| |
| |||||||
Log-Analyse und Auswertung: GVU Trojaner (2.07?) Vista 32Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
09.11.2012, 21:55
| #1 |
 |  GVU Trojaner (2.07?) Vista 32 Hallo zusammen, auf meinem VISTA 32 Bit System ist eines der Nutzerkonten vom GVU Trojaner befallen. Es wäre toll, wenn ihr mir helfen könntet. Habe die Log Files aus dem OTL Scan angehängt (All users, LOP und Purity Prüfung, SafeList für Extra Registrierung). Vielen Dank ! blue |
|
09.11.2012, 22:02
| #2 |
| /// TB-Ausbilder  | GVU Trojaner (2.07?) Vista 32 Ich habe dein Thema in Arbeit und melde mich in Kürze mit Anweisungen.
__________________ |
|
09.11.2012, 22:11
| #3 | |
| /// TB-Ausbilder | GVU Trojaner (2.07?) Vista 32Ich werde dir bei deinem Problem helfen. Eine Bereinigung ist mitunter mit viel Arbeit für Dich (und mich) verbunden. Bevor es los geht, habe ich etwas Lesestoff für dich. Nach Durchsicht des Logfiles sehe ich nicht die klassischen Anzeichen des von dir beschriebenen Schädlings. Was passiert denn, wenn du das infizierte Benutzerkonto einloggen willst?
__________________ |
|
09.11.2012, 22:29
| #4 |
| | GVU Trojaner (2.07?) Vista 32 --- ...Nach Durchsicht des Logfiles sehe ich nicht die klassischen Anzeichen des von dir beschriebenen Schädlings. Was passiert denn, wenn du das infizierte Benutzerkonto einloggen willst? ----- Desktop erscheint und Taskbar ist sichtbar, nach wenigen Sekunden kommt der GVU Lock Screen. Sieht genauso aus wie der GVU 2.07 mit Webcam nur mit einem statischen Bild rechts oben. blue |
|
09.11.2012, 22:33
| #5 |
| /// TB-Ausbilder | GVU Trojaner (2.07?) Vista 32 Ok. Wir müssen uns das mal anders ansehen. Schritt 1: AdwCleaner: Werbeprogramme suchen und löschen Schritt 2: Scan mit DDS (+ attach) Downloade dir bitte DDS (von sUBs) von einem der folgenden Downloadspiegel und speichere die Datei auf deinem Desktop.
__________________  Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
09.11.2012, 23:18
| #6 |
| | GVU Trojaner (2.07?) Vista 32 o.k. hier das log aus dem AdwCleaner Code:
ATTFilter # AdwCleaner v2.007 - Datei am 09/11/2012 um 22:37:11 erstellt
# Aktualisiert am 06/11/2012 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 1 (32 bits)
# Benutzer : root - LAPTOP
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\root\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gelöscht : C:\Users\Public\Desktop\eBay.lnk
Ordner Gelöscht : C:\Program Files\Ask.com
Ordner Gelöscht : C:\Program Files\Complitly
Ordner Gelöscht : C:\Users\****\AppData\Local\AskToolbar
Ordner Gelöscht : C:\Users\****\AppData\LocalLow\AskToolbar
Ordner Gelöscht : C:\Users\****\AppData\LocalLow\facemoods.com
Ordner Gelöscht : C:\Users\****\AppData\Local\AskToolbar
Ordner Gelöscht : C:\Users\****\AppData\LocalLow\AskToolbar
Ordner Gelöscht : C:\Users\****\AppData\LocalLow\facemoods.com
Ordner Gelöscht : C:\Users\root\AppData\Local\AskToolbar
Ordner Gelöscht : C:\Users\root\AppData\Local\Temp\AskSearch
Ordner Gelöscht : C:\Users\root\AppData\LocalLow\AskToolbar
Ordner Gelöscht : C:\Users\root\AppData\LocalLow\facemoods.com
Ordner Gelöscht : C:\Users\root\AppData\Roaming\AD ON Multimedia
Ordner Gelöscht : C:\Users\ttemp\AppData\Local\AskToolbar
Ordner Gelöscht : C:\Users\ttemp\AppData\LocalLow\AskToolbar
Ordner Gelöscht : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\APN
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\AskToolbar
Schlüssel Gelöscht : HKCU\Software\Ask.com
Schlüssel Gelöscht : HKCU\Software\Ask.com.tmp
Schlüssel Gelöscht : HKCU\Software\AskToolbar
Schlüssel Gelöscht : HKCU\Software\Complitly
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416D-A838-AB665251703A}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D27FC31C-6E3D-4305-8D53-ACDAEFA5F862}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{64182481-4F71-486B-A045-B233BD0DA8FC}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D27FC31C-6E3D-4305-8D53-ACDAEFA5F862}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DB4E9724-F518-4DFD-9C7C-78B52103CAB9}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Schlüssel Gelöscht : HKLM\Software\APN
Schlüssel Gelöscht : HKLM\Software\AskToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{64182481-4F71-486B-A045-B233BD0DA8FC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{DDE2C74F-58CC-4D71-8CE1-09DEBB8CFB78}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\facemoods.facemoodsHlpr
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\facemoods.facemoodsHlpr.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6E4C89CF-3061-4EE4-B22A-B7A8AAEA5CB3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Software
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]
Wert Gelöscht : HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel [Homepage]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
***** [Internet Browser] *****
-\\ Internet Explorer v8.0.6001.19088
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Search Page] = hxxp://search.searchcompletion.com/?si=10197&home=1 --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Default_Search_URL] = hxxp://search.searchcompletion.com/?si=10197&home=1 --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Search Bar] = hxxp://search.searchcompletion.com/?si=10197&home=1 --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Default_Page_URL] = hxxp://search.searchcompletion.com/?si=10197&home=1 --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Search - Default_Search_URL] = hxxp://search.searchcompletion.com/?si=10197&home=1 --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Search - Search Page] = hxxp://search.searchcompletion.com/?si=10197&home=1 --> hxxp://www.google.com
Ersetzt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://start.facemoods.com/?a=audio&s={searchTerms}&f=4 --> hxxp://www.google.com
*************************
AdwCleaner[S1].txt - [7251 octets] - [09/11/2012 22:37:11]
########## EOF - C:\AdwCleaner[S1].txt - [7311 octets] ##########
DDS Logfile: DDS Logfile: DDS Logfile: Code:
ATTFilter DDS (Ver_2012-11-07.01) - NTFS_x86
Internet Explorer: 8.0.6001.19088
Run by root at 22:54:39 on 2012-11-09
#Option MBR scan is disabled.
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.49.1031.18.2037.1143 [GMT 1:00]
.
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: SPYWAREfighter *Disabled/Updated* {54CEAF19-6DDF-F31A-F96A-11F730C2EC03}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\PROGRA~1\SQUEEZ~1\server\Bin\MSWIN3~1\mysqld.exe
C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
C:\Windows\system32\TODDSrv.exe
c:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
c:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Synology\Assistant\UsbClientService.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\Toshiba Online Product Information\TOPI.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\FreePDF_XP\fpassist.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Windows\System32\M-AudioTaskBarIcon.exe
C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Squeezebox\SqueezeTray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\svchost.exe -k Akamai
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uSearch Bar = hxxp://www.google.com
uSearch Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://www.google.de
uDefault_Search_URL = hxxp://www.google.com
mDefault_Page_URL = hxxp://www.google.de
mSearchAssistant = hxxp://www.google.com
BHO: AutorunsDisabled - <orphaned>
BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: EpsonToolBandKicker Class: {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: EPSON Web-To-Page: {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: EPSON Web-To-Page: {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [topi] c:\program files\toshiba\toshiba online product information\topi.exe -startup
mRun: [TPwrMain] c:\program files\toshiba\power saver\TPwrMain.EXE
mRun: [SmoothView] c:\program files\toshiba\smoothview\SmoothView.exe
mRun: [00TCrdMain] c:\program files\toshiba\flashcards\TCrdMain.exe
mRun: [Toshiba Registration] c:\program files\toshiba\registration\ToshibaRegistration.exe
mRun: [FreePDF Assistant] "c:\program files\freepdf_xp\fpassist.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [M-Audio Taskbar Icon] c:\windows\system32\M-AudioTaskBarIcon.exe
mRun: [NetFxUpdate_v1.1.4322] "c:\windows\microsoft.net\framework\v1.1.4322\netfxupdate.exe" 1 v1.1.4322 GAC + NI NID
mRun: [LexwareInfoService] c:\program files\common files\lexware\update manager\LxUpdateManager.exe /autostart
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\users\root\appdata\roaming\micros~1\windows\startm~1\programs\startup\trdcre~1.lnk - c:\program files\toshiba\trdcreminder\TRDCReminder.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\squeez~1.lnk - c:\program files\squeezebox\SqueezeTray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\autoru~1\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\autoru~1\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\autoru~1\motion~1.lnk - c:\program files\panasonic\motionsd studio\sd_browser\AutoLauncher.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\autoru~1\secuni~1.lnk - c:\program files\secunia\psi\psi_tray.exe
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Free YouTube to MP3 Converter - c:\users\root\appdata\roaming\dvdvideosoftiehelpers\freeyoutubetomp3converter.htm
LSP: c:\program files\avira\antivir desktop\avsda.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: NameServer = 192.168.2.1
TCP: Interfaces\{0472F0CA-6F36-44A9-BFBB-EFB5664E630F} : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{E24FDE4E-5600-4E8B-938B-42DEC3A50CE8} : DHCPNameServer = 192.168.2.1
Handler: AutorunsDisabled - <Clsid value has no data>
Handler: haufereader - <Clsid value has no data>
Notify: igfxcui - igfxdev.dll
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
.
============= SERVICES / DRIVERS ===============
.
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2011-10-11 36000]
R1 RtlProt;Realtke RtlProt WLAN Utility Protocol Driver;c:\windows\system32\drivers\RtlProt.sys [2008-5-22 25896]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2008-1-21 21504]
R2 AntiVirSchedulerService;Avira Planer;c:\program files\avira\antivir desktop\sched.exe [2011-10-11 86224]
R2 AntiVirService;Avira Echtzeit Scanner;c:\program files\avira\antivir desktop\avguard.exe [2011-10-11 110032]
R2 AntiVirWebService;Avira Browser Schutz;c:\program files\avira\antivir desktop\avwebgrd.exe [2011-10-11 465360]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-10-11 83392]
R2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2007-12-25 40960]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-11-9 399432]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-11-9 676936]
R2 SqueezeMySQL;SqueezeMySQL;c:\progra~1\squeez~1\server\bin\mswin3~1\mysqld.exe --defaults-file=c:\progra~2\squeez~1\cache\my.cnf squeezemysql --> c:\progra~1\squeez~1\server\bin\mswin3~1\mysqld.exe --defaults-file=c:\progra~2\squeez~1\cache\my.cnf SqueezeMySQL [?]
R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\toshiba\smartlogservice\TosIPCSrv.exe [2007-12-3 126976]
R2 UsbClientService;UsbClientService;c:\program files\synology\assistant\UsbClientService.exe [2011-2-18 245760]
R3 busenum;Synology Virtual USB Hub;c:\windows\system32\drivers\busenum.sys [2011-2-18 46304]
R3 EuMusDesignVirtualAudioCableWdm;Virtual Audio Cable (WDM);c:\windows\system32\drivers\vrtaucbl.sys [2011-11-23 61096]
R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [2008-2-18 7168]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-11-9 22856]
R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54 MBit/s USB 2.0 Netzwerkadapter;c:\windows\system32\drivers\rtl8187B.sys [2008-5-22 290304]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 AVFSFilter;AVFSFilter;c:\windows\system32\drivers\avfsfilter.sys [2010-12-24 10264]
S3 MADFUTRANSIT;Service for M-Audio Transit DFU;c:\windows\system32\drivers\MAudioTransit_DFU.sys [2009-9-2 42248]
S3 MAUSBTRANSIT;Service for M-Audio Transit;c:\windows\system32\drivers\MAudioTransit.sys [2009-9-2 158344]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-9-1 15544]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 AV Engine Scanning Service;AV Engine Scanning Service;c:\program files\common files\common toolkit suite\avengine\AVScanningService.exe [2010-12-24 797848]
S4 AV Watch Service;AV Watch Service;c:\program files\common files\common toolkit suite\avengine\AVWatchService.exe [2010-12-24 93328]
S4 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\magix\common\database\bin\fbserver.exe [2008-2-18 1527900]
S4 NitroDriverReadSpool;NitroPDFDriverCreatorReadSpool;c:\program files\nitro pdf\professional\NitroPDFDriverService.exe [2011-3-21 196928]
S4 nlsX86cc;NLS Service;c:\windows\system32\NLSSRV32.EXE [2011-3-21 68928]
S4 Secunia PSI Agent;Secunia PSI Agent;c:\program files\secunia\psi\psia.exe [2011-4-19 993848]
S4 Secunia Update Agent;Secunia Update Agent;c:\program files\secunia\psi\sua.exe [2011-4-19 399416]
S4 Suite Service;Suite Service;c:\program files\fighters\FighterSuiteService.exe [2010-12-24 1141896]
.
=============== Created Last 30 ================
.
2012-11-09 20:56:43 6918632 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{afefabbd-88cd-4491-acfa-3d8b63eb8434}\mpengine.dll
2012-11-08 23:36:57 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-11-08 23:36:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-11-06 21:52:21 -------- d-----w- c:\programdata\Norton
2012-11-06 21:52:12 -------- d-----w- c:\users\root\appdata\local\NPE
.
==================== Find3M ====================
.
2012-10-14 14:37:18 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-14 14:37:18 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
.
============= FINISH: 22:55:46,51 ===============
--- --- --- ...und hier attach.txt Code:
ATTFilter .
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-07.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 22.05.2008 12:36:21
System Uptime: 09.11.2012 22:40:46 (0 hours ago)
.
Motherboard: Intel Corp. | | Base Board Product Name
Processor: Intel(R) Pentium(R) Dual CPU T2370 @ 1.73GHz | CPU | 1733/533mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 116 GiB total, 7,345 GiB free.
E: is FIXED (NTFS) - 115 GiB total, 81,998 GiB free.
F: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft-ISATAP-Adapter
Device ID: ROOT\*ISATAP\0015
Manufacturer: Microsoft
Name: Microsoft-ISATAP-Adapter #8
PNP Device ID: ROOT\*ISATAP\0015
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft-ISATAP-Adapter
Device ID: ROOT\*ISATAP\0030
Manufacturer: Microsoft
Name: Microsoft-ISATAP-Adapter #11
PNP Device ID: ROOT\*ISATAP\0030
Service: tunnel
.
==== System Restore Points ===================
.
RP802: 06.11.2012 07:25:51 - Geplanter Prüfpunkt
RP803: 06.11.2012 20:18:35 - Windows Update
RP804: 07.11.2012 09:17:58 - Geplanter Prüfpunkt
RP805: 08.11.2012 01:34:57 - Geplanter Prüfpunkt
RP806: 09.11.2012 04:24:10 - Geplanter Prüfpunkt
RP807: 09.11.2012 21:55:56 - Windows Update
.
==== Installed Programs ======================
.
7-Zip 4.64
Adobe Flash Player 11 ActiveX
Adobe Photoshop 7.0
Adobe Reader 8.3.1
AFPL Ghostscript 8.54
AFPL Ghostscript Fonts
AkAbak 2.1
Akamai NetSession Interface Service
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ASIO4ALL
Audio Transcoder
Audiolense version 4.4
Avira Free Antivirus
Bonjour
CD/DVD Drive Acoustic Silencer
CDBurnerXP
cMP 1.2
Convolver
cPlay 2.0b34
Cuttermaran 1.70
CyberLink PowerDVD 10
dBpoweramp DSP Effects
dBpoweramp Music Converter
Digelaty 3.01
dm-Fotowelt
dm Digi Foto
DVD MovieFactory for TOSHIBA
EPSON-Drucker-Software
EPSON Copy Utility 3
EPSON PhotoQuicker3.5
EPSON PRINT Image Framer Tool2.1
EPSON Scan
EPSON Smart Panel
EPSON Web-To-Page
ESPRX420 Ref. Handbuch
ESPRX420 Softwarehandbuch
Eusing Free Registry Cleaner
Exact Audio Copy 1.0beta2
Firebird SQL Server - MAGIX Edition 2.0.0.1 (D)
Free YouTube to MP3 Converter version 3.10.15.1228
FreePCB 1.2
FreePDF (Remove only)
Gogo MP3 To CD Burner
Google Earth
Google SketchUp 8
Google Update Helper
Haufe iDesk-Browser
Haufe iDesk-Service
HBX V.6.0.5
HDAUDIO Soft Data Fax Modem with SmartCP
HOLMImpulse
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
In-Tune Multi-Instrument Tuner v1.97
Intel(R) Graphics Media Accelerator Driver
Intel® Matrix Storage Manager
InterVideo FilterSDK for Panasonic
iTunes
Java Auto Updater
Java(TM) 6 Update 26
Java(TM) 6 Update 3
Ken Ward's Zipper 1.4000
Löwenzahn Lexikon
Lexware Info Service
M-Audio Transit Driver 6.0.1 (x86)
MAGIX Digital Foto Maker SE 4.1.0.835 (D)
MAGIX Foto Suite 1.12.0.89 (D)
MAGIX Online Druck Service 2.3.2.0 (D)
Malwarebytes Anti-Malware version 1.65.1.1000
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 3.5 Language Pack SP1 - deu
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile DEU Language Pack
Microsoft Office 2000 Professional
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft XML Parser
Min Tuner 2.00
MotionSD STUDIO 1.2E
MP3 CD Converter 4.00
MP3 CD Converter Professional 5.03
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MuseScore 1.1 MuseScore score typesetter
myphotobook 3.5
NetWaiting
Nitro PDF Professional
Notepad++
Photo Transport
PhotoImpression 5
PhotoRescue Expert PC 2.1.703 Demo
PIF DESIGNER2.1
PuTTY version 0.61
QuickSteuer 2009 DB
QuickSteuer 2010 DB
QuickSteuer 2011 DB
QuickSteuer 2012 DB
QuickSteuer Wissens-Center 2009
Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista
Realtek High Definition Audio Driver
REALTEK RTL8187B Wireless LAN Driver
Realtek USB 2.0 Card Reader
Realtek WiFi Protected Setup Library
RedMon - Redirection Port Monitor
RescuePRO 3.4.0.34
ScanToWeb
Secunia PSI (2.0.0.3003)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile DEU Language Pack (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile DEU Language Pack (KB2518870)
Security Update for Windows Media Encoder (KB2447961)
Security Update for Windows Media Encoder (KB954156)
Security Update for Windows Media Encoder (KB979332)
SmartMusic 10
SPYWAREfighter
Squeezebox Server 7.5.4
Stellar Phoenix Photo Recovery v3.5
SteuerSparpaket 2008
Synaptics Pointing Device Driver
Synology Assistant (remove only)
TOSHIBA Assist
TOSHIBA Benutzerhandbücher
TOSHIBA ConfigFree
TOSHIBA Disc Creator
TOSHIBA DVD PLAYER
TOSHIBA Extended Tiles for Windows Mobility Center
TOSHIBA Hardware Setup
Toshiba Online Product Information
TOSHIBA Recovery Disc Creator
TOSHIBA Supervisor Password
TOSHIBA Value Added Package
TRDCReminder
TRORDCLauncher
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Virtual Audio Cable 4.10
Virtual Tuner
Willi wills wissen - SOS Rettung auf See
Windows Media Encoder 9-Reihe
WinSCP 4.3.4
.
==== End Of File ===========================
|
|
10.11.2012, 00:35
| #7 |
| /// TB-Ausbilder | GVU Trojaner (2.07?) Vista 32 Das ist der Hammer, absolut nichts zu sehen, was es ist - oder ich bin blind. Evtl bringt ein genauerer Scan das zum Vorschein und mache bitte die Benutzernamen nicht unkenntlich, wenns nicht unbedingt sein muss. Customscan mit OTL
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
10.11.2012, 02:14
| #8 |
| | GVU Trojaner (2.07?) Vista 32 hm, OTL.txt wird erzeugt, s.u. extra.txt fehlt allerdings, meine Wahl "extra Registrierung aus SafeList" wird durch den quick scan wieder geändert .... Sorry für die Namensänderung, geht leider im Moment nicht anders. OTL Logfile: Code:
ATTFilter OTL logfile created on: 10.11.2012 01:50:38 - Run 6 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\root\Desktop Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19088) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,99 Gb Total Physical Memory | 0,90 Gb Available Physical Memory | 45,12% Memory free 7,90 Gb Paging File | 6,62 Gb Available in Paging File | 83,76% Paging File free Paging file location(s): c:\pagefile.sys 3055 3055e:\pagef [Binary data over 200 bytes] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 116,37 Gb Total Space | 7,70 Gb Free Space | 6,61% Space Free | Partition Type: NTFS Drive E: | 115,05 Gb Total Space | 82,00 Gb Free Space | 71,27% Space Free | Partition Type: NTFS Computer Name: LAPTOP | User Name: root | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\root\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Haufe-Lexware GmbH & Co. KG) PRC - C:\Programme\Squeezebox\SqueezeTray.exe (SlimDevices - A Logitech Company) PRC - C:\Programme\Squeezebox\server\Bin\MSWin32-x86-multi-thread\mysqld.exe () PRC - C:\Programme\FreePDF_XP\fpassist.exe (shbox.de) PRC - C:\Programme\Synology\Assistant\UsbClientService.exe () PRC - C:\Windows\System32\M-AudioTaskBarIcon.exe (Avid Technology, Inc.) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Programme\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation) PRC - C:\Programme\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation) PRC - C:\Programme\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) PRC - C:\Programme\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation) PRC - c:\Programme\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation) PRC - C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION) PRC - c:\Programme\TOSHIBA\SMARTLogService\TosIPCSrv.exe (TOSHIBA Corporation) PRC - C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation) PRC - C:\Programme\TOSHIBA\Toshiba Online Product Information\TOPI.exe (TOSHIBA) PRC - C:\Programme\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.) ========== Modules (No Company Name) ========== MOD - C:\Users\root\AppData\Local\Temp\pdk-root-2924\23fe5d76b9491fa255db2281ac7687d5\Service.dll () MOD - C:\Users\root\AppData\Local\Temp\pdk-root-2924\b7b4505cb0a127c242f14d779e410e03\POSIX.dll () MOD - C:\Users\root\AppData\Local\Temp\pdk-root-2924\c3da4aa4c02db51c7f94d5eaf2438023\OLE.dll () MOD - C:\Users\root\AppData\Local\Temp\pdk-root-2924\20252d6e001ae3774b425e81ba09b666\Fcntl.dll () MOD - C:\Users\root\AppData\Local\Temp\pdk-root-2924\6a834a555edd63cb8706466e7c1666f2\Hostname.dll () MOD - C:\Users\root\AppData\Local\Temp\pdk-root-2924\f48694173221cfa9bad4275e2389b498\Win32.dll () MOD - C:\Users\root\AppData\Local\Temp\pdk-root-2924\7020d50af327e3fc94b98242c307fc81\Cwd.dll () MOD - C:\Users\root\AppData\Local\Temp\pdk-root-2924\7dd16cc839f33995d1a58e2773aa29b8\WinError.dll () MOD - C:\Users\root\AppData\Local\Temp\pdk-root-2924\23ae7fb85999872530b5a5d4d67a4f44\Registry.dll () MOD - C:\Users\root\AppData\Local\Temp\pdk-root-2924\2d2847f7dd2a1fddd0fdb79d9d64ba93\List.dll () MOD - C:\Users\root\AppData\Local\Temp\pdk-root-2924\855297e7b4b860331fdbdd53426f5e15\Dumper.dll () MOD - C:\Users\root\AppData\Local\Temp\pdk-root-2924\2076671ee5d0a5323570c92c74abac6f\Process.dll () MOD - C:\Users\root\AppData\Local\Temp\pdk-root-2924\86351894c58e4804ca004825fea78bbb\Encode.dll () MOD - C:\Users\root\AppData\Local\Temp\pdk-root-2924\a7c0cce4e1ac2c1f6d3e71bbe3c9bdd3\Socket.dll () MOD - C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll () MOD - C:\Programme\Notepad++\NppShell_04.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\381fb23cb39e1a61e13b8770eb9800ba\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\f1aa2385c0109f3059e0e6ba8b58ff68\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dff86a62a525ec8dc827fe9f50298b7\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\0309936a8e1672d39b9cf14463ce69f9\mscorlib.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\f3e016a2e799cfe233b13d88e90c0e0b\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\618e6d3cd8824d6d72ae1767acaa1078\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\7cc17b90932adaad5651ceb526cade44\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\53591520988a6ee49924e1efc911df30\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\5a8bf6ab1a6ba60e7355fa4cc61fd0c5\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\74353039393f68f4c068cc37f759e5be\mscorlib.ni.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\Programme\TOSHIBA\PCDiag\NotifyPCD.dll () MOD - C:\Programme\TOSHIBA\FlashCards\TWarnMsg\TWarnMsg.dll () MOD - C:\Programme\TOSHIBA\FlashCards\BlackPng.dll () MOD - C:\Windows\System32\igfxTMM.dll () MOD - C:\Programme\TOSHIBA\TOSHIBA Assist\NotifyX.dll () MOD - c:\Programme\TOSHIBA\TOSHIBA Disc Creator\NotifyTDC.dll () MOD - C:\Programme\Common Files\Adobe\Shell\psicon.dll () ========== Services (SafeList) ========== SRV - (Akamai) -- c:\program files\common files\akamai/netsession_win_b5e8a4c.dll () SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirWebService) -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (Secunia PSI Agent) -- C:\Programme\Secunia\PSI\psia.exe (Secunia) SRV - (Secunia Update Agent) -- C:\Programme\Secunia\PSI\sua.exe (Secunia) SRV - (SqueezeMySQL) -- C:\Programme\Squeezebox\server\Bin\MSWin32-x86-multi-thread\mysqld.exe () SRV - (nlsX86cc) -- C:\Windows\System32\NLSSRV32.EXE (Nalpeiron Ltd.) SRV - (NitroDriverReadSpool) -- C:\Programme\Nitro PDF\Professional\NitroPDFDriverService.exe (Nitro PDF Software) SRV - (UsbClientService) -- C:\Programme\Synology\Assistant\UsbClientService.exe () SRV - (Suite Service) -- C:\Programme\Fighters\FighterSuiteService.exe (SPAMfighter ApS) SRV - (AV Engine Scanning Service) -- C:/Program Files/Common Files/Common Toolkit Suite/AVEngine/AVScanningService.exe () SRV - (AV Watch Service) -- C:/Program Files/Common Files/Common Toolkit Suite/AVEngine/AVWatchService.exe () SRV - (TNaviSrv) -- C:\Programme\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation) SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (TosCoSrv) -- c:\Programme\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation) SRV - (ConfigFree Service) -- C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION) SRV - (TOSHIBA SMART Log Service) -- c:\Programme\TOSHIBA\SMARTLogService\TosIPCSrv.exe (TOSHIBA Corporation) SRV - (TODDSrv) -- C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation) SRV - (bgsvcgen) -- C:\Windows\System32\bgsvcgen.exe (B.H.A Corporation) SRV - (UleadBurningHelper) -- C:\Programme\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.) SRV - (FirebirdServerMAGIXInstance) -- C:\Programme\MAGIX\Common\Database\bin\fbserver.exe (MAGIX®) ========== Driver Services (SafeList) ========== DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found DRV - (MAUSBTZ) -- system32\DRIVERS\mausbts.sys File not found DRV - (MADFU006) -- SYSTEM32\DRIVERS\MADFU006.sys File not found DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (EuMusDesignVirtualAudioCableWdm) -- C:\Windows\System32\drivers\vrtaucbl.sys (Eugene V. Muzychenko) DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (busenum) -- C:\Windows\System32\drivers\busenum.sys (Windows (R) Win 7 DDK provider) DRV - (AVFSFilter) -- C:\Windows\System32\drivers\avfsfilter.sys () DRV - (PSI) -- C:\Windows\System32\drivers\psi_mf.sys (Secunia) DRV - (MADFUTRANSIT) -- C:\Windows\System32\drivers\MAudioTransit_DFU.sys (M-Audio) DRV - (MAUSBTRANSIT) -- C:\Windows\System32\drivers\MAudioTransit.sys (Avid Technology, Inc.) DRV - (tos_sps32) -- C:\Windows\System32\drivers\tos_sps32.sys (TOSHIBA Corporation) DRV - (NETw3v32) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel Corporation) DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation ) DRV - (RTL8187B) -- C:\Windows\System32\drivers\rtl8187B.sys (Realtek Semiconductor Corporation ) DRV - (TVALZ) -- C:\Windows\System32\drivers\TVALZ_O.SYS (TOSHIBA Corporation) DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.) DRV - (RtlProt) -- C:\Windows\System32\drivers\RtlProt.sys (Windows (R) Codename Longhorn DDK provider) DRV - (FwLnk) -- C:\Windows\System32\drivers\FwLnk.sys (TOSHIBA Corporation) DRV - (tdcmdpst) -- C:\Windows\System32\drivers\tdcmdpst.sys (TOSHIBA Corporation.) DRV - (cdrbsdrv) -- C:\Windows\System32\drivers\cdrbsdrv.sys (B.H.A Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.de IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{35BAA2DF-423D-4F27-B44A-D80F5981FCFF}: "URL" = hxxp://www.google.de/search?q={searchTerms}&rls=com.microsoft:*:IE-SearchBox&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7; IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-837539190-946308511-2959491753-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.de IE - HKU\S-1-5-21-837539190-946308511-2959491753-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com IE - HKU\S-1-5-21-837539190-946308511-2959491753-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com IE - HKU\S-1-5-21-837539190-946308511-2959491753-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKU\S-1-5-21-837539190-946308511-2959491753-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = hxxp://www.google.com IE - HKU\S-1-5-21-837539190-946308511-2959491753-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKU\S-1-5-21-837539190-946308511-2959491753-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-837539190-946308511-2959491753-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com IE - HKU\S-1-5-21-837539190-946308511-2959491753-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Search Page = hxxp://www.google.com IE - HKU\S-1-5-21-837539190-946308511-2959491753-1000\..\SearchScopes,DefaultScope = {35BAA2DF-423D-4F27-B44A-D80F5981FCFF} IE - HKU\S-1-5-21-837539190-946308511-2959491753-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\S-1-5-21-837539190-946308511-2959491753-1000\..\SearchScopes\{35BAA2DF-423D-4F27-B44A-D80F5981FCFF}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7TSEA IE - HKU\S-1-5-21-837539190-946308511-2959491753-1000\..\SearchScopes\{7E25F2EB-1E56-4460-8043-AECDA51F9E77}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-IDW&o=APN10023&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=LL&apn_dtid=YYYYYYYYDE&apn_uid=6541506a-837e-4603-9771-09b5e9926f88&apn_sauid=292C1CD9-4044-4872-9AAE-F456B47A37CF IE - HKU\S-1-5-21-837539190-946308511-2959491753-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-837539190-946308511-2959491753-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.) [2011.08.16 18:29:47 | 000,002,048 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrchaudio.xml O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programme\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION) O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found. O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programme\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION) O3 - HKU\S-1-5-21-837539190-946308511-2959491753-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O3 - HKU\S-1-5-21-837539190-946308511-2959491753-1000\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programme\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [00TCrdMain] C:\Programme\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files\FreePDF_XP\fpassist.exe (shbox.de) O4 - HKLM..\Run: [LexwareInfoService] C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Haufe-Lexware GmbH & Co. KG) O4 - HKLM..\Run: [M-Audio Taskbar Icon] C:\Windows\System32\M-AudioTaskBarIcon.exe (Avid Technology, Inc.) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [SmoothView] C:\Programme\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe (TOSHIBA) O4 - HKLM..\Run: [Toshiba Registration] C:\Programme\TOSHIBA\Registration\ToshibaRegistration.exe (Toshiba) O4 - HKLM..\Run: [TPwrMain] C:\Programme\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation) O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-21-837539190-946308511-2959491753-1000..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O4 - Startup: C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Programme\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe) O4 - Startup: C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Programme\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe) O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Programme\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe) O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Programme\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe) O4 - Startup: C:\Users\root\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Programme\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe) O4 - Startup: C:\Users\ttemp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Programme\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = [binary data] O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = [binary data] O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-837539190-946308511-2959491753-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\root\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O13 - gopher Prefix: missing O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0472F0CA-6F36-44A9-BFBB-EFB5664E630F}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E24FDE4E-5600-4E8B-938B-42DEC3A50CE8}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\AutorunsDisabled - No CLSID value found O18 - Protocol\Handler\AutorunsDisabled\dssrequest - No CLSID value found O18 - Protocol\Handler\AutorunsDisabled\sacore - No CLSID value found O18 - Protocol\Handler\haufereader - No CLSID value found O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Toshiba\WALLPAPERS\Wallpaper1.jpg O24 - Desktop BackupWallPaper: C:\Toshiba\WALLPAPERS\Wallpaper1.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {2F6EFCE6-10DF-49F9-9E64-9AE3775B2588} - Microsoft .NET Framework 1.1 Security Update (KB2416447) ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460) ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: AutorunsDisabled - NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found Drivers32: msacm.dvacm - C:\Programme\Common Files\Ulead Systems\vio\DVACM.acm (Ulead Systems, Inc.) Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.) Drivers32: VIDC.DVSD - C:\Windows\System32\pdvcodec.dll (Matsushita Electric Industrial Co., Ltd.) SafeBootMin: AppMgmt - Service SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: MCODS - Reg Error: Value error. SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - Service SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: MCODS - Reg Error: Value error. SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.11.10 01:18:00 | 000,000,000 | ---D | C] -- C:\Users\root\Desktop\T-logs [2012.11.09 22:52:57 | 000,688,901 | R--- | C] (Swearware) -- C:\Users\root\Desktop\dds.com [2012.11.09 00:37:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.11.09 00:36:57 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.11.09 00:36:57 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.11.07 00:08:53 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\root\Desktop\OTL.exe [2012.11.06 22:52:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton [2012.11.06 22:52:12 | 000,000,000 | ---D | C] -- C:\Users\root\AppData\Local\NPE [2012.11.06 00:16:56 | 000,000,000 | ---D | C] -- C:\Users\root\Desktop\DE-Cleaner powered by Kaspersky1 [2012.11.05 23:58:36 | 000,000,000 | ---D | C] -- C:\Users\root\AppData\Roaming\Apple Computer [2012.10.16 20:12:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google SketchUp 8 [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.11.10 01:54:00 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{63201445-96D7-497C-9030-2AEDEE9898A8}.job [2012.11.10 01:13:07 | 000,639,210 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.11.10 01:13:07 | 000,604,764 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.11.10 01:13:07 | 000,131,218 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.11.10 01:13:07 | 000,108,096 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.11.10 01:12:21 | 000,001,833 | ---- | M] () -- C:\Users\root\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk [2012.11.10 01:08:01 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.11.10 01:08:01 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.11.10 01:07:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.11.10 01:07:44 | 2134,896,640 | -HS- | M] () -- C:\hiberfil.sys [2012.11.10 00:04:15 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.11.09 22:53:01 | 000,688,901 | R--- | M] (Swearware) -- C:\Users\root\Desktop\dds.com [2012.11.09 22:35:47 | 000,541,569 | ---- | M] () -- C:\Users\root\Desktop\adwcleaner.exe [2012.11.09 00:37:00 | 000,000,911 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.11.08 00:22:35 | 000,302,592 | ---- | M] () -- C:\Users\root\Desktop\uv0zgwrt.exe [2012.11.08 00:03:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\root\Desktop\OTL.exe [2012.11.07 23:41:14 | 000,000,000 | ---- | M] () -- C:\Users\root\defogger_reenable [2012.11.07 23:40:31 | 000,050,477 | ---- | M] () -- C:\Users\root\Desktop\Defogger.exe [2012.11.06 20:58:17 | 000,001,855 | ---- | M] () -- C:\Users\root\Desktop\Entfernen des Avira DE-Cleaners.lnk [2012.11.06 20:58:17 | 000,001,784 | ---- | M] () -- C:\Users\root\Desktop\Avira DE-Cleaner.lnk [2012.10.17 22:15:48 | 000,000,867 | ---- | M] () -- C:\Users\root\Desktop\Eusing Free Registry Cleaner.lnk [2012.10.16 20:12:07 | 000,001,907 | ---- | M] () -- C:\Users\Public\Desktop\Google SketchUp 8.lnk [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.11.09 22:35:45 | 000,541,569 | ---- | C] () -- C:\Users\root\Desktop\adwcleaner.exe [2012.11.09 00:37:00 | 000,000,911 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.11.08 23:06:51 | 2134,896,640 | -HS- | C] () -- C:\hiberfil.sys [2012.11.08 00:22:34 | 000,302,592 | ---- | C] () -- C:\Users\root\Desktop\uv0zgwrt.exe [2012.11.07 23:41:14 | 000,000,000 | ---- | C] () -- C:\Users\root\defogger_reenable [2012.11.07 23:40:30 | 000,050,477 | ---- | C] () -- C:\Users\root\Desktop\Defogger.exe [2012.10.16 20:12:07 | 000,001,907 | ---- | C] () -- C:\Users\Public\Desktop\Google SketchUp 8.lnk [2012.10.14 15:37:19 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.02.07 22:53:13 | 000,096,768 | ---- | C] () -- C:\Windows\SlantAdj.dll [2012.02.07 22:53:13 | 000,003,136 | ---- | C] () -- C:\Windows\Ade001.bin [2012.02.07 22:53:13 | 000,000,072 | ---- | C] () -- C:\Windows\System32\epDPE.ini [2011.12.09 00:36:41 | 000,000,680 | ---- | C] () -- C:\Users\root\AppData\Local\d3d9caps.dat [2011.10.19 20:10:12 | 000,000,092 | ---- | C] () -- C:\Users\root\AppData\Local\fusioncache.dat [2011.08.31 20:43:22 | 000,013,076 | ---- | C] () -- C:\Windows\System32\SpoonUninstall-dBpoweramp DSP Effects.dat [2011.08.17 17:08:35 | 000,000,600 | ---- | C] () -- C:\Users\root\AppData\Roaming\winscp.rnd [2011.08.17 15:18:24 | 004,022,504 | ---- | C] () -- C:\Windows\System32\SpoonUninstall.exe [2011.08.17 15:18:24 | 000,017,944 | ---- | C] () -- C:\Windows\System32\SpoonUninstall-dBpoweramp Music Converter.dat [2011.05.20 22:15:25 | 000,000,144 | ---- | C] () -- C:\ProgramData\~44031736r [2011.05.20 22:15:25 | 000,000,120 | ---- | C] () -- C:\ProgramData\~44031736 [2011.05.20 22:15:20 | 000,000,344 | ---- | C] () -- C:\ProgramData\44031736 [2011.03.20 18:46:56 | 000,000,039 | -H-- | C] () -- C:\Windows\System32\spfid.bin [2011.03.20 18:46:56 | 000,000,039 | -H-- | C] () -- C:\Windows\spfid.bin [2010.12.24 13:45:10 | 000,010,264 | ---- | C] () -- C:\Windows\System32\drivers\avfsfilter.sys [2010.06.20 17:46:41 | 000,000,008 | ---- | C] () -- C:\ProgramData\SDGLYBMPWPP.SYS [2010.06.02 23:04:58 | 000,000,881 | ---- | C] () -- C:\Users\root\rescuepro34act.lic [2010.06.02 23:04:58 | 000,000,051 | ---- | C] () -- C:\Users\root\rescuepro.properties [2009.06.15 21:56:47 | 000,003,584 | ---- | C] () -- C:\Users\root\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== ZeroAccess Check ========== [2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2011.01.21 16:46:32 | 011,582,464 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.03.03 05:36:24 | 000,615,424 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2008.01.21 03:24:03 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2012.06.20 11:54:11 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\dBpoweramp [2011.09.13 14:21:11 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Downloaded Installations [2008.07.26 19:14:28 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\EPSON [2011.01.19 18:50:53 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Fighters [2009.09.24 11:47:03 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Haufe [2011.10.19 20:50:49 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Imaxel [2009.09.18 08:14:19 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Lexware [2012.02.13 14:38:44 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\MusE [2009.09.24 19:47:18 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\myphotobook [2012.11.08 10:26:13 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Nitro PDF [2010.09.27 20:16:16 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\BonkEnc [2011.11.22 20:49:09 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Canneverbe Limited [2012.06.25 22:02:24 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Cuttermaran [2011.08.17 16:41:54 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\dBpoweramp [2012.02.12 20:33:31 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\DVDVideoSoft [2011.08.17 12:52:03 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\EAC [2011.01.18 23:22:17 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Fighters [2009.02.01 23:46:23 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\foobar2000 [2011.06.29 18:25:06 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Gynayw [2011.09.07 21:25:57 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Haufe [2010.11.13 23:26:50 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\HOLM Acoustics [2011.10.19 20:11:39 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Imaxel [2011.11.22 19:33:08 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\ImgBurn [2009.09.17 21:52:42 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Lexware [2010.12.23 11:21:51 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\MAGIX [2011.09.21 20:11:26 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Nitro PDF [2011.10.29 21:43:30 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Notepad++ [2008.08.31 10:58:02 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\Smart Panel [2009.02.25 22:52:24 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\TolvanData [2011.11.22 22:44:21 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\Toshiba [2010.11.21 11:46:53 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\Ulead Systems [2012.02.12 20:33:23 | 000,000,000 | ---D | M] -- C:\Users\root\AppData\Roaming\DVDVideoSoft [2012.02.12 20:33:14 | 000,000,000 | ---D | M] -- C:\Users\root\AppData\Roaming\DVDVideoSoftIEHelpers [2011.08.16 21:50:21 | 000,000,000 | ---D | M] -- C:\Users\root\AppData\Roaming\EAC [2011.01.18 23:19:34 | 000,000,000 | ---D | M] -- C:\Users\root\AppData\Roaming\Fighters [2011.09.07 21:46:06 | 000,000,000 | ---D | M] -- C:\Users\root\AppData\Roaming\FreePDF [2011.10.19 20:08:21 | 000,000,000 | ---D | M] -- C:\Users\root\AppData\Roaming\Imaxel [2010.05.08 13:17:44 | 000,000,000 | ---D | M] -- C:\Users\root\AppData\Roaming\Lexware [2012.02.12 22:02:50 | 000,000,000 | ---D | M] -- C:\Users\root\AppData\Roaming\MusE [2011.10.16 17:52:11 | 000,000,000 | ---D | M] -- C:\Users\root\AppData\Roaming\Notepad++ [2008.05.22 13:47:00 | 000,000,000 | ---D | M] -- C:\Users\root\AppData\Roaming\Toshiba [2012.11.09 00:35:14 | 000,000,000 | ---D | M] -- C:\Users\ttemp\AppData\Roaming\Lexware ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2012.11.08 23:28:14 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN [2010.07.25 20:38:21 | 000,000,000 | -H-D | M] -- C:\AkAbak [2008.02.18 15:42:38 | 000,000,000 | -HSD | M] -- C:\Boot [2006.11.02 14:02:03 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2008.05.22 11:50:37 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2008.08.04 22:28:26 | 000,000,000 | -H-D | M] -- C:\DVDWriter_Temp [2011.09.07 21:43:26 | 000,000,000 | ---D | M] -- C:\FreePDF [2008.02.18 16:10:59 | 000,000,000 | -H-D | M] -- C:\Intel [2011.11.01 18:20:39 | 000,000,000 | ---D | M] -- C:\Octave [2008.01.21 03:32:31 | 000,000,000 | ---D | M] -- C:\PerfLogs [2012.11.09 22:37:12 | 000,000,000 | R--D | M] -- C:\Program Files [2012.11.06 22:52:21 | 000,000,000 | ---D | M] -- C:\ProgramData [2008.05.22 11:50:37 | 000,000,000 | -HSD | M] -- C:\Programme [2009.07.07 20:31:46 | 000,000,000 | -H-D | M] -- C:\PSFONTS [2012.11.10 01:52:53 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2011.12.26 18:29:42 | 000,000,000 | ---D | M] -- C:\Terzio [2008.05.22 12:02:40 | 000,000,000 | -H-D | M] -- C:\Toshiba [2011.08.30 15:33:49 | 000,000,000 | ---D | M] -- C:\updates [2012.11.08 23:26:06 | 000,000,000 | R--D | M] -- C:\Users [2012.11.06 22:56:22 | 000,000,000 | ---D | M] -- C:\Windows < %SYSTEMDRIVE%\*.* > [2012.11.09 22:37:18 | 000,007,380 | ---- | M] () -- C:\AdwCleaner[S1].txt [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat [2008.01.21 03:24:42 | 000,333,203 | RHS- | M] () -- C:\bootmgr [2008.02.18 15:42:39 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK [2006.09.18 22:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys [2012.11.10 01:07:44 | 2134,896,640 | -HS- | M] () -- C:\hiberfil.sys [2011.12.26 18:29:25 | 000,000,000 | RHS- | M] () -- C:\IO.SYS [2011.12.26 18:29:25 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS [2012.11.10 01:07:38 | 3203,399,680 | -HS- | M] () -- C:\pagefile.sys [2008.02.18 16:22:22 | 000,000,651 | ---- | M] () -- C:\RHDSetup.log [2008.02.22 16:15:58 | 000,000,229 | -H-- | M] () -- C:\SWSTAMP.TXT [2008.02.22 10:15:13 | 000,025,976 | ---- | M] () -- C:\_wdsuef.dmp < %PROGRAMFILES%\*.exe > Invalid Environment Variable: PROGRAMFILES(X86) < %systemroot%\*. /mp /s > < %windir%\installer\*. /10 > < %appdata%\*. > [2011.08.16 21:58:06 | 000,000,000 | ---D | M] -- C:\Users\root\AppData\Roaming\AccurateRip [2008.07.12 09:12:32 | 000,000,000 | ---D | M] -- C:\Users\root\AppData\Roaming\Adobe [2012.11.05 23:58:39 | 000,000,000 | ---D | M] -- C:\Users\root\AppData\Roaming\Apple Computer [2008.07.12 10:05:41 | 000,000,000 | ---D | M] -- C:\Users\root\AppData\Roaming\ArcSoft [2011.10.11 09:29:29 | 000,000,000 | ---D | M] -- C:\Users\root\AppData\Roaming\Avira [2012.02.12 20:33:23 | 000,000,000 | ---D | M] -- C:\Users\root\AppData\Roaming\DVDVideoSoft [2012.02.12 20:33:14 | 000,000,000 | ---D | M] -- C:\Users\root\AppData\Roaming\DVDVideoSoftIEHelpers [2011.08.16 21:50:21 | 000,000,000 | ---D | M] -- C:\Users\root\AppData\Roaming\EAC [2011.01.18 23:19:34 | 000,000,000 | ---D | M] -- C:\Users\root\AppData\Roaming\Fighters [2011.09.07 21:46:06 | 000,000,000 | ---D | M] -- C:\Users\root\AppData\Roaming\FreePDF [2008.05.22 13:51:31 | 000,000,000 | ---D | M] -- C:\Users\root\AppData\Roaming\Google [2008.10.12 09:04:40 | 000,000,000 | ---D | M] -- C:\Users\root\AppData\Roaming\Help [2008.05.22 12:01:52 | 000,000,000 | ---D | M] -- C:\Users\root\AppData\Roaming\Identities [2011.10.19 20:08:21 | 000,000,000 | ---D | M] -- C:\Users\root\AppData\Roaming\Imaxel [2008.05.22 11:56:48 | 000,000,000 | ---D | M] -- C:\Users\root\AppData\Roaming\InstallShield [2010.05.08 13:17:44 | 000,000,000 | ---D | M] -- C:\Users\root\AppData\Roaming\Lexware [2009.01.24 21:28:50 | 000,000,000 | ---D | M] -- C:\Users\root\AppData\Roaming\Macromedia [2011.05.20 23:50:35 | 000,000,000 | ---D | M] -- C:\Users\root\AppData\Roaming\Malwarebytes [2006.11.02 13:37:34 | 000,000,000 | ---D | M] -- C:\Users\root\AppData\Roaming\Media Center Programs [2009.07.07 21:07:42 | 000,000,000 | --SD | M] -- C:\Users\root\AppData\Roaming\Microsoft [2008.05.22 12:10:58 | 000,000,000 | ---D | M] -- C:\Users\root\AppData\Roaming\Microsoft Web Folders [2012.02.12 22:02:50 | 000,000,000 | ---D | M] -- C:\Users\root\AppData\Roaming\MusE [2011.10.16 17:52:11 | 000,000,000 | ---D | M] -- C:\Users\root\AppData\Roaming\Notepad++ [2008.05.22 13:47:00 | 000,000,000 | ---D | M] -- C:\Users\root\AppData\Roaming\Toshiba < %appdata%\*.* > [2011.08.17 17:08:49 | 000,000,600 | ---- | M] () -- C:\Users\root\AppData\Roaming\winscp.rnd < %appdata%\*.exe /s > [2009.09.17 21:29:38 | 000,086,016 | R--- | M] (InstallShield Software Corp.) -- C:\Users\root\AppData\Roaming\Microsoft\Installer\{F48AAE0F-52F4-11DD-B1F7-0050560400B1}\ARPPRODUCTICON.exe < %localappdata%\*. > [2011.10.01 11:22:28 | 000,000,000 | ---D | M] -- C:\Users\root\AppData\Local\Adobe [2008.05.22 11:54:14 | 000,000,000 | -HSD | M] -- C:\Users\root\AppData\Local\Anwendungsdaten [2012.08.09 21:29:21 | 000,000,000 | ---D | M] -- C:\Users\root\AppData\Local\Apple [2011.10.19 20:12:18 | 000,000,000 | ---D | M] -- C:\Users\root\AppData\Local\ApplicationHistory [2008.05.22 12:01:25 | 000,000,000 | ---D | M] -- C:\Users\root\AppData\Local\BVRP Software [2012.04.09 17:54:52 | 000,000,000 | ---D | M] -- C:\Users\root\AppData\Local\furnplan [2012.10.17 22:16:54 | 000,000,000 | ---D | M] -- C:\Users\root\AppData\Local\Google [2008.10.12 09:04:40 | 000,000,000 | ---D | M] -- C:\Users\root\AppData\Local\Help [2012.08.05 18:51:19 | 000,000,000 | ---D | M] -- C:\Users\root\AppData\Local\Lexware [2012.03.08 00:37:57 | 000,000,000 | ---D | M] -- C:\Users\root\AppData\Local\Microsoft [2012.02.12 22:02:45 | 000,000,000 | ---D | M] -- C:\Users\root\AppData\Local\MusE [2012.11.06 23:00:24 | 000,000,000 | ---D | M] -- C:\Users\root\AppData\Local\NPE [2011.01.18 23:19:29 | 000,000,000 | ---D | M] -- C:\Users\root\AppData\Local\PackageAware [2011.10.01 11:08:39 | 000,000,000 | ---D | M] -- C:\Users\root\AppData\Local\Secunia PSI [2012.11.10 01:50:29 | 000,000,000 | ---D | M] -- C:\Users\root\AppData\Local\Temp [2008.05.22 11:54:14 | 000,000,000 | -HSD | M] -- C:\Users\root\AppData\Local\Temporary Internet Files [2008.05.22 12:02:38 | 000,000,000 | ---D | M] -- C:\Users\root\AppData\Local\Toshiba [2008.05.22 11:54:14 | 000,000,000 | -HSD | M] -- C:\Users\root\AppData\Local\Verlauf [2009.07.07 21:17:46 | 000,000,000 | ---D | M] -- C:\Users\root\AppData\Local\VirtualStore < %localappdata%\*.* > [2011.12.09 00:36:41 | 000,000,680 | ---- | M] () -- C:\Users\root\AppData\Local\d3d9caps.dat [2009.06.15 22:26:13 | 000,003,584 | ---- | M] () -- C:\Users\root\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.10.19 20:10:12 | 000,000,092 | ---- | M] () -- C:\Users\root\AppData\Local\fusioncache.dat [2010.05.08 13:17:46 | 000,073,680 | ---- | M] () -- C:\Users\root\AppData\Local\GDIPFONTCACHEV1.DAT [2012.11.10 00:35:59 | 003,894,551 | -H-- | M] () -- C:\Users\root\AppData\Local\IconCache.db < %localappdata%\*.exe /s > [2012.11.06 20:58:15 | 000,883,840 | ---- | M] () -- C:\Users\root\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3IG86M1V\Avira-DE-Cleaner[1].exe [2012.10.17 22:15:29 | 000,979,058 | ---- | M] () -- C:\Users\root\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KRJQYYDC\EFRCSetup[1].exe [2012.11.06 00:16:21 | 137,922,416 | ---- | M] ( ) -- C:\Users\root\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PLUGJRVG\setup_9.0.0.722_05.11.2012_06-07[1].exe [2012.11.06 22:52:05 | 006,161,912 | ---- | M] (Symantec Corporation) -- C:\Users\root\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QZGMUY86\de_cleaner[1].exe [2012.11.06 00:16:22 | 137,922,416 | ---- | M] ( ) -- C:\Users\root\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PQ00LQJW\setup_9.0.0.722_05.11.2012_06-07[1].exe [2009.10.25 20:29:22 | 000,006,656 | ---- | M] () -- C:\Users\root\AppData\Local\Temp\cpufeature.exe [2011.10.19 20:08:20 | 024,277,024 | ---- | M] (Microsoft) -- C:\Users\root\AppData\Local\Temp\dotnetfx.exe [2010.07.27 23:17:00 | 002,820,608 | ---- | M] (Adobe Systems, Inc.) -- C:\Users\root\AppData\Local\Temp\InstallAX.exe [2012.10.17 22:14:21 | 004,031,184 | ---- | M] (Ask) -- C:\Users\root\AppData\Local\Temp\setup.exe [2011.07.10 02:07:58 | 000,118,784 | ---- | M] () -- C:\Users\root\AppData\Local\Temp\xmlUpdater.exe [2007.04.05 14:39:32 | 000,455,600 | R--- | M] (Macrovision Corporation) -- C:\Users\root\AppData\Local\Temp\_is3F7.exe [2008.01.22 17:04:28 | 000,455,976 | R--- | M] (Macrovision Corporation) -- C:\Users\root\AppData\Local\Temp\_isA929.exe [2006.05.24 18:10:42 | 000,455,600 | R--- | M] (Macrovision Corporation) -- C:\Users\root\AppData\Local\Temp\_isE021.exe [55 C:\Users\root\AppData\Local\Temp\*.tmp files -> C:\Users\root\AppData\Local\Temp\*.tmp -> ] [2011.09.19 17:38:26 | 001,207,296 | ---- | M] (Google) -- C:\Users\root\AppData\Local\Temp\._msige61\GoogleEarth.exe [2011.09.19 17:16:55 | 000,050,688 | ---- | M] () -- C:\Users\root\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\earthflashsol.exe [2011.09.19 17:16:48 | 000,071,680 | ---- | M] (Google) -- C:\Users\root\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\googleearth.exe [2011.09.19 17:17:12 | 000,293,888 | ---- | M] () -- C:\Users\root\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\gpsbabel.exe [2011.09.19 17:16:48 | 000,071,680 | ---- | M] (Google) -- C:\Users\root\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\geplugin.exe [2006.05.24 18:10:42 | 000,455,600 | R--- | M] (Macrovision Corporation) -- C:\Users\root\AppData\Local\Temp\{832939F9-7A9F-422E-A0A3-8D01971321AA}\{0A8073F2-31C6-413B-BC79-5808352D651A}\DVDWriter\setup.exe [1999.11.03 10:53:40 | 000,036,099 | ---- | M] (InstallShield Software Corporation) -- C:\Users\root\AppData\Local\Temp\{832939F9-7A9F-422E-A0A3-8D01971321AA}\{0A8073F2-31C6-413B-BC79-5808352D651A}\IVI\Setup.exe [2006.05.24 18:10:42 | 000,455,600 | R--- | M] (Macrovision Corporation) -- C:\Users\root\AppData\Local\Temp\{832939F9-7A9F-422E-A0A3-8D01971321AA}\{0A8073F2-31C6-413B-BC79-5808352D651A}\VRWriter\setup.exe [2012.11.06 00:27:20 | 000,245,968 | ---- | M] (Ask) -- C:\Users\root\AppData\Local\Temp\{86D4B82A-ABED-442A-BE86-96357B70F4FE}\AskPartnerCobrandingTool.exe [2012.11.06 00:27:20 | 000,176,128 | ---- | M] () -- C:\Users\root\AppData\Local\Temp\{86D4B82A-ABED-442A-BE86-96357B70F4FE}\instApp.exe [2012.11.06 00:27:20 | 000,042,880 | ---- | M] () -- C:\Users\root\AppData\Local\Temp\{86D4B82A-ABED-442A-BE86-96357B70F4FE}\RunIE.exe [2011.10.20 20:42:09 | 000,735,752 | ---- | M] (M-Audio, a division of Avid Corporation) -- C:\Users\root\AppData\Local\Temp\55c42e8b-6f7f-4342-b621-bb138d48a3c7\InstallShieldUninstaller.exe [2011.12.05 14:51:00 | 000,466,272 | ---- | M] (D+H Software GmbH ) -- C:\Users\root\AppData\Local\Temp\7zS4194.tmp\FurnplanSetup.exe [2011.12.06 16:16:38 | 000,138,752 | ---- | M] (D+H Software GmbH) -- C:\Users\root\AppData\Local\Temp\7zS4194.tmp\data\tools\Zip.exe [2011.10.11 10:55:10 | 000,684,544 | ---- | M] (D+H Software GmbH) -- C:\Users\root\AppData\Local\Temp\7zS4194.tmp\setup\updater\FP_Updater.exe [2011.08.23 14:09:06 | 000,528,896 | ---- | M] (D+H Software GmbH) -- C:\Users\root\AppData\Local\Temp\7zS4194.tmp\setup\updater\OpusUpdater.exe [2011.08.30 12:08:36 | 000,222,208 | ---- | M] (D+H Software GmbH) -- C:\Users\root\AppData\Local\Temp\7zS4194.tmp\setup\updater\Settings.exe [2011.07.07 07:44:18 | 000,147,968 | ---- | M] (D+H Software GmbH) -- C:\Users\root\AppData\Local\Temp\7zS4194.tmp\setup\updater\data\Md5Creator.exe [2011.10.21 22:24:04 | 000,735,752 | ---- | M] (M-Audio, a division of Avid Corporation) -- C:\Users\root\AppData\Local\Temp\d47fb7b9-2636-4475-b29c-269ca3f78357\InstallShieldUninstaller.exe [2011.02.17 09:30:23 | 000,299,688 | ---- | M] (Avira GmbH) -- C:\Users\root\AppData\Local\Temp\decleaner\avwebloader.exe [2011.02.25 14:51:51 | 000,059,560 | ---- | M] (Avira GmbH) -- C:\Users\root\AppData\Local\Temp\decleaner\DE-Cleaner-Install.exe [2011.08.02 19:56:58 | 000,066,216 | ---- | M] () -- C:\Users\root\AppData\Local\Temp\decleaner\decleaner\setup\Avira-DE-Cleaner-starten.exe [2011.08.02 19:56:59 | 000,514,216 | ---- | M] (Avira GmbH) -- C:\Users\root\AppData\Local\Temp\decleaner\decleaner\setup\avscan.exe [2011.08.02 19:57:02 | 001,962,152 | ---- | M] (Avira GmbH) -- C:\Users\root\AppData\Local\Temp\decleaner\decleaner\setup\decleaner.exe [2010.11.16 18:08:40 | 000,098,304 | ---- | M] ( ) -- C:\Users\root\AppData\Local\Temp\Imaxel\iDeskOrderImporter.exe [2010.11.19 12:01:42 | 000,028,672 | ---- | M] (Imaxel Labs S.L) -- C:\Users\root\AppData\Local\Temp\Imaxel\ImaxelLauncher.exe [2010.09.20 12:04:46 | 000,016,384 | ---- | M] ( ) -- C:\Users\root\AppData\Local\Temp\Imaxel\NTFSFP.exe [2011.11.22 18:05:25 | 000,258,048 | ---- | M] (OCS) -- C:\Users\root\AppData\Local\Temp\OCS\ocs_v5c.exe [2011.11.22 18:06:03 | 011,422,040 | ---- | M] (DVDVideoSoft Ltd. ) -- C:\Users\root\AppData\Local\Temp\OCS\Downloads\0674e23d6502b36621d489f1b4fbd22a\631a21e7e3ea4d60c27b0646a837ac79\FreeDiscBurner.exe [2011.09.23 16:26:37 | 000,234,448 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Users\root\AppData\Local\Temp\RarSFX0\avwebloader.exe < %allusersprofile%\*. > [2012.09.23 21:29:01 | 000,000,000 | ---D | M] -- C:\ProgramData\Adobe [2008.05.22 11:50:37 | 000,000,000 | -HSD | M] -- C:\ProgramData\Anwendungsdaten [2012.08.09 21:29:08 | 000,000,000 | ---D | M] -- C:\ProgramData\Apple [2012.08.09 21:30:14 | 000,000,000 | ---D | M] -- C:\ProgramData\Apple Computer [2006.11.02 14:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data [2012.01.08 16:49:04 | 000,000,000 | ---D | M] -- C:\ProgramData\Avira [2008.10.13 20:33:50 | 000,000,000 | -H-D | M] -- C:\ProgramData\BTrieve [2011.11.22 20:49:10 | 000,000,000 | ---D | M] -- C:\ProgramData\Canneverbe Limited [2011.09.29 12:30:35 | 000,000,000 | -H-D | M] -- C:\ProgramData\clp [2011.01.18 23:20:55 | 000,000,000 | -H-D | M] -- C:\ProgramData\Common Toolkit Suite [2011.10.01 20:41:43 | 000,000,000 | -H-D | M] -- C:\ProgramData\CyberLink [2012.08.05 18:28:08 | 000,000,000 | -H-D | M] -- C:\ProgramData\DATA BECKER [2006.11.02 14:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop [2006.11.02 14:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents [2008.05.22 11:50:37 | 000,000,000 | -HSD | M] -- C:\ProgramData\Dokumente [2008.05.22 11:50:37 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favoriten [2006.11.02 14:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites [2011.01.18 23:20:55 | 000,000,000 | -H-D | M] -- C:\ProgramData\Fighters [2011.02.23 11:09:02 | 000,000,000 | -H-D | M] -- C:\ProgramData\FreePDF [2012.03.18 08:51:54 | 000,000,000 | ---D | M] -- C:\ProgramData\gema [2012.10.17 22:16:22 | 000,000,000 | -H-D | M] -- C:\ProgramData\Google [2008.10.13 20:22:39 | 000,000,000 | -H-D | M] -- C:\ProgramData\Haufe [2012.08.17 19:14:40 | 000,000,000 | -H-D | M] -- C:\ProgramData\HOLM Acoustics [2011.10.19 22:08:44 | 000,000,000 | -H-D | M] -- C:\ProgramData\hps [2011.10.15 23:05:23 | 000,000,000 | ---D | M] -- C:\ProgramData\InguzEQ [2012.11.07 07:39:27 | 000,000,000 | ---D | M] -- C:\ProgramData\Kaspersky Lab [2010.11.30 19:24:40 | 000,000,000 | -H-D | M] -- C:\ProgramData\Lexware [2008.02.18 16:59:57 | 000,000,000 | -H-D | M] -- C:\ProgramData\MAGIX [2009.07.07 20:33:20 | 000,000,000 | -H-D | M] -- C:\ProgramData\MakeMusic [2011.05.20 23:50:19 | 000,000,000 | ---D | M] -- C:\ProgramData\Malwarebytes [2011.10.11 19:23:10 | 000,000,000 | -H-D | M] -- C:\ProgramData\McAfee [2011.08.30 22:03:44 | 000,000,000 | --SD | M] -- C:\ProgramData\Microsoft [2011.09.13 14:25:24 | 000,000,000 | ---D | M] -- C:\ProgramData\Nitro PDF [2012.11.06 22:52:21 | 000,000,000 | ---D | M] -- C:\ProgramData\Norton [2008.06.27 23:30:37 | 000,000,000 | -H-D | M] -- C:\ProgramData\Panasonic [2011.09.03 22:09:17 | 000,000,000 | ---D | M] -- C:\ProgramData\Squeezebox [2006.11.02 14:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu [2008.05.22 11:50:37 | 000,000,000 | -HSD | M] -- C:\ProgramData\Startmenü [2011.10.01 10:38:14 | 000,000,000 | ---D | M] -- C:\ProgramData\Sun [2011.08.15 10:39:06 | 000,000,000 | ---D | M] -- C:\ProgramData\Synology [2010.10.06 20:05:23 | 000,000,000 | -H-D | M] -- C:\ProgramData\TEMP [2006.11.02 14:02:04 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates [2011.10.23 20:35:58 | 000,000,000 | ---D | M] -- C:\ProgramData\tmp [2008.02.22 10:17:07 | 000,000,000 | -H-D | M] -- C:\ProgramData\TOSHIBA [2008.05.22 11:54:56 | 000,000,000 | -H-D | M] -- C:\ProgramData\ToshibaEurope [2008.07.12 09:55:31 | 000,000,000 | -H-D | M] -- C:\ProgramData\UDL [2008.02.18 16:43:13 | 000,000,000 | -H-D | M] -- C:\ProgramData\Ulead Systems [2008.05.22 11:50:37 | 000,000,000 | -HSD | M] -- C:\ProgramData\Vorlagen [2011.05.21 00:57:05 | 000,000,000 | ---D | M] -- C:\ProgramData\WindowsSearch [2012.11.03 21:13:36 | 000,000,000 | -H-D | M] -- C:\ProgramData\WinZip [2012.08.09 21:32:22 | 000,000,000 | ---D | M] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2011.01.18 23:21:13 | 000,000,000 | -H-D | M] -- C:\ProgramData\{D81057B4-29EC-41EB-A123-4E4E49873404} < %allusersprofile%\*.* > [2011.05.20 22:15:20 | 000,000,344 | ---- | M] () -- C:\ProgramData\44031736 [2010.06.20 17:46:46 | 000,000,008 | ---- | M] () -- C:\ProgramData\SDGLYBMPWPP.SYS [2011.05.20 22:15:25 | 000,000,120 | ---- | M] () -- C:\ProgramData\~44031736 [2011.05.20 22:15:25 | 000,000,144 | ---- | M] () -- C:\ProgramData\~44031736r < %allusersprofile%\*.exe /s > [2009.02.04 12:56:14 | 000,075,112 | ---- | M] (GEAR Software, Inc.) -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}\x86\DifXInstall32.exe [2010.12.24 14:02:16 | 003,129,968 | ---- | M] (SPAMfighter ApS ) -- C:\ProgramData\{D81057B4-29EC-41EB-A123-4E4E49873404}\SPYWAREfighter.exe [2010.12.24 14:01:26 | 000,706,696 | ---- | M] (SPAMfighter ApS) -- C:\ProgramData\{D81057B4-29EC-41EB-A123-4E4E49873404}\OFFLINE\1B2BFE9\40374F81\FighterLauncher.exe [2010.12.24 14:01:21 | 000,983,688 | ---- | M] (SPAMfighter) -- C:\ProgramData\{D81057B4-29EC-41EB-A123-4E4E49873404}\OFFLINE\6ED4E8D4\18732F2A\swproTray.exe [2010.12.24 13:45:07 | 000,093,328 | ---- | M] (Preventon Technologies Limited) -- C:\ProgramData\{D81057B4-29EC-41EB-A123-4E4E49873404}\OFFLINE\79D5CCD5\CB4D3653\AVWatchService.exe [2010.12.24 14:01:30 | 000,993,928 | ---- | M] (SPAMfighter ApS) -- C:\ProgramData\{D81057B4-29EC-41EB-A123-4E4E49873404}\OFFLINE\7B4591B7\40374F81\MsgSys.exe [2010.12.24 13:45:07 | 000,797,848 | ---- | M] (Preventon Technologies Limited) -- C:\ProgramData\{D81057B4-29EC-41EB-A123-4E4E49873404}\OFFLINE\B510A09A\CB4D3653\AVScanningService.exe [2010.12.24 14:01:28 | 001,141,896 | ---- | M] (SPAMfighter ApS) -- C:\ProgramData\{D81057B4-29EC-41EB-A123-4E4E49873404}\OFFLINE\DB5AB443\40374F81\FighterSuiteService.exe [2012.06.07 22:19:04 | 000,073,624 | ---- | M] (Apple Inc.) -- C:\ProgramData\Apple Computer\Installer Cache\iTunes 10.6.3.25\SetupAdmin.exe [2012.09.10 22:10:19 | 000,613,880 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\ProgramData\Avira\AntiVir Desktop\TEMP\SELFUPDATE\update.exe [2012.05.15 20:31:29 | 000,047,824 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\ProgramData\Avira\AntiVir Desktop\TEMP\SELFUPDATE\updrgui.exe [2011.07.05 23:46:52 | 006,522,744 | ---- | M] (SPAMfighter ApS) -- C:\ProgramData\Fighters\SPYWAREfighter\setup.exe [2012.10.17 22:14:23 | 000,530,464 | ---- | M] (Google Inc.) -- C:\ProgramData\Google\Google Toolbar\Update\GoogleToolbarInstaller_updater_signed.exe [2011.10.19 10:10:56 | 001,562,136 | ---- | M] () -- C:\ProgramData\hps\1320\setup_dm_Fotowelt.exe [2008.01.21 14:28:50 | 009,660,432 | -H-- | M] () -- C:\ProgramData\Lexware\Update Manager\Konfiguration\DATABECKER\AKT3B\setup.exe [2008.02.07 19:51:46 | 000,078,568 | ---- | M] (MakeMusic) -- C:\ProgramData\MakeMusic\UninstallSmartMusic10.exe [2012.10.21 20:16:55 | 010,669,952 | ---- | M] (Malwarebytes Corporation ) -- C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe [2008.09.08 09:38:38 | 000,069,632 | ---- | M] () -- C:\ProgramData\Squeezebox\Cache\InstalledPlugins\Plugins\WaveInput\Bin\wavin2cmd.exe [2011.09.03 22:11:11 | 050,667,105 | ---- | M] (Logitech ) -- C:\ProgramData\Squeezebox\Cache\updates\SqueezeboxServer-7.6.1.exe [2011.10.01 20:40:43 | 000,053,319 | ---- | M] ( ) -- C:\ProgramData\TEMP\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}\PostBuild.exe ========== Alternate Data Streams ========== @Alternate Data Stream - 192 bytes -> C:\Windows:nlsPreferences @Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:7631EA83 < End of report > [/CODE] |
|
10.11.2012, 10:56
| #9 | |
| /// TB-Ausbilder | GVU Trojaner (2.07?) Vista 32 OK wir probieren es mal so. Berichte bitte ob das Konto wieder funktioniert. Fix mit OTL
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
10.11.2012, 11:37
| #10 |
| | GVU Trojaner (2.07?) Vista 32 Danke schon mal für deine Hilfe ... ...hier das Resultat aus dem otl fix. Nach Neustart habe ich mich bei dem infizierten Konto angemeldet, der Trojaner war leider immer noch da... Code:
ATTFilter All processes killed
========== OTL ==========
Registry key HKEY_USERS\S-1-5-21-837539190-946308511-2959491753-1000\Software\Microsoft\Internet Explorer\SearchScopes\{7E25F2EB-1E56-4460-8043-AECDA51F9E77}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7E25F2EB-1E56-4460-8043-AECDA51F9E77}\ not found.
C:\ProgramData\Norton\{086A63F0-6B13-4F29-9695-134E7A01E963} folder moved successfully.
C:\ProgramData\Norton\NPE folder moved successfully.
C:\ProgramData\Norton folder moved successfully.
C:\Users\root\AppData\Local\NPE folder moved successfully.
Folder C:\Users\root\AppData\Local\NPE\ not found.
Folder C:\ProgramData\Norton\ not found.
ADS C:\Windows:nlsPreferences deleted successfully.
ADS C:\ProgramData\TEMP:7631EA83 deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: ****
->Temp folder emptied: 315468677 bytes
->Temporary Internet Files folder emptied: 355654507 bytes
->Java cache emptied: 908372 bytes
->Flash cache emptied: 28955 bytes
User: *****
->Temp folder emptied: 673320067 bytes
->Temporary Internet Files folder emptied: 431959655 bytes
->Java cache emptied: 2456249 bytes
->Google Chrome cache emptied: 261587681 bytes
->Flash cache emptied: 506 bytes
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Public
User: root
->Temp folder emptied: 371610296 bytes
->Temporary Internet Files folder emptied: 425081989 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 1691 bytes
User: ******
->Temp folder emptied: 1813246 bytes
->Temporary Internet Files folder emptied: 49088777 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 492 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 65728276 bytes
RecycleBin emptied: 133236 bytes
Total Files Cleaned = 2.818,00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 11102012_110845
Files\Folders moved on Reboot...
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
|
|
10.11.2012, 11:39
| #11 | ||
| /// TB-Ausbilder | GVU Trojaner (2.07?) Vista 32 Grrr! Dann kommt jetzt die Keule ...  Scan mit Combofix
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
10.11.2012, 13:34
| #12 |
| | GVU Trojaner (2.07?) Vista 32 ....Licht am Horizont (?): erster Lauf von Combofix endete (irgendwann) mit einem bluescreen ohne Logfile. Ich habe combofix danach nochmals laufen lassen, logfile s.u. Nach einem Neustart taucht der Trojaner jetzt nicht mehr in dem Nutzerkonto auf.  Code:
ATTFilter Combofix Logfile: |
|
10.11.2012, 13:37
| #13 | |
| /// TB-Ausbilder | GVU Trojaner (2.07?) Vista 32 Ja, das war jetzt eine neue Variante für mich. Alles klar, dann gehts so weiter: Wir müssen jetzt noch ein paar Kontrollen machen. Schritt 1: Quick-Scan mit Malwarebytes Schritt 2: ESET Online Scanner Zitat:
Schritt 3: Java Update (Windows XP, Vista, 7) Dein Java ist nicht mehr aktuell. Ältere Versionen enthalten Sicherheitslücken, die von Malware missbraucht werden können.Schritt 4: Scan mit SecurityCheck Downloade Dir bitte SecurityCheck
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
10.11.2012, 16:03
| #14 |
| | GVU Trojaner (2.07?) Vista 32 ... hier schon mal das Resultat von Schritt 1: Quick-Scan mit Malwarebytes Code:
ATTFilter Malwarebytes Anti-Malware 1.65.1.1000 www.malwarebytes.org Database version: v2012.11.10.06 Windows Vista Service Pack 1 x86 NTFS Internet Explorer 8.0.6001.19088 root :: LAPTOP [administrator] 10.11.2012 15:07:46 mbam-log-2012-11-10 (15-07-46).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | PUP | PUM Scan options disabled: Heuristics/Shuriken | P2P Objects scanned: 269845 Time elapsed: 6 minute(s), 58 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) ESET Online Scanner : 2 Funde Code:
ATTFilter C:\Qoobox\Quarantine\C\Users\****\ocurtajuchwufblqcu.exe.vir a variant of Win32/Injector.YQM trojan
C:\Users\****\Downloads\WinZip165Multi-language.exe a variant of Win32/OpenInstall application
Resultat Schritt 2: ESET Online Scanner : 2 Funde Code:
ATTFilter
C:\Qoobox\Quarantine\C\Users\****\ocurtajuchwufblqcu.exe.vir a variant of Win32/Injector.YQM trojan
C:\Users\****\Downloads\WinZip165Multi-language.exe a variant of Win32/OpenInstall application
Resultat Schritt 2: ESET Online Scanner : 2 Funde Code:
ATTFilter C:\Qoobox\Quarantine\C\Users\****\ocurtajuchwufblqcu.exe.vir a variant of Win32/Injector.YQM trojan
C:\Users\****\Downloads\WinZip165Multi-language.exe a variant of Win32/OpenInstall application
Resultat Schritt 2: ESET Online Scanner : 2 Funde Code:
ATTFilter C:\Qoobox\Quarantine\C\Users\****\ocurtajuchwufblqcu.exe.vir a variant of Win32/Injector.YQM trojan
C:\Users\****\Downloads\WinZip165Multi-language.exe a variant of Win32/OpenInstall application
 sorry für das mehrfache Anhängen .... sollte eigentlich ein neuer Beitrag werden.... |
|
11.11.2012, 16:07
| #15 |
| | GVU Trojaner (2.07?) Vista 32 ..... so, hier die Zusammenfassung: Schritt 1: Quick-Scan mit Malwarebytes keine Funde (s.o.) Schritt 2: ESET Online Scanner : 2 Funde Code:
ATTFilter
C:\Qoobox\Quarantine\C\Users\****\ocurtajuchwufblqcu.exe.vir a variant of Win32/Injector.YQM trojan
C:\Users\****\Downloads\WinZip165Multi-language.exe a variant of Win32/OpenInstall application
Schritt 3: JAVA 7 update 9 installiert Schritt 4: Scan mit Security Check Code:
ATTFilter Results of screen317's Security Check version 0.99.54 Windows Vista Service Pack 1 x86 Out of date service pack!! Internet Explorer 8 Out of date! ``````````````Antivirus/Firewall Check:`````````````` Avira Desktop Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` SPYWAREfighter Secunia PSI (2.0.0.3003) Malwarebytes Anti-Malware version 1.65.1.1000 Eusing Free Registry Cleaner Java 7 Update 9 Adobe Reader 8 Adobe Reader out of Date! ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe Avira Antivir avgnt.exe Avira Antivir avguard.exe Malwarebytes' Anti-Malware mbamscheduler.exe TOSHIBA Toshiba Online Product Information TOPI.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: % ````````````````````End of Log`````````````````````` Geändert von blue7667 (11.11.2012 um 16:14 Uhr) Grund: Teile ergänzt |
|
| Themen zu GVU Trojaner (2.07?) Vista 32 |
| 32 bit, angehängt, extra, files, gvu trojaner, gvu trojaner vista 32, hallo zusammen, log, log files, nutzerkonten, otl scan, prüfung, registrierung, scan, system, troja, trojaner, users, vista, vista 32, vista 32 bit, zusammen |
Textbox.
Button.
und dann 
Linear-Darstellung
