -- C:\Windows\System32\drivers\psi_mf.sys (Secunia) DRV - (MADFUTRANSIT) -- C:\Windows\System32\drivers\MAudioTransit_DFU.sys (M-Audio) DRV - (MAUSBTRANSIT) -- C:\Windows\System32\drivers\MAudioTransit.sys (Avid Technology, Inc.) DRV - (tos_sps32) -- C:\Windows\System32\drivers\tos_sps32.sys (TOSHIBA Corporation) DRV - (NETw3v32) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel Corporation) DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation ) DRV - (RTL8187B) -- C:\Windows\System32\drivers\rtl8187B.sys (Realtek Semiconductor Corporation ) DRV - (TVALZ) -- C:\Windows\System32\drivers\TVALZ_O.SYS (TOSHIBA Corporation) DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.) DRV - (RtlProt) -- C:\Windows\System32\drivers\RtlProt.sys (Windows (R) Codename Longhorn DDK provider) DRV - (FwLnk) -- C:\Windows\System32\drivers\FwLnk.sys (TOSHIBA Corporation) DRV - (tdcmdpst) -- C:\Windows\System32\drivers\tdcmdpst.sys (TOSHIBA Corporation.) DRV - (cdrbsdrv) -- C:\Windows\System32\drivers\cdrbsdrv.sys (B.H.A Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.de IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{35BAA2DF-423D-4F27-B44A-D80F5981FCFF}: "URL" = hxxp://www.google.de/search?q={searchTerms}&rls=com.microsoft:*:IE-SearchBox&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7; IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-837539190-946308511-2959491753-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.de IE - HKU\S-1-5-21-837539190-946308511-2959491753-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com IE - HKU\S-1-5-21-837539190-946308511-2959491753-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com IE - HKU\S-1-5-21-837539190-946308511-2959491753-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKU\S-1-5-21-837539190-946308511-2959491753-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = hxxp://www.google.com IE - HKU\S-1-5-21-837539190-946308511-2959491753-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKU\S-1-5-21-837539190-946308511-2959491753-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-837539190-946308511-2959491753-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com IE - HKU\S-1-5-21-837539190-946308511-2959491753-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Search Page = hxxp://www.google.com IE - HKU\S-1-5-21-837539190-946308511-2959491753-1000\..\SearchScopes,DefaultScope = {35BAA2DF-423D-4F27-B44A-D80F5981FCFF} IE - HKU\S-1-5-21-837539190-946308511-2959491753-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\S-1-5-21-837539190-946308511-2959491753-1000\..\SearchScopes\{35BAA2DF-423D-4F27-B44A-D80F5981FCFF}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7TSEA IE - HKU\S-1-5-21-837539190-946308511-2959491753-1000\..\SearchScopes\{7E25F2EB-1E56-4460-8043-AECDA51F9E77}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-IDW&o=APN10023&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=LL&apn_dtid=YYYYYYYYDE&apn_uid=6541506a-837e-4603-9771-09b5e9926f88&apn_sauid=292C1CD9-4044-4872-9AAE-F456B47A37CF IE - HKU\S-1-5-21-837539190-946308511-2959491753-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-837539190-946308511-2959491753-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.) [2011.08.16 18:29:47 | 000,002,048 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrchaudio.xml O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programme\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION) O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found. O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programme\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION) O3 - HKU\S-1-5-21-837539190-946308511-2959491753-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O3 - HKU\S-1-5-21-837539190-946308511-2959491753-1000\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programme\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [00TCrdMain] C:\Programme\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files\FreePDF_XP\fpassist.exe (shbox.de) O4 - HKLM..\Run: [LexwareInfoService] C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Haufe-Lexware GmbH & Co. KG) O4 - HKLM..\Run: [M-Audio Taskbar Icon] C:\Windows\System32\M-AudioTaskBarIcon.exe (Avid Technology, Inc.) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [SmoothView] C:\Programme\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe (TOSHIBA) O4 - HKLM..\Run: [Toshiba Registration] C:\Programme\TOSHIBA\Registration\ToshibaRegistration.exe (Toshiba) O4 - HKLM..\Run: [TPwrMain] C:\Programme\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation) O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-21-837539190-946308511-2959491753-1000..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O4 - Startup: C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Programme\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe) O4 - Startup: C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Programme\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe) O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Programme\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe) O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Programme\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe) O4 - Startup: C:\Users\root\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Programme\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe) O4 - Startup: C:\Users\ttemp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Programme\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = [binary data] O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = [binary data] O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-837539190-946308511-2959491753-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\root\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O13 - gopher Prefix: missing O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0472F0CA-6F36-44A9-BFBB-EFB5664E630F}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E24FDE4E-5600-4E8B-938B-42DEC3A50CE8}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\AutorunsDisabled - No CLSID value found O18 - Protocol\Handler\AutorunsDisabled\dssrequest - No CLSID value found O18 - Protocol\Handler\AutorunsDisabled\sacore - No CLSID value found O18 - Protocol\Handler\haufereader - No CLSID value found O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Toshiba\WALLPAPERS\Wallpaper1.jpg O24 - Desktop BackupWallPaper: C:\Toshiba\WALLPAPERS\Wallpaper1.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {2F6EFCE6-10DF-49F9-9E64-9AE3775B2588} - Microsoft .NET Framework 1.1 Security Update (KB2416447) ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460) ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: AutorunsDisabled - NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found Drivers32: msacm.dvacm - C:\Programme\Common Files\Ulead Systems\vio\DVACM.acm (Ulead Systems, Inc.) Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.) Drivers32: VIDC.DVSD - C:\Windows\System32\pdvcodec.dll (Matsushita Electric Industrial Co., Ltd.) SafeBootMin: AppMgmt - Service SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: MCODS - Reg Error: Value error. SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - Service SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: MCODS - Reg Error: Value error. SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.11.10 01:18:00 | 000,000,000 | ---D | C] -- C:\Users\root\Desktop\T-logs [2012.11.09 22:52:57 | 000,688,901 | R--- | C] (Swearware) -- C:\Users\root\Desktop\dds.com [2012.11.09 00:37:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.11.09 00:36:57 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.11.09 00:36:57 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.11.07 00:08:53 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\root\Desktop\OTL.exe [2012.11.06 22:52:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton [2012.11.06 22:52:12 | 000,000,000 | ---D | C] -- C:\Users\root\AppData\Local\NPE [2012.11.06 00:16:56 | 000,000,000 | ---D | C] -- C:\Users\root\Desktop\DE-Cleaner powered by Kaspersky1 [2012.11.05 23:58:36 | 000,000,000 | ---D | C] -- C:\Users\root\AppData\Roaming\Apple Computer [2012.10.16 20:12:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google SketchUp 8 [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.11.10 01:54:00 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{63201445-96D7-497C-9030-2AEDEE9898A8}.job [2012.11.10 01:13:07 | 000,639,210 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.11.10 01:13:07 | 000,604,764 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.11.10 01:13:07 | 000,131,218 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.11.10 01:13:07 | 000,108,096 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.11.10 01:12:21 | 000,001,833 | ---- | M] () -- C:\Users\root\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk [2012.11.10 01:08:01 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.11.10 01:08:01 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.11.10 01:07:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.11.10 01:07:44 | 2134,896,640 | -HS- | M] () -- C:\hiberfil.sys [2012.11.10 00:04:15 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.11.09 22:53:01 | 000,688,901 | R--- | M] (Swearware) -- C:\Users\root\Desktop\dds.com [2012.11.09 22:35:47 | 000,541,569 | ---- | M] () -- C:\Users\root\Desktop\adwcleaner.exe [2012.11.09 00:37:00 | 000,000,911 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.11.08 00:22:35 | 000,302,592 | ---- | M] () -- C:\Users\root\Desktop\uv0zgwrt.exe [2012.11.08 00:03:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\root\Desktop\OTL.exe [2012.11.07 23:41:14 | 000,000,000 | ---- | M] () -- C:\Users\root\defogger_reenable [2012.11.07 23:40:31 | 000,050,477 | ---- | M] () -- C:\Users\root\Desktop\Defogger.exe [2012.11.06 20:58:17 | 000,001,855 | ---- | M] () -- C:\Users\root\Desktop\Entfernen des Avira DE-Cleaners.lnk [2012.11.06 20:58:17 | 000,001,784 | ---- | M] () -- C:\Users\root\Desktop\Avira DE-Cleaner.lnk [2012.10.17 22:15:48 | 000,000,867 | ---- | M] () -- C:\Users\root\Desktop\Eusing Free Registry Cleaner.lnk [2012.10.16 20:12:07 | 000,001,907 | ---- | M] () -- C:\Users\Public\Desktop\Google SketchUp 8.lnk [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.11.09 22:35:45 | 000,541,569 | ---- | C] () -- C:\Users\root\Desktop\adwcleaner.exe [2012.11.09 00:37:00 | 000,000,911 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.11.08 23:06:51 | 2134,896,640 | -HS- | C] () -- C:\hiberfil.sys [2012.11.08 00:22:34 | 000,302,592 | ---- | C] () -- C:\Users\root\Desktop\uv0zgwrt.exe [2012.11.07 23:41:14 | 000,000,000 | ---- | C] () -- C:\Users\root\defogger_reenable [2012.11.07 23:40:30 | 000,050,477 | ---- | C] () -- C:\Users\root\Desktop\Defogger.exe [2012.10.16 20:12:07 | 000,001,907 | ---- | C] () -- C:\Users\Public\Desktop\Google SketchUp 8.lnk [2012.10.14 15:37:19 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.02.07 22:53:13 | 000,096,768 | ---- | C] () -- C:\Windows\SlantAdj.dll [2012.02.07 22:53:13 | 000,003,136 | ---- | C] () -- C:\Windows\Ade001.bin [2012.02.07 22:53:13 | 000,000,072 | ---- | C] () -- C:\Windows\System32\epDPE.ini [2011.12.09 00:36:41 | 000,000,680 | ---- | C] () -- C:\Users\root\AppData\Local\d3d9caps.dat [2011.10.19 20:10:12 | 000,000,092 | ---- | C] () -- C:\Users\root\AppData\Local\fusioncache.dat [2011.08.31 20:43:22 | 000,013,076 | ---- | C] () -- C:\Windows\System32\SpoonUninstall-dBpoweramp DSP Effects.dat [2011.08.17 17:08:35 | 000,000,600 | ---- | C] () -- C:\Users\root\AppData\Roaming\winscp.rnd [2011.08.17 15:18:24 | 004,022,504 | ---- | C] () -- C:\Windows\System32\SpoonUninstall.exe [2011.08.17 15:18:24 | 000,017,944 | ---- | C] () -- C:\Windows\System32\SpoonUninstall-dBpoweramp Music Converter.dat [2011.05.20 22:15:25 | 000,000,144 | ---- | C] () -- C:\ProgramData\~44031736r [2011.05.20 22:15:25 | 000,000,120 | ---- | C] () -- C:\ProgramData\~44031736 [2011.05.20 22:15:20 | 000,000,344 | ---- | C] () -- C:\ProgramData\44031736 [2011.03.20 18:46:56 | 000,000,039 | -H-- | C] () -- C:\Windows\System32\spfid.bin [2011.03.20 18:46:56 | 000,000,039 | -H-- | C] () -- C:\Windows\spfid.bin [2010.12.24 13:45:10 | 000,010,264 | ---- | C] () -- C:\Windows\System32\drivers\avfsfilter.sys [2010.06.20 17:46:41 | 000,000,008 | ---- | C] () -- C:\ProgramData\SDGLYBMPWPP.SYS [2010.06.02 23:04:58 | 000,000,881 | ---- | C] () -- C:\Users\root\rescuepro34act.lic [2010.06.02 23:04:58 | 000,000,051 | ---- | C] () -- C:\Users\root\rescuepro.properties [2009.06.15 21:56:47 | 000,003,584 | ---- | C] () -- C:\Users\root\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== ZeroAccess Check ========== [2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2011.01.21 16:46:32 | 011,582,464 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.03.03 05:36:24 | 000,615,424 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2008.01.21 03:24:03 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2012.06.20 11:54:11 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\dBpoweramp [2011.09.13 14:21:11 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Downloaded Installations [2008.07.26 19:14:28 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\EPSON [2011.01.19 18:50:53 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Fighters [2009.09.24 11:47:03 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Haufe [2011.10.19 20:50:49 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Imaxel [2009.09.18 08:14:19 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Lexware [2012.02.13 14:38:44 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\MusE [2009.09.24 19:47:18 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\myphotobook [2012.11.08 10:26:13 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Nitro PDF [2010.09.27 20:16:16 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\BonkEnc [2011.11.22 20:49:09 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Canneverbe Limited [2012.06.25 22:02:24 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Cuttermaran [2011.08.17 16:41:54 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\dBpoweramp [2012.02.12 20:33:31 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\DVDVideoSoft [2011.08.17 12:52:03 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\EAC [2011.01.18 23:22:17 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Fighters [2009.02.01 23:46:23 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\foobar2000 [2011.06.29 18:25:06 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Gynayw [2011.09.07 21:25:57 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Haufe [2010.11.13 23:26:50 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\HOLM Acoustics [2011.10.19 20:11:39 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Imaxel [2011.11.22 19:33:08 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\ImgBurn [2009.09.17 21:52:42 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Lexware [2010.12.23 11:21:51 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\MAGIX [2011.09.21 20:11:26 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Nitro PDF [2011.10.29 21:43:30 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Notepad++ [2008.08.31 10:58:02 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\Smart Panel [2009.02.25 22:52:24 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\TolvanData [2011.11.22 22:44:21 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\Toshiba [2010.11.21 11:46:53 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\Ulead Systems [2012.02.12 20:33:23 | 000,000,000 | ---D | M] -- C:\Users\root\AppData\Roaming\DVDVideoSoft [2012.02.12 20:33:14 | 000,000,000 | ---D | M] -- C:\Users\root\AppData\Roaming\DVDVideoSoftIEHelpers [2011.08.16 21:50:21 | 000,000,000 | ---D | M] -- C:\Users\root\AppData\Roaming\EAC [2011.01.18 23:19:34 | 000,000,000 | ---D | M] -- C:\Users\root\AppData\Roaming\Fighters [2011.09.07 21:46:06 | 000,000,000 | ---D | M] -- C:\Users\root\AppData\Roaming\FreePDF [2011.10.19 20:08:21 | 000,000,000 | ---D | M] -- C:\Users\root\AppData\Roaming\Imaxel [2010.05.08 13:17:44 | 000,000,000 | ---D | M] -- C:\Users\root\AppData\Roaming\Lexware [2012.02.12 22:02:50 | 000,000,000 | ---D | M] -- C:\Users\root\AppData\Roaming\MusE [2011.10.16 17:52:11 | 000,000,000 | ---D | M] -- C:\Users\root\AppData\Roaming\Notepad++ [2008.05.22 13:47:00 | 000,000,000 | ---D | M] -- C:\Users\root\AppData\Roaming\Toshiba [2012.11.09 00:35:14 | 000,000,000 | ---D | M] -- C:\Users\ttemp\AppData\Roaming\Lexware ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2012.11.08 23:28:14 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN [2010.07.25 20:38:21 | 000,000,000 | -H-D | M] -- C:\AkAbak [2008.02.18 15:42:38 | 000,000,000 | -HSD | M] -- C:\Boot [2006.11.02 14:02:03 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2008.05.22 11:50:37 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2008.08.04 22:28:26 | 000,000,000 | -H-D | M] -- C:\DVDWriter_Temp [2011.09.07 21:43:26 | 000,000,000 | ---D | M] -- C:\FreePDF [2008.02.18 16:10:59 | 000,000,000 | -H-D | M] -- C:\Intel [2011.11.01 18:20:39 | 000,000,000 | ---D | M] -- C:\Octave [2008.01.21 03:32:31 | 000,000,000 | ---D | M] -- C:\PerfLogs [2012.11.09 22:37:12 | 000,000,000 | R--D | M] -- C:\Program Files [2012.11.06 22:52:21 | 000,000,000 | ---D | M] -- C:\ProgramData [2008.05.22 11:50:37 | 000,000,000 | -HSD | M] -- C:\Programme [2009.07.07 20:31:46 | 000,000,000 | -H-D | M] -- C:\PSFONTS [2012.11.10 01:52:53 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2011.12.26 18:29:42 | 000,000,000 | ---D | M] -- C:\Terzio [2008.05.22 12:02:40 | 000,000,000 | -H-D | M] -- C:\Toshiba [2011.08.30 15:33:49 | 000,000,000 | ---D | M] -- C:\updates [2012.11.08 23:26:06 | 000,000,000 | R--D | M] -- C:\Users [2012.11.06 22:56:22 | 000,000,000 | ---D | M] -- C:\Windows < %SYSTEMDRIVE%\*.* > [2012.11.09 22:37:18 | 000,007,380 | ---- | M] () -- C:\AdwCleaner[S1].txt [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat [2008.01.21 03:24:42 | 000,333,203 | RHS- | M] () -- C:\bootmgr [2008.02.18 15:42:39 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK [2006.09.18 22:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys [2012.11.10 01:07:44 | 2134,896,640 | -HS- | M] () -- C:\hiberfil.sys [2011.12.26 18:29:25 | 000,000,000 | RHS- | M] () -- C:\IO.SYS [2011.12.26 18:29:25 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS [2012.11.10 01:07:38 | 3203,399,680 | -HS- | M] () -- C:\pagefile.sys [2008.02.18 16:22:22 | 000,000,651 | ---- | M] () -- C:\RHDSetup.log [2008.02.22 16:15:58 | 000,000,229 | -H-- | M] () -- C:\SWSTAMP.TXT [2008.02.22 10:15:13 | 000,025,976 | ---- | M] () -- C:\_wdsuef.dmp < %PROGRAMFILES%\*.exe > Invalid Environment Variable: PROGRAMFILES(X86) < %systemroot%\*. /mp /s > < %windir%\installer\*. /10 > < %appdata%\*. > [2011.08.16 21:58:06 | 000,000,000 | ---D | M] -- C:\Users\root\AppData\Roaming\AccurateRip [2008.07.12 09:12:32 | 000,000,000 | ---D | M] -- C:\Users\root\AppData\Roaming\Adobe [2012.11.05 23:58:39 | 000,000,000 | ---D | M] -- C:\Users\root\AppData\Roaming\Apple Computer [2008.07.12 10:05:41 | 000,000,000 | ---D | M] -- C:\Users\root\AppData\Roaming\ArcSoft [2011.10.11 09:29:29 | 000,000,000 | ---D | M] -- C:\Users\root\AppData\Roaming\Avira [2012.02.12 20:33:23 | 000,000,000 | ---D | M] -- C:\Users\root\AppData\Roaming\DVDVideoSoft [2012.02.12 20:33:14 | 000,000,000 | ---D | M] -- C:\Users\root\AppData\Roaming\DVDVideoSoftIEHelpers [2011.08.16 21:50:21 | 000,000,000 | ---D | M] -- C:\Users\root\AppData\Roaming\EAC [2011.01.18 23:19:34 | 000,000,000 | ---D | M] -- C:\Users\root\AppData\Roaming\Fighters [2011.09.07 21:46:06 | 000,000,000 | ---D | M] -- C:\Users\root\AppData\Roaming\FreePDF [2008.05.22 13:51:31 | 000,000,000 | ---D | M] -- C:\Users\root\AppData\Roaming\Google [2008.10.12 09:04:40 | 000,000,000 | ---D | M] -- C:\Users\root\AppData\Roaming\Help [2008.05.22 12:01:52 | 000,000,000 | ---D | M] -- C:\Users\root\AppData\Roaming\Identities [2011.10.19 20:08:21 | 000,000,000 | ---D | M] -- C:\Users\root\AppData\Roaming\Imaxel [2008.05.22 11:56:48 | 000,000,000 | ---D | M] -- C:\Users\root\AppData\Roaming\InstallShield [2010.05.08 13:17:44 | 000,000,000 | ---D | M] -- C:\Users\root\AppData\Roaming\Lexware [2009.01.24 21:28:50 | 000,000,000 | ---D | M] -- C:\Users\root\AppData\Roaming\Macromedia [2011.05.20 23:50:35 | 000,000,000 | ---D | M] -- C:\Users\root\AppData\Roaming\Malwarebytes [2006.11.02 13:37:34 | 000,000,000 | ---D | M] -- C:\Users\root\AppData\Roaming\Media Center Programs [2009.07.07 21:07:42 | 000,000,000 | --SD | M] -- C:\Users\root\AppData\Roaming\Microsoft [2008.05.22 12:10:58 | 000,000,000 | ---D | M] -- C:\Users\root\AppData\Roaming\Microsoft Web Folders [2012.02.12 22:02:50 | 000,000,000 | ---D | M] -- C:\Users\root\AppData\Roaming\MusE [2011.10.16 17:52:11 | 000,000,000 | ---D | M] -- C:\Users\root\AppData\Roaming\Notepad++ [2008.05.22 13:47:00 | 000,000,000 | ---D | M] -- C:\Users\root\AppData\Roaming\Toshiba < %appdata%\*.* > [2011.08.17 17:08:49 | 000,000,600 | ---- | M] () -- C:\Users\root\AppData\Roaming\winscp.rnd < %appdata%\*.exe /s > [2009.09.17 21:29:38 | 000,086,016 | R--- | M] (InstallShield Software Corp.) -- C:\Users\root\AppData\Roaming\Microsoft\Installer\{F48AAE0F-52F4-11DD-B1F7-0050560400B1}\ARPPRODUCTICON.exe < %localappdata%\*. > [2011.10.01 11:22:28 | 000,000,000 | ---D | M] -- C:\Users\root\AppData\Local\Adobe [2008.05.22 11:54:14 | 000,000,000 | -HSD | M] -- C:\Users\root\AppData\Local\Anwendungsdaten [2012.08.09 21:29:21 | 000,000,000 | ---D | M] -- C:\Users\root\AppData\Local\Apple [2011.10.19 20:12:18 | 000,000,000 | ---D | M] -- C:\Users\root\AppData\Local\ApplicationHistory [2008.05.22 12:01:25 | 000,000,000 | ---D | M] -- C:\Users\root\AppData\Local\BVRP Software [2012.04.09 17:54:52 | 000,000,000 | ---D | M] -- C:\Users\root\AppData\Local\furnplan [2012.10.17 22:16:54 | 000,000,000 | ---D | M] -- C:\Users\root\AppData\Local\Google [2008.10.12 09:04:40 | 000,000,000 | ---D | M] -- C:\Users\root\AppData\Local\Help [2012.08.05 18:51:19 | 000,000,000 | ---D | M] -- C:\Users\root\AppData\Local\Lexware [2012.03.08 00:37:57 | 000,000,000 | ---D | M] -- C:\Users\root\AppData\Local\Microsoft [2012.02.12 22:02:45 | 000,000,000 | ---D | M] -- C:\Users\root\AppData\Local\MusE [2012.11.06 23:00:24 | 000,000,000 | ---D | M] -- C:\Users\root\AppData\Local\NPE [2011.01.18 23:19:29 | 000,000,000 | ---D | M] -- C:\Users\root\AppData\Local\PackageAware [2011.10.01 11:08:39 | 000,000,000 | ---D | M] -- C:\Users\root\AppData\Local\Secunia PSI [2012.11.10 01:50:29 | 000,000,000 | ---D | M] -- C:\Users\root\AppData\Local\Temp [2008.05.22 11:54:14 | 000,000,000 | -HSD | M] -- C:\Users\root\AppData\Local\Temporary Internet Files [2008.05.22 12:02:38 | 000,000,000 | ---D | M] -- C:\Users\root\AppData\Local\Toshiba [2008.05.22 11:54:14 | 000,000,000 | -HSD | M] -- C:\Users\root\AppData\Local\Verlauf [2009.07.07 21:17:46 | 000,000,000 | ---D | M] -- C:\Users\root\AppData\Local\VirtualStore < %localappdata%\*.* > [2011.12.09 00:36:41 | 000,000,680 | ---- | M] () -- C:\Users\root\AppData\Local\d3d9caps.dat [2009.06.15 22:26:13 | 000,003,584 | ---- | M] () -- C:\Users\root\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.10.19 20:10:12 | 000,000,092 | ---- | M] () -- C:\Users\root\AppData\Local\fusioncache.dat [2010.05.08 13:17:46 | 000,073,680 | ---- | M] () -- C:\Users\root\AppData\Local\GDIPFONTCACHEV1.DAT [2012.11.10 00:35:59 | 003,894,551 | -H-- | M] () -- C:\Users\root\AppData\Local\IconCache.db < %localappdata%\*.exe /s > [2012.11.06 20:58:15 | 000,883,840 | ---- | M] () -- C:\Users\root\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3IG86M1V\Avira-DE-Cleaner[1].exe [2012.10.17 22:15:29 | 000,979,058 | ---- | M] () -- C:\Users\root\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KRJQYYDC\EFRCSetup[1].exe [2012.11.06 00:16:21 | 137,922,416 | ---- | M] ( ) -- C:\Users\root\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PLUGJRVG\setup_9.0.0.722_05.11.2012_06-07[1].exe [2012.11.06 22:52:05 | 006,161,912 | ---- | M] (Symantec Corporation) -- C:\Users\root\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QZGMUY86\de_cleaner[1].exe [2012.11.06 00:16:22 | 137,922,416 | ---- | M] ( ) -- C:\Users\root\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PQ00LQJW\setup_9.0.0.722_05.11.2012_06-07[1].exe [2009.10.25 20:29:22 | 000,006,656 | ---- | M] () -- C:\Users\root\AppData\Local\Temp\cpufeature.exe [2011.10.19 20:08:20 | 024,277,024 | ---- | M] (Microsoft) -- C:\Users\root\AppData\Local\Temp\dotnetfx.exe [2010.07.27 23:17:00 | 002,820,608 | ---- | M] (Adobe Systems, Inc.) -- C:\Users\root\AppData\Local\Temp\InstallAX.exe [2012.10.17 22:14:21 | 004,031,184 | ---- | M] (Ask) -- C:\Users\root\AppData\Local\Temp\setup.exe [2011.07.10 02:07:58 | 000,118,784 | ---- | M] () -- C:\Users\root\AppData\Local\Temp\xmlUpdater.exe [2007.04.05 14:39:32 | 000,455,600 | R--- | M] (Macrovision Corporation) -- C:\Users\root\AppData\Local\Temp\_is3F7.exe [2008.01.22 17:04:28 | 000,455,976 | R--- | M] (Macrovision Corporation) -- C:\Users\root\AppData\Local\Temp\_isA929.exe [2006.05.24 18:10:42 | 000,455,600 | R--- | M] (Macrovision Corporation) -- C:\Users\root\AppData\Local\Temp\_isE021.exe [55 C:\Users\root\AppData\Local\Temp\*.tmp files -> C:\Users\root\AppData\Local\Temp\*.tmp -> ] [2011.09.19 17:38:26 | 001,207,296 | ---- | M] (Google) -- C:\Users\root\AppData\Local\Temp\._msige61\GoogleEarth.exe [2011.09.19 17:16:55 | 000,050,688 | ---- | M] () -- C:\Users\root\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\earthflashsol.exe [2011.09.19 17:16:48 | 000,071,680 | ---- | M] (Google) -- C:\Users\root\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\googleearth.exe [2011.09.19 17:17:12 | 000,293,888 | ---- | M] () -- C:\Users\root\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\gpsbabel.exe [2011.09.19 17:16:48 | 000,071,680 | ---- | M] (Google) -- C:\Users\root\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\geplugin.exe [2006.05.24 18:10:42 | 000,455,600 | R--- | M] (Macrovision Corporation) -- C:\Users\root\AppData\Local\Temp\{832939F9-7A9F-422E-A0A3-8D01971321AA}\{0A8073F2-31C6-413B-BC79-5808352D651A}\DVDWriter\setup.exe [1999.11.03 10:53:40 | 000,036,099 | ---- | M] (InstallShield Software Corporation) -- C:\Users\root\AppData\Local\Temp\{832939F9-7A9F-422E-A0A3-8D01971321AA}\{0A8073F2-31C6-413B-BC79-5808352D651A}\IVI\Setup.exe [2006.05.24 18:10:42 | 000,455,600 | R--- | M] (Macrovision Corporation) -- C:\Users\root\AppData\Local\Temp\{832939F9-7A9F-422E-A0A3-8D01971321AA}\{0A8073F2-31C6-413B-BC79-5808352D651A}\VRWriter\setup.exe [2012.11.06 00:27:20 | 000,245,968 | ---- | M] (Ask) -- C:\Users\root\AppData\Local\Temp\{86D4B82A-ABED-442A-BE86-96357B70F4FE}\AskPartnerCobrandingTool.exe [2012.11.06 00:27:20 | 000,176,128 | ---- | M] () -- C:\Users\root\AppData\Local\Temp\{86D4B82A-ABED-442A-BE86-96357B70F4FE}\instApp.exe [2012.11.06 00:27:20 | 000,042,880 | ---- | M] () -- C:\Users\root\AppData\Local\Temp\{86D4B82A-ABED-442A-BE86-96357B70F4FE}\RunIE.exe [2011.10.20 20:42:09 | 000,735,752 | ---- | M] (M-Audio, a division of Avid Corporation) -- C:\Users\root\AppData\Local\Temp\55c42e8b-6f7f-4342-b621-bb138d48a3c7\InstallShieldUninstaller.exe [2011.12.05 14:51:00 | 000,466,272 | ---- | M] (D+H Software GmbH ) -- C:\Users\root\AppData\Local\Temp\7zS4194.tmp\FurnplanSetup.exe [2011.12.06 16:16:38 | 000,138,752 | ---- | M] (D+H Software GmbH) -- C:\Users\root\AppData\Local\Temp\7zS4194.tmp\data\tools\Zip.exe [2011.10.11 10:55:10 | 000,684,544 | ---- | M] (D+H Software GmbH) -- C:\Users\root\AppData\Local\Temp\7zS4194.tmp\setup\updater\FP_Updater.exe [2011.08.23 14:09:06 | 000,528,896 | ---- | M] (D+H Software GmbH) -- C:\Users\root\AppData\Local\Temp\7zS4194.tmp\setup\updater\OpusUpdater.exe [2011.08.30 12:08:36 | 000,222,208 | ---- | M] (D+H Software GmbH) -- C:\Users\root\AppData\Local\Temp\7zS4194.tmp\setup\updater\Settings.exe [2011.07.07 07:44:18 | 000,147,968 | ---- | M] (D+H Software GmbH) -- C:\Users\root\AppData\Local\Temp\7zS4194.tmp\setup\updater\data\Md5Creator.exe [2011.10.21 22:24:04 | 000,735,752 | ---- | M] (M-Audio, a division of Avid Corporation) -- C:\Users\root\AppData\Local\Temp\d47fb7b9-2636-4475-b29c-269ca3f78357\InstallShieldUninstaller.exe [2011.02.17 09:30:23 | 000,299,688 | ---- | M] (Avira GmbH) -- C:\Users\root\AppData\Local\Temp\decleaner\avwebloader.exe [2011.02.25 14:51:51 | 000,059,560 | ---- | M] (Avira GmbH) -- C:\Users\root\AppData\Local\Temp\decleaner\DE-Cleaner-Install.exe [2011.08.02 19:56:58 | 000,066,216 | ---- | M] () -- C:\Users\root\AppData\Local\Temp\decleaner\decleaner\setup\Avira-DE-Cleaner-starten.exe [2011.08.02 19:56:59 | 000,514,216 | ---- | M] (Avira GmbH) -- C:\Users\root\AppData\Local\Temp\decleaner\decleaner\setup\avscan.exe [2011.08.02 19:57:02 | 001,962,152 | ---- | M] (Avira GmbH) -- C:\Users\root\AppData\Local\Temp\decleaner\decleaner\setup\decleaner.exe [2010.11.16 18:08:40 | 000,098,304 | ---- | M] ( ) -- C:\Users\root\AppData\Local\Temp\Imaxel\iDeskOrderImporter.exe [2010.11.19 12:01:42 | 000,028,672 | ---- | M] (Imaxel Labs S.L) -- C:\Users\root\AppData\Local\Temp\Imaxel\ImaxelLauncher.exe [2010.09.20 12:04:46 | 000,016,384 | ---- | M] ( ) -- C:\Users\root\AppData\Local\Temp\Imaxel\NTFSFP.exe [2011.11.22 18:05:25 | 000,258,048 | ---- | M] (OCS) -- C:\Users\root\AppData\Local\Temp\OCS\ocs_v5c.exe [2011.11.22 18:06:03 | 011,422,040 | ---- | M] (DVDVideoSoft Ltd. ) -- C:\Users\root\AppData\Local\Temp\OCS\Downloads\0674e23d6502b36621d489f1b4fbd22a\631a21e7e3ea4d60c27b0646a837ac79\FreeDiscBurner.exe [2011.09.23 16:26:37 | 000,234,448 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Users\root\AppData\Local\Temp\RarSFX0\avwebloader.exe < %allusersprofile%\*. > [2012.09.23 21:29:01 | 000,000,000 | ---D | M] -- C:\ProgramData\Adobe [2008.05.22 11:50:37 | 000,000,000 | -HSD | M] -- C:\ProgramData\Anwendungsdaten [2012.08.09 21:29:08 | 000,000,000 | ---D | M] -- C:\ProgramData\Apple [2012.08.09 21:30:14 | 000,000,000 | ---D | M] -- C:\ProgramData\Apple Computer [2006.11.02 14:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data [2012.01.08 16:49:04 | 000,000,000 | ---D | M] -- C:\ProgramData\Avira [2008.10.13 20:33:50 | 000,000,000 | -H-D | M] -- C:\ProgramData\BTrieve [2011.11.22 20:49:10 | 000,000,000 | ---D | M] -- C:\ProgramData\Canneverbe Limited [2011.09.29 12:30:35 | 000,000,000 | -H-D | M] -- C:\ProgramData\clp [2011.01.18 23:20:55 | 000,000,000 | -H-D | M] -- C:\ProgramData\Common Toolkit Suite [2011.10.01 20:41:43 | 000,000,000 | -H-D | M] -- C:\ProgramData\CyberLink [2012.08.05 18:28:08 | 000,000,000 | -H-D | M] -- C:\ProgramData\DATA BECKER [2006.11.02 14:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop [2006.11.02 14:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents [2008.05.22 11:50:37 | 000,000,000 | -HSD | M] -- C:\ProgramData\Dokumente [2008.05.22 11:50:37 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favoriten [2006.11.02 14:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites [2011.01.18 23:20:55 | 000,000,000 | -H-D | M] -- C:\ProgramData\Fighters [2011.02.23 11:09:02 | 000,000,000 | -H-D | M] -- C:\ProgramData\FreePDF [2012.03.18 08:51:54 | 000,000,000 | ---D | M] -- C:\ProgramData\gema [2012.10.17 22:16:22 | 000,000,000 | -H-D | M] -- C:\ProgramData\Google [2008.10.13 20:22:39 | 000,000,000 | -H-D | M] -- C:\ProgramData\Haufe [2012.08.17 19:14:40 | 000,000,000 | -H-D | M] -- C:\ProgramData\HOLM Acoustics [2011.10.19 22:08:44 | 000,000,000 | -H-D | M] -- C:\ProgramData\hps [2011.10.15 23:05:23 | 000,000,000 | ---D | M] -- C:\ProgramData\InguzEQ [2012.11.07 07:39:27 | 000,000,000 | ---D | M] -- C:\ProgramData\Kaspersky Lab [2010.11.30 19:24:40 | 000,000,000 | -H-D | M] -- C:\ProgramData\Lexware [2008.02.18 16:59:57 | 000,000,000 | -H-D | M] -- C:\ProgramData\MAGIX [2009.07.07 20:33:20 | 000,000,000 | -H-D | M] -- C:\ProgramData\MakeMusic [2011.05.20 23:50:19 | 000,000,000 | ---D | M] -- C:\ProgramData\Malwarebytes [2011.10.11 19:23:10 | 000,000,000 | -H-D | M] -- C:\ProgramData\McAfee [2011.08.30 22:03:44 | 000,000,000 | --SD | M] -- C:\ProgramData\Microsoft [2011.09.13 14:25:24 | 000,000,000 | ---D | M] -- C:\ProgramData\Nitro PDF [2012.11.06 22:52:21 | 000,000,000 | ---D | M] -- C:\ProgramData\Norton [2008.06.27 23:30:37 | 000,000,000 | -H-D | M] -- C:\ProgramData\Panasonic [2011.09.03 22:09:17 | 000,000,000 | ---D | M] -- C:\ProgramData\Squeezebox [2006.11.02 14:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu [2008.05.22 11:50:37 | 000,000,000 | -HSD | M] -- C:\ProgramData\Startmenü [2011.10.01 10:38:14 | 000,000,000 | ---D | M] -- C:\ProgramData\Sun [2011.08.15 10:39:06 | 000,000,000 | ---D | M] -- C:\ProgramData\Synology [2010.10.06 20:05:23 | 000,000,000 | -H-D | M] -- C:\ProgramData\TEMP [2006.11.02 14:02:04 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates [2011.10.23 20:35:58 | 000,000,000 | ---D | M] -- C:\ProgramData\tmp [2008.02.22 10:17:07 | 000,000,000 | -H-D | M] -- C:\ProgramData\TOSHIBA [2008.05.22 11:54:56 | 000,000,000 | -H-D | M] -- C:\ProgramData\ToshibaEurope [2008.07.12 09:55:31 | 000,000,000 | -H-D | M] -- C:\ProgramData\UDL [2008.02.18 16:43:13 | 000,000,000 | -H-D | M] -- C:\ProgramData\Ulead Systems [2008.05.22 11:50:37 | 000,000,000 | -HSD | M] -- C:\ProgramData\Vorlagen [2011.05.21 00:57:05 | 000,000,000 | ---D | M] -- C:\ProgramData\WindowsSearch [2012.11.03 21:13:36 | 000,000,000 | -H-D | M] -- C:\ProgramData\WinZip [2012.08.09 21:32:22 | 000,000,000 | ---D | M] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2011.01.18 23:21:13 | 000,000,000 | -H-D | M] -- C:\ProgramData\{D81057B4-29EC-41EB-A123-4E4E49873404} < %allusersprofile%\*.* > [2011.05.20 22:15:20 | 000,000,344 | ---- | M] () -- C:\ProgramData\44031736 [2010.06.20 17:46:46 | 000,000,008 | ---- | M] () -- C:\ProgramData\SDGLYBMPWPP.SYS [2011.05.20 22:15:25 | 000,000,120 | ---- | M] () -- C:\ProgramData\~44031736 [2011.05.20 22:15:25 | 000,000,144 | ---- | M] () -- C:\ProgramData\~44031736r < %allusersprofile%\*.exe /s > [2009.02.04 12:56:14 | 000,075,112 | ---- | M] (GEAR Software, Inc.) -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}\x86\DifXInstall32.exe [2010.12.24 14:02:16 | 003,129,968 | ---- | M] (SPAMfighter ApS ) -- C:\ProgramData\{D81057B4-29EC-41EB-A123-4E4E49873404}\SPYWAREfighter.exe [2010.12.24 14:01:26 | 000,706,696 | ---- | M] (SPAMfighter ApS) -- C:\ProgramData\{D81057B4-29EC-41EB-A123-4E4E49873404}\OFFLINE\1B2BFE9\40374F81\FighterLauncher.exe [2010.12.24 14:01:21 | 000,983,688 | ---- | M] (SPAMfighter) -- C:\ProgramData\{D81057B4-29EC-41EB-A123-4E4E49873404}\OFFLINE\6ED4E8D4\18732F2A\swproTray.exe [2010.12.24 13:45:07 | 000,093,328 | ---- | M] (Preventon Technologies Limited) -- C:\ProgramData\{D81057B4-29EC-41EB-A123-4E4E49873404}\OFFLINE\79D5CCD5\CB4D3653\AVWatchService.exe [2010.12.24 14:01:30 | 000,993,928 | ---- | M] (SPAMfighter ApS) -- C:\ProgramData\{D81057B4-29EC-41EB-A123-4E4E49873404}\OFFLINE\7B4591B7\40374F81\MsgSys.exe [2010.12.24 13:45:07 | 000,797,848 | ---- | M] (Preventon Technologies Limited) -- C:\ProgramData\{D81057B4-29EC-41EB-A123-4E4E49873404}\OFFLINE\B510A09A\CB4D3653\AVScanningService.exe [2010.12.24 14:01:28 | 001,141,896 | ---- | M] (SPAMfighter ApS) -- C:\ProgramData\{D81057B4-29EC-41EB-A123-4E4E49873404}\OFFLINE\DB5AB443\40374F81\FighterSuiteService.exe [2012.06.07 22:19:04 | 000,073,624 | ---- | M] (Apple Inc.) -- C:\ProgramData\Apple Computer\Installer Cache\iTunes 10.6.3.25\SetupAdmin.exe [2012.09.10 22:10:19 | 000,613,880 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\ProgramData\Avira\AntiVir Desktop\TEMP\SELFUPDATE\update.exe [2012.05.15 20:31:29 | 000,047,824 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\ProgramData\Avira\AntiVir Desktop\TEMP\SELFUPDATE\updrgui.exe [2011.07.05 23:46:52 | 006,522,744 | ---- | M] (SPAMfighter ApS) -- C:\ProgramData\Fighters\SPYWAREfighter\setup.exe [2012.10.17 22:14:23 | 000,530,464 | ---- | M] (Google Inc.) -- C:\ProgramData\Google\Google Toolbar\Update\GoogleToolbarInstaller_updater_signed.exe [2011.10.19 10:10:56 | 001,562,136 | ---- | M] () -- C:\ProgramData\hps\1320\setup_dm_Fotowelt.exe [2008.01.21 14:28:50 | 009,660,432 | -H-- | M] () -- C:\ProgramData\Lexware\Update Manager\Konfiguration\DATABECKER\AKT3B\setup.exe [2008.02.07 19:51:46 | 000,078,568 | ---- | M] (MakeMusic) -- C:\ProgramData\MakeMusic\UninstallSmartMusic10.exe [2012.10.21 20:16:55 | 010,669,952 | ---- | M] (Malwarebytes Corporation ) -- C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe [2008.09.08 09:38:38 | 000,069,632 | ---- | M] () -- C:\ProgramData\Squeezebox\Cache\InstalledPlugins\Plugins\WaveInput\Bin\wavin2cmd.exe [2011.09.03 22:11:11 | 050,667,105 | ---- | M] (Logitech ) -- C:\ProgramData\Squeezebox\Cache\updates\SqueezeboxServer-7.6.1.exe [2011.10.01 20:40:43 | 000,053,319 | ---- | M] ( ) -- C:\ProgramData\TEMP\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}\PostBuild.exe ========== Alternate Data Streams ========== @Alternate Data Stream - 192 bytes -> C:\Windows:nlsPreferences @Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:7631EA83 < End of report > [/CODE] |
10.11.2012, 10:56 | #9 | |
/// TB-Ausbilder | GVU Trojaner (2.07?) Vista 32 OK wir probieren es mal so. Berichte bitte ob das Konto wieder funktioniert. Fix mit OTL
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
10.11.2012, 11:37 | #10 |
| GVU Trojaner (2.07?) Vista 32 Danke schon mal für deine Hilfe ... ...hier das Resultat aus dem otl fix. Nach Neustart habe ich mich bei dem infizierten Konto angemeldet, der Trojaner war leider immer noch da... Code:
ATTFilter All processes killed ========== OTL ========== Registry key HKEY_USERS\S-1-5-21-837539190-946308511-2959491753-1000\Software\Microsoft\Internet Explorer\SearchScopes\{7E25F2EB-1E56-4460-8043-AECDA51F9E77}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7E25F2EB-1E56-4460-8043-AECDA51F9E77}\ not found. C:\ProgramData\Norton\{086A63F0-6B13-4F29-9695-134E7A01E963} folder moved successfully. C:\ProgramData\Norton\NPE folder moved successfully. C:\ProgramData\Norton folder moved successfully. C:\Users\root\AppData\Local\NPE folder moved successfully. Folder C:\Users\root\AppData\Local\NPE\ not found. Folder C:\ProgramData\Norton\ not found. ADS C:\Windows:nlsPreferences deleted successfully. ADS C:\ProgramData\TEMP:7631EA83 deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: **** ->Temp folder emptied: 315468677 bytes ->Temporary Internet Files folder emptied: 355654507 bytes ->Java cache emptied: 908372 bytes ->Flash cache emptied: 28955 bytes User: ***** ->Temp folder emptied: 673320067 bytes ->Temporary Internet Files folder emptied: 431959655 bytes ->Java cache emptied: 2456249 bytes ->Google Chrome cache emptied: 261587681 bytes ->Flash cache emptied: 506 bytes User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Public User: root ->Temp folder emptied: 371610296 bytes ->Temporary Internet Files folder emptied: 425081989 bytes ->Java cache emptied: 0 bytes ->Flash cache emptied: 1691 bytes User: ****** ->Temp folder emptied: 1813246 bytes ->Temporary Internet Files folder emptied: 49088777 bytes ->Java cache emptied: 0 bytes ->Flash cache emptied: 492 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 65728276 bytes RecycleBin emptied: 133236 bytes Total Files Cleaned = 2.818,00 mb OTL by OldTimer - Version 3.2.69.0 log created on 11102012_110845 Files\Folders moved on Reboot... PendingFileRenameOperations files... Registry entries deleted on Reboot... |
10.11.2012, 11:39 | #11 | ||
/// TB-Ausbilder | GVU Trojaner (2.07?) Vista 32 Grrr! Dann kommt jetzt die Keule ... Scan mit Combofix
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
10.11.2012, 13:34 | #12 |
| GVU Trojaner (2.07?) Vista 32 ....Licht am Horizont (?): erster Lauf von Combofix endete (irgendwann) mit einem bluescreen ohne Logfile. Ich habe combofix danach nochmals laufen lassen, logfile s.u. Nach einem Neustart taucht der Trojaner jetzt nicht mehr in dem Nutzerkonto auf. Code:
ATTFilter Combofix Logfile: |
10.11.2012, 13:37 | #13 | |
/// TB-Ausbilder | GVU Trojaner (2.07?) Vista 32 Ja, das war jetzt eine neue Variante für mich. Alles klar, dann gehts so weiter: Wir müssen jetzt noch ein paar Kontrollen machen. Schritt 1: Quick-Scan mit Malwarebytes Schritt 2: ESET Online Scanner Zitat:
Schritt 3: Java Update (Windows XP, Vista, 7) Dein Java ist nicht mehr aktuell. Ältere Versionen enthalten Sicherheitslücken, die von Malware missbraucht werden können.Schritt 4: Scan mit SecurityCheck Downloade Dir bitte SecurityCheck
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
10.11.2012, 16:03 | #14 |
| GVU Trojaner (2.07?) Vista 32 ... hier schon mal das Resultat von Schritt 1: Quick-Scan mit Malwarebytes Code:
ATTFilter Malwarebytes Anti-Malware 1.65.1.1000 www.malwarebytes.org Database version: v2012.11.10.06 Windows Vista Service Pack 1 x86 NTFS Internet Explorer 8.0.6001.19088 root :: LAPTOP [administrator] 10.11.2012 15:07:46 mbam-log-2012-11-10 (15-07-46).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | PUP | PUM Scan options disabled: Heuristics/Shuriken | P2P Objects scanned: 269845 Time elapsed: 6 minute(s), 58 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) ESET Online Scanner : 2 Funde Code:
ATTFilter C:\Qoobox\Quarantine\C\Users\****\ocurtajuchwufblqcu.exe.vir a variant of Win32/Injector.YQM trojan C:\Users\****\Downloads\WinZip165Multi-language.exe a variant of Win32/OpenInstall application Resultat Schritt 2: ESET Online Scanner : 2 Funde Code:
ATTFilter C:\Qoobox\Quarantine\C\Users\****\ocurtajuchwufblqcu.exe.vir a variant of Win32/Injector.YQM trojan C:\Users\****\Downloads\WinZip165Multi-language.exe a variant of Win32/OpenInstall application Resultat Schritt 2: ESET Online Scanner : 2 Funde Code:
ATTFilter C:\Qoobox\Quarantine\C\Users\****\ocurtajuchwufblqcu.exe.vir a variant of Win32/Injector.YQM trojan C:\Users\****\Downloads\WinZip165Multi-language.exe a variant of Win32/OpenInstall application Resultat Schritt 2: ESET Online Scanner : 2 Funde Code:
ATTFilter C:\Qoobox\Quarantine\C\Users\****\ocurtajuchwufblqcu.exe.vir a variant of Win32/Injector.YQM trojan C:\Users\****\Downloads\WinZip165Multi-language.exe a variant of Win32/OpenInstall application sorry für das mehrfache Anhängen .... sollte eigentlich ein neuer Beitrag werden.... |
11.11.2012, 16:07 | #15 |
| GVU Trojaner (2.07?) Vista 32 ..... so, hier die Zusammenfassung: Schritt 1: Quick-Scan mit Malwarebytes keine Funde (s.o.) Schritt 2: ESET Online Scanner : 2 Funde Code:
ATTFilter C:\Qoobox\Quarantine\C\Users\****\ocurtajuchwufblqcu.exe.vir a variant of Win32/Injector.YQM trojan C:\Users\****\Downloads\WinZip165Multi-language.exe a variant of Win32/OpenInstall application Schritt 3: JAVA 7 update 9 installiert Schritt 4: Scan mit Security Check Code:
ATTFilter Results of screen317's Security Check version 0.99.54 Windows Vista Service Pack 1 x86 Out of date service pack!! Internet Explorer 8 Out of date! ``````````````Antivirus/Firewall Check:`````````````` Avira Desktop Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` SPYWAREfighter Secunia PSI (2.0.0.3003) Malwarebytes Anti-Malware version 1.65.1.1000 Eusing Free Registry Cleaner Java 7 Update 9 Adobe Reader 8 Adobe Reader out of Date! ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe Avira Antivir avgnt.exe Avira Antivir avguard.exe Malwarebytes' Anti-Malware mbamscheduler.exe TOSHIBA Toshiba Online Product Information TOPI.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: % ````````````````````End of Log`````````````````````` Geändert von blue7667 (11.11.2012 um 16:14 Uhr) Grund: Teile ergänzt |
Themen zu GVU Trojaner (2.07?) Vista 32 |
32 bit, angehängt, extra, files, gvu trojaner, gvu trojaner vista 32, hallo zusammen, log, log files, nutzerkonten, otl scan, prüfung, registrierung, scan, system, troja, trojaner, users, vista, vista 32, vista 32 bit, zusammen |