Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
System-Bereinigung nach GVU-Trojaner

System-Bereinigung nach GVU-Trojaner


Plagegeister aller Art und deren Bekämpfung: System-Bereinigung nach GVU-Trojaner

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 28.12.2012, 13:17   #1
Waitjef
 
System-Bereinigung nach GVU-Trojaner - Standard

System-Bereinigung nach GVU-Trojaner


Hallo zusammen,

ich habe mir gestern den GVU-Trojaner eingefangen und ihn dann mit einer Systemwiederherstellung nach diesem Video (hxxp://www.youtube.com/watch?v=slYjwblUWOY) wegbekommen - oder sagen wir, ich habe zumindest die Sperrung wegbekommen, denn ich hege Zweifel daran, dass der Trjonaer jetzt komplett weg sein soll. Ich habe mir jetzt " Malwarebytes Anti-Malware " und "OTL" runtergeladen.

Der Log von Malwarebytes Anti-Malware

Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2012.12.28.05

Windows Vista Service Pack 1 x64 NTFS
Internet Explorer 7.0.6001.18000
*** :: ***-PC [Administrator]

Schutz: Aktiviert

28.12.2012 13:01:57
MBAM-log-2012-12-28 (13-13-28).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 225836
Laufzeit: 2 Minute(n), 46 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\ProgramData\dsgsdgdsgdsgw.pad (Exploit.Drop.GSA) -> Keine Aktion durchgeführt.

(Ende)
Und hier der Log von "OTL"

Code:
ATTFilter
OTL logfile created on: 28.12.2012 12:35:41 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\***\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,57 Gb Available Physical Memory | 64,29% Memory free
8,23 Gb Paging File | 6,70 Gb Available in Paging File | 81,40% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,76 Gb Total Space | 30,34 Gb Free Space | 6,51% Space Free | Partition Type: NTFS
Drive E: | 3,71 Gb Total Space | 2,52 Gb Free Space | 67,78% Space Free | Partition Type: FAT32
 
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\***\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
PRC - C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
PRC - C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\McAfee Security Scan\3.0.207\McUicnt.exe (McAfee, Inc.)
PRC - C:\Program Files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe (McAfee, Inc.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Steam\SDL.dll ()
MOD - C:\Program Files (x86)\Steam\bin\libcef.dll ()
MOD - C:\Program Files (x86)\Steam\bin\chromehtml.dll ()
MOD - C:\Program Files (x86)\Steam\bin\avutil-51.dll ()
MOD - C:\Program Files (x86)\Steam\bin\avcodec-53.dll ()
MOD - C:\Program Files (x86)\Steam\bin\avformat-53.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (McComponentHostService) -- C:\Program Files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe (McAfee, Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys ()
DRV:64bit: - (atksgt) -- C:\Windows\SysNative\DRIVERS\atksgt.sys ()
DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\DRIVERS\lirsgt.sys ()
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys ()
DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys ()
DRV:64bit: - (AtiPcie) -- C:\Windows\SysNative\DRIVERS\AtiPcie.sys ()
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\DRIVERS\ASACPI.sys ()
DRV:64bit: - (yukonx64) -- C:\Windows\SysNative\DRIVERS\yk60x64.sys ()
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-599166037-456172063-773513045-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.alternate.net [binary data]
IE - HKU\S-1-5-21-599166037-456172063-773513045-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.alternate.net [binary data]
IE - HKU\S-1-5-21-599166037-456172063-773513045-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-599166037-456172063-773513045-1000\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKU\S-1-5-21-599166037-456172063-773513045-1000\..\SearchScopes,DefaultScope = {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}
IE - HKU\S-1-5-21-599166037-456172063-773513045-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKU\S-1-5-21-599166037-456172063-773513045-1000\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=crm&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=EEA7DD08-5377-42A4-81BA-E156B1214719&apn_sauid=0AB50834-32BA-4036-92D4-299F3BA5A1D6
IE - HKU\S-1-5-21-599166037-456172063-773513045-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-599166037-456172063-773513045-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
IE - HKU\S-1-5-21-599166037-456172063-773513045-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.alternate.net [binary data]
IE - HKU\S-1-5-21-599166037-456172063-773513045-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.alternate.net [binary data]
IE - HKU\S-1-5-21-599166037-456172063-773513045-1001\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-599166037-456172063-773513045-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-599166037-456172063-773513045-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKU\S-1-5-21-599166037-456172063-773513045-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-599166037-456172063-773513045-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://www.zeit.de/index"
FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.12
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
FF - prefs.js..keyword.URL: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=ORJ&o=&locale=&apn_uid=EEA7DD08-5377-42A4-81BA-E156B1214719&apn_ptnrs=U3&apn_sauid=0AB50834-32BA-4036-92D4-299F3BA5A1D6&apn_dtid=OSJ000YYDE&&q="
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_135.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.10.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.10.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.05 19:56:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.12.12 18:00:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
 
[2012.04.14 15:32:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2012.12.22 10:21:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\vcb97rw6.default\extensions
[2012.11.22 18:02:55 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\vcb97rw6.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012.12.22 10:22:01 | 000,000,000 | ---D | M] (Ask Toolbar Toolbar) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\vcb97rw6.default\extensions\toolbar@ask.com
[2012.12.22 10:22:01 | 000,002,308 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\vcb97rw6.default\searchplugins\askcom.xml
[2012.12.05 19:56:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.12.05 19:56:07 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.12.05 19:56:11 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.06.19 15:52:25 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.08.31 04:40:39 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.06.19 15:52:25 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.19 15:52:25 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.19 15:52:25 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.19 15:52:25 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 22:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-599166037-456172063-773513045-1000..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O4 - HKU\S-1-5-21-599166037-456172063-773513045-1000..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-599166037-456172063-773513045-1000..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
O4 - HKU\S-1-5-21-599166037-456172063-773513045-1001..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-599166037-456172063-773513045-1001..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O4 - HKU\S-1-5-21-599166037-456172063-773513045-1001..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-599166037-456172063-773513045-1001..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2 ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2 ()
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Program Files (x86)\ICQ7M\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Program Files (x86)\ICQ7M\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{16B58801-C743-4126-9E9E-DAFB525BB981}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe ()
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\***\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\***\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.09.05 15:51:10 | 000,000,000 | ---D | M] - C:\Autorun -- [ NTFS ]
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\CoJBiBLauncher.exe
O33 - MountPoints2\I\Shell - "" = AutoRun
O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\autoplay.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.12.28 12:33:48 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2012.12.27 00:44:00 | 000,000,000 | -HSD | C] -- C:\ProgramData\SecuROM
[2012.12.27 00:03:15 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Rockstar Games
[2012.12.26 23:56:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Games for Windows - LIVE
[2012.12.26 23:28:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Rockstar Games
[2012.12.23 17:35:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ANNO 1503 GOLD
[2012.12.23 17:35:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ANNO 1503 GOLD
[2012.12.22 10:51:06 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Bedouin Soundclash
[2012.12.22 10:28:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Live Add-in
[2012.12.22 10:28:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft
[2012.12.22 10:21:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ask.com
[2012.12.21 18:02:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Ask
[2012.12.21 18:02:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2012.12.21 18:02:54 | 000,000,000 | ---D | C] -- C:\Users\***\.freemind
[2012.12.21 18:02:08 | 000,859,072 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2012.12.21 18:02:08 | 000,779,704 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2012.12.21 18:02:08 | 000,260,528 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2012.12.21 18:02:04 | 000,174,000 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2012.12.21 18:02:04 | 000,173,992 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2012.12.21 18:02:04 | 000,095,184 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2012.12.21 18:00:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2012.12.21 17:18:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreeMind
[2012.12.21 17:18:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FreeMind
[2012.12.16 22:40:02 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\DVDVideoSoft
[2012.12.16 22:40:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
[2012.12.16 22:39:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDVideoSoft
[2012.12.16 13:29:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012.12.16 13:28:59 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012.12.16 13:28:58 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012.12.16 13:28:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2012.12.16 13:28:58 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2012.12.12 18:00:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird
[2012.12.08 15:27:14 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Proben
[2012.12.07 17:19:25 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Falllösungen
[2012.12.05 19:56:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012.12.03 19:06:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SEGA
[2012.12.02 13:38:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012.12.02 13:38:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\***\Desktop\*.tmp files -> C:\Users\***\Desktop\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.12.28 12:39:15 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.12.28 12:34:44 | 001,573,722 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.12.28 12:34:44 | 000,676,776 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.12.28 12:34:44 | 000,636,502 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.12.28 12:34:44 | 000,146,542 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.12.28 12:34:44 | 000,120,584 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.12.28 12:30:52 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2012.12.28 12:13:29 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.12.28 12:13:28 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.12.28 12:13:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.12.27 23:53:57 | 095,023,320 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.pad
[2012.12.27 20:05:33 | 000,006,608 | ---- | M] () -- C:\Users\***\Desktop\Klausurkurs Öffentliches Recht.mm
[2012.12.25 11:25:44 | 000,068,173 | ---- | M] () -- C:\Users\***\Desktop\6161764_700b_v1.jpg
[2012.12.25 11:12:21 | 045,669,382 | ---- | M] () -- C:\Users\***\Desktop\Jon Gomm - Passionflower.flv
[2012.12.25 11:09:46 | 093,428,351 | ---- | M] () -- C:\Users\***\Desktop\Jon Gomm - Message In A Bottle.mp4
[2012.12.23 22:53:50 | 000,027,136 | ---- | M] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.12.23 22:52:04 | 003,629,928 | ---- | M] () -- C:\Users\***\Desktop\P4230124.JPG
[2012.12.23 22:50:55 | 000,686,839 | ---- | M] () -- C:\Users\***\Desktop\Foto 3.jpg
[2012.12.23 22:48:12 | 000,411,956 | ---- | M] () -- C:\Users\***\Desktop\Foto 2.jpg
[2012.12.23 22:46:00 | 000,554,581 | ---- | M] () -- C:\Users\***\Desktop\Foto 1.jpg
[2012.12.23 16:08:56 | 000,018,757 | ---- | M] () -- C:\Users\***\Desktop\BGB.mm
[2012.12.23 12:57:18 | 518,176,787 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012.12.22 10:48:10 | 000,000,220 | ---- | M] () -- C:\Users\***\Desktop\dediziert – Wiktionary.URL
[2012.12.21 18:01:01 | 000,095,184 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2012.12.21 18:00:56 | 000,859,072 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2012.12.21 18:00:56 | 000,779,704 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2012.12.21 18:00:56 | 000,260,528 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2012.12.21 18:00:56 | 000,174,000 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2012.12.21 18:00:56 | 000,173,992 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2012.12.19 21:50:28 | 211,373,690 | ---- | M] () -- C:\Users\***\Desktop\Coheed and Cambria - The Hard Sell [Lyric Video].mp4
[2012.12.19 19:36:17 | 000,169,162 | ---- | M] () -- C:\Users\***\Desktop\Coverfoto.jpg
[2012.12.19 08:44:32 | 022,214,556 | ---- | M] () -- C:\Users\***\Desktop\GHOST_-_Secular_Haze_OFFICIAL_AUDIO.flv
[2012.12.18 20:15:32 | 000,066,704 | ---- | M] () -- C:\Users\***\Desktop\6110142_700b.jpg
[2012.12.17 16:57:49 | 000,000,240 | ---- | M] () -- C:\Users\***\Desktop\GHOST - Secular Haze (OFFICIAL AUDIO) - YouTube.URL
[2012.12.16 15:42:34 | 000,000,245 | ---- | M] () -- C:\Users\***\Desktop\hrr-strafrecht.de - HRRS März 2004 Jakobs - Bürgerstrafrecht und Feindstrafrecht.URL
[2012.12.16 13:43:52 | 000,293,183 | ---- | M] () -- C:\Users\***\Desktop\6084969_460s_v1.jpg
[2012.12.16 13:40:59 | 000,103,412 | ---- | M] () -- C:\Users\***\Desktop\6092016_460s.jpg
[2012.12.15 14:35:33 | 010,603,147 | ---- | M] () -- C:\Users\***\Desktop\Wir sind Helden - Denkmal.flv
[2012.12.12 08:50:42 | 041,093,125 | ---- | M] () -- C:\Users\***\Desktop\JIMI HENDRIX - Who Knows (Studio Live Jam).flv
[2012.12.11 18:39:42 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.12.11 18:39:42 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.12.09 20:11:33 | 000,000,286 | ---- | M] () -- C:\Users\***\Desktop\Stellvertretung-Übersicht.pdf (applicationpdf-Objekt).URL
[2012.12.09 16:35:47 | 000,000,262 | ---- | M] () -- C:\Users\***\Desktop\BGB_AT_0506_§2VIII_166.pdf (applicationpdf-Objekt).URL
[2012.12.01 20:51:25 | 000,000,068 | ---- | M] () -- C:\Users\***\Desktop\abbreviieren – Wiktionary.URL
[2012.11.30 18:39:47 | 269,231,760 | ---- | M] () -- C:\Users\***\Desktop\Reignwolf - Full Performance (Live on KEXP).mp4
[2012.11.30 18:34:37 | 011,595,151 | ---- | M] () -- C:\Users\***\Desktop\Tocotronic - Kapitulation.flv
[2012.11.30 16:59:39 | 000,052,088 | ---- | M] () -- C:\Users\***\Desktop\5962977_460s.jpg
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\***\Desktop\*.tmp files -> C:\Users\***\Desktop\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.12.27 23:31:23 | 095,023,320 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.pad
[2012.12.26 19:27:56 | 000,006,608 | ---- | C] () -- C:\Users\***\Desktop\Klausurkurs Öffentliches Recht.mm
[2012.12.25 11:25:44 | 000,068,173 | ---- | C] () -- C:\Users\***\Desktop\6161764_700b_v1.jpg
[2012.12.25 11:07:05 | 045,669,382 | ---- | C] () -- C:\Users\***\Desktop\Jon Gomm - Passionflower.flv
[2012.12.25 11:06:36 | 093,428,351 | ---- | C] () -- C:\Users\***\Desktop\Jon Gomm - Message In A Bottle.mp4
[2012.12.23 22:53:51 | 003,629,928 | ---- | C] () -- C:\Users\***\Desktop\P4230124.JPG
[2012.12.23 22:50:53 | 000,686,839 | ---- | C] () -- C:\Users\***\Desktop\Foto 3.jpg
[2012.12.23 22:48:10 | 000,411,956 | ---- | C] () -- C:\Users\***\Desktop\Foto 2.jpg
[2012.12.23 22:45:57 | 000,554,581 | ---- | C] () -- C:\Users\***\Desktop\Foto 1.jpg
[2012.12.22 11:27:35 | 000,018,757 | ---- | C] () -- C:\Users\***\Desktop\BGB.mm
[2012.12.22 10:48:10 | 000,000,220 | ---- | C] () -- C:\Users\***\Desktop\dediziert – Wiktionary.URL
[2012.12.19 21:37:19 | 211,373,690 | ---- | C] () -- C:\Users\***\Desktop\Coheed and Cambria - The Hard Sell [Lyric Video].mp4
[2012.12.19 19:36:16 | 000,169,162 | ---- | C] () -- C:\Users\***\Desktop\Coverfoto.jpg
[2012.12.19 08:40:52 | 022,214,556 | ---- | C] () -- C:\Users\***\Desktop\GHOST_-_Secular_Haze_OFFICIAL_AUDIO.flv
[2012.12.18 20:15:31 | 000,066,704 | ---- | C] () -- C:\Users\***\Desktop\6110142_700b.jpg
[2012.12.17 16:57:49 | 000,000,240 | ---- | C] () -- C:\Users\***\Desktop\GHOST - Secular Haze (OFFICIAL AUDIO) - YouTube.URL
[2012.12.16 15:42:34 | 000,000,245 | ---- | C] () -- C:\Users\***\Desktop\hrr-strafrecht.de - HRRS März 2004 Jakobs - Bürgerstrafrecht und Feindstrafrecht.URL
[2012.12.16 13:43:51 | 000,293,183 | ---- | C] () -- C:\Users\***\Desktop\6084969_460s_v1.jpg
[2012.12.16 13:40:58 | 000,103,412 | ---- | C] () -- C:\Users\***\Desktop\6092016_460s.jpg
[2012.12.15 14:32:40 | 010,603,147 | ---- | C] () -- C:\Users\***\Desktop\Wir sind Helden - Denkmal.flv
[2012.12.12 08:42:38 | 041,093,125 | ---- | C] () -- C:\Users\***\Desktop\JIMI HENDRIX - Who Knows (Studio Live Jam).flv
[2012.12.09 20:11:33 | 000,000,286 | ---- | C] () -- C:\Users\***\Desktop\Stellvertretung-Übersicht.pdf (applicationpdf-Objekt).URL
[2012.12.09 16:35:47 | 000,000,262 | ---- | C] () -- C:\Users\***\Desktop\BGB_AT_0506_§2VIII_166.pdf (applicationpdf-Objekt).URL
[2012.12.01 20:51:25 | 000,000,068 | ---- | C] () -- C:\Users\***\Desktop\abbreviieren – Wiktionary.URL
[2012.11.30 18:32:42 | 269,231,760 | ---- | C] () -- C:\Users\***\Desktop\Reignwolf - Full Performance (Live on KEXP).mp4
[2012.11.30 18:31:41 | 011,595,151 | ---- | C] () -- C:\Users\***\Desktop\Tocotronic - Kapitulation.flv
[2012.11.30 16:59:38 | 000,052,088 | ---- | C] () -- C:\Users\***\Desktop\5962977_460s.jpg
[2012.11.10 01:10:47 | 003,130,440 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_blr.exe
[2012.07.16 10:31:56 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini
[2012.05.01 16:11:03 | 000,000,331 | ---- | C] () -- C:\Windows\game.ini
[2012.04.30 15:34:26 | 000,000,092 | ---- | C] () -- C:\Users\***\AppData\Local\fusioncache.dat
[2012.04.29 16:47:32 | 001,550,940 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.04.29 16:42:31 | 000,298,016 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.04.29 16:42:30 | 002,793,768 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2012.04.29 16:42:30 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012.04.16 13:04:37 | 000,106,605 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2012.04.16 13:04:37 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2012.04.12 14:52:30 | 000,000,552 | ---- | C] () -- C:\Users\***\AppData\Local\d3d8caps.dat
[2012.04.12 13:56:08 | 000,027,136 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.04.12 13:36:07 | 000,027,862 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2012.04.12 13:35:16 | 000,027,546 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2012.04.12 13:21:19 | 000,000,732 | ---- | C] () -- C:\Users\***\AppData\Local\d3d9caps64.dat
[2012.02.25 17:56:28 | 000,063,364 | ---- | C] () -- C:\Users\***\Rückseite Weiß.jpg
[2011.03.10 23:19:30 | 000,002,095 | ---- | C] () -- C:\Users\***\.recently-used.xbel
[2010.12.18 15:59:12 | 000,073,964 | ---- | C] () -- C:\Users\***\Unbenannt.jpg
 
========== ZeroAccess Check ==========
 
[2006.11.02 16:30:40 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2011.01.21 16:56:31 | 012,898,304 | ---- | M] ()
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2011.01.21 16:46:32 | 011,582,464 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.03.03 05:53:36 | 000,891,392 | ---- | M] ()
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.03.03 05:36:24 | 000,615,424 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008.01.21 03:50:58 | 000,513,024 | ---- | M] ()
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.06.03 14:42:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\AnvSoft
[2012.12.16 22:40:15 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoft
[2012.11.27 08:28:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ICQ
[2012.05.19 23:24:29 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenOffice.org
[2012.04.30 21:01:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Steinberg
[2012.07.26 23:14:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\The Creative Assembly
[2012.04.14 15:41:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Thunderbird
[2012.11.11 22:04:18 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Ubisoft
 
========== Purity Check ==========
 
 

< End of report >
Ich möchte mich schon im Vorfeld für etwaige Hilfe bedanken!

MfG
Waitjef

 

Themen zu System-Bereinigung nach GVU-Trojaner
administrator, adobe, adobe flash player, autorun, bho, bonjour, bot, defender, dsgsdgdsgdsgw.pad, explorer, firefox, flash player, format, google, home, log, logfile, nvidia, nvidia update, performance, plug-in, programme, registry, security, senden, software, vista


« Virus lässt sich nicht dauerhaft entfernen trotz Malware Progr. - HKCU/Software/VB an VBA Program settings/SrvID | GVU Trojaner entfernen »


Ähnliche Themen: System-Bereinigung nach GVU-Trojaner


  1. Bitte um System-Check & Hilfe bei der Bereinigung (falls nötig)
    Plagegeister aller Art und deren Bekämpfung - 11.11.2015 (17)
  2. Dell System Detect wird als PUP von Malwarebytes erkannt Bereinigung erforderlich
    Plagegeister aller Art und deren Bekämpfung - 06.04.2015 (7)
  3. Advanced System Protector - Erste Bereinigung mit Malwarebytes durchgeführt
    Log-Analyse und Auswertung - 28.07.2014 (16)
  4. Malwarebytes hat einen Trojan.Agent gefunden. Ist das System nach Bereinigung in Ordnung?
    Log-Analyse und Auswertung - 06.03.2014 (9)
  5. Zero.access.c ist auf meinem System, Vista SP1, und, nach Bereinigung, angeblich verschwunden?
    Plagegeister aller Art und deren Bekämpfung - 03.01.2014 (37)
  6. Immer wieder Bedrohung von C:\System Volume nach Bereinigung durch Maleware
    Log-Analyse und Auswertung - 16.09.2013 (9)
  7. Ausreichende Bereinigung nach GVU-Trojaner
    Log-Analyse und Auswertung - 14.03.2013 (13)
  8. pc bereinigung nach "GVU"-Trojaner
    Log-Analyse und Auswertung - 18.12.2012 (12)
  9. PC bereinigung nach BKA Trojaner?
    Plagegeister aller Art und deren Bekämpfung - 07.11.2012 (10)
  10. Vollständige Bereinigung nach dem Trojaner vom System Progressive Protection
    Plagegeister aller Art und deren Bekämpfung - 18.10.2012 (11)
  11. Probleme nach BKA bzw GVU Bereinigung
    Log-Analyse und Auswertung - 30.03.2012 (9)
  12. System nach Bereinigung des Ukash-Trojaners sauber?
    Log-Analyse und Auswertung - 26.10.2011 (1)
  13. Maus hängt nach nach Bereinigung mit Anti-Malware von Malwarebytes
    Plagegeister aller Art und deren Bekämpfung - 17.03.2011 (9)
  14. PC nach Bereinigung mit Malwarebytes nun wieder o.k. ?
    Plagegeister aller Art und deren Bekämpfung - 07.02.2011 (15)
  15. Backdoor Trojaner, JAVA Virus? Nach AntiVir Bereinigung und Malewarebites wieder sauber?
    Plagegeister aller Art und deren Bekämpfung - 15.08.2010 (18)
  16. System nach Bereinigung wieder sauber?
    Plagegeister aller Art und deren Bekämpfung - 27.01.2010 (8)
  17. HiJackThisLog-File nach Bereinigung
    Log-Analyse und Auswertung - 05.02.2008 (22)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema System-Bereinigung nach GVU-Trojaner - Hallo zusammen, ich habe mir gestern den GVU-Trojaner eingefangen und ihn dann mit einer Systemwiederherstellung nach diesem Video (hxxp://www.youtube.com/watch?v=slYjwblUWOY) wegbekommen - oder sagen wir, ich habe zumindest die Sperrung wegbekommen, - System-Bereinigung nach GVU-Trojaner...
Archiv
Du betrachtest: System-Bereinigung nach GVU-Trojaner auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131