| |
| |||||||
Log-Analyse und Auswertung: GVU-Trojaner, wgsdgsdgdsgsd.exeWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
12.01.2013, 23:45
| #1 |
| |  GVU-Trojaner, wgsdgsdgdsgsd.exe Hallo, bei mir ist gestern folgendes Problem aufgetreten: Mein Laptop geblockt, mit einem Hinweis der GVU, dass ich diesen gegen Zahlung wieder freischalten kann. Da ich wusste, dass momentan ein GVU-Trojaner im Umlauf ist, habe ich ohne zu überlegen meinen Laptop vom Internet getrennt und resetet. Den Laptop habe ich danach wieder normal gestartet, ohne mit dem Internet verbunden zu sein und erst als ich Firefox öffnen wollte, noch immer ohne Internetverbindung, wurde der Laptop wieder blockiert. Hab wieder resetet, normal den Laptop gestartet und seit dem auch keine Blockierung mehr erhalten. Trotzdem musste ich feststellen, dass sich im Ordner "Eigene Dateien" die Datei wgsdgsdgdsgsd.exe befand. Diese wurde zu dem Zeitpunkt erstellt, als auch mein Laptop blockiert wurde und im Affekt habe ich diese manuell gelöscht. Wahrscheinlich war dies nicht die korrekte Vorgehensweise. Nach wiederholtem Neustart kam dann die Meldung, dass wgsdgsdgdsgsd.exe rundll nicht gefunden wurde. Erst danach habe ich Malewarebytes laufen lassen, alles, was gefunden wurde, in Quarantäne verschoben, wieder neu gestartet und die Meldung kam nicht mehr. Nun bin ich mir aber trotzdem noch unsicher, ob mein Laptop bereinigt ist und hoffe, dass mir jemand hier Auskunft geben kann. Die Logfiles habe ich auch alle erstellt und sind folgende: Malewarebytes: Malwarebytes Anti-Malware (Test) 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.01.12.06 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 ***** :: ***** [Administrator] Schutz: Aktiviert 12.01.2013 15:59:50 MBAM-log-2013-01-12 (20-13-58).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 385815 Laufzeit: 3 Stunde(n), 26 Minute(n), 52 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 15 HKCR\CLSID\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Keine Aktion durchgeführt. HKCR\TypeLib\{BB7256DD-EBA9-480B-8441-A00388C2BEC3} (PUP.VShareRedir) -> Keine Aktion durchgeführt. HKCR\Interface\{3D782BB2-F2A5-11D3-BF4C-000000000000} (PUP.VShareRedir) -> Keine Aktion durchgeführt. HKCR\MyNewsBarLauncher.IE5BarLauncherBHO.1 (PUP.VShareRedir) -> Keine Aktion durchgeführt. HKCR\MyNewsBarLauncher.IE5BarLauncherBHO (PUP.VShareRedir) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Keine Aktion durchgeführt. HKCR\CLSID\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Keine Aktion durchgeführt. HKCR\MyNewsBarLauncher.IE5BarLauncher.1 (PUP.VShareRedir) -> Keine Aktion durchgeführt. HKCR\MyNewsBarLauncher.IE5BarLauncher (PUP.VShareRedir) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Keine Aktion durchgeführt. Infizierte Registrierungswerte: 2 HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Daten: VShareTB -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Daten: -> Keine Aktion durchgeführt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 4 C:\Program Files\vShare.tv plugin\BarLcher.dll (PUP.VShareRedir) -> Keine Aktion durchgeführt. C:\Users\*****\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45\493d526d-710d336e (Trojan.FakeMS) -> Keine Aktion durchgeführt. C:\ProgramData\dsgsdgdsgdsgw.pad (Exploit.Drop.GSA) -> Keine Aktion durchgeführt. C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk (Trojan.Ransom.SUGen) -> Keine Aktion durchgeführt. (Ende) OTL:OTL Logfile: Code:
ATTFilter OTL logfile created on: 12.01.2013 20:46:57 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\*****\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,99 Gb Total Physical Memory | 0,70 Gb Available Physical Memory | 35,13% Memory free 4,22 Gb Paging File | 2,66 Gb Available in Paging File | 63,18% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 122,59 Gb Total Space | 31,78 Gb Free Space | 25,92% Space Free | Partition Type: NTFS Drive D: | 26,45 Gb Total Space | 7,54 Gb Free Space | 28,51% Space Free | Partition Type: FAT32 Computer Name: ***** | User Name: ***** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.01.12 20:46:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\******\Desktop\OTL.exe PRC - [2013.01.11 08:25:57 | 000,917,552 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe PRC - [2013.01.09 07:54:43 | 001,808,392 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe PRC - [2013.01.06 21:49:09 | 000,085,280 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2013.01.06 21:49:02 | 000,109,344 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2013.01.06 21:49:02 | 000,079,136 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2013.01.06 21:49:01 | 000,384,800 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.12.18 15:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.12.14 16:49:28 | 000,824,232 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbam.exe PRC - [2012.12.12 22:03:43 | 000,212,432 | ---- | M] (Google Inc.) -- C:\Programme\Google\Update\1.3.21.124\GoogleCrashHandler.exe PRC - [2012.12.12 13:57:10 | 000,152,544 | ---- | M] (Apple Inc.) -- C:\Programme\QuickTime\iTunesHelper.exe PRC - [2012.12.12 10:28:14 | 000,163,000 | ---- | M] (Geek Software GmbH) -- C:\Programme\PDF24\pdf24.exe PRC - [2012.10.17 18:29:39 | 000,544,248 | ---- | M] (Cisco Systems, Inc.) -- C:\Programme\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe PRC - [2012.07.11 19:54:49 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Programme\SUPERAntiSpyware\SASCore.exe PRC - [2012.06.13 22:37:46 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Programme\Real\RealPlayer\Update\realsched.exe PRC - [2012.05.18 04:12:04 | 000,007,680 | ---- | M] (Phase Five Systems) -- C:\Programme\Jump Desktop\JumpService.exe PRC - [2010.07.08 14:28:56 | 000,815,704 | ---- | M] (GlavSoft LLC.) -- C:\Programme\TightVNC\tvnserver.exe PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.04.11 07:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe PRC - [2009.03.05 15:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Sicherheit\Spybot - Search & Destroy\Spybot - Search & Destroy\TeaTimer.exe PRC - [2009.01.26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Sicherheit\Spybot - Search & Destroy\Spybot - Search & Destroy\SDWinSec.exe PRC - [2007.09.11 14:37:58 | 000,118,784 | ---- | M] (Wistron Corp.) -- C:\Programme\Launch Manager\WisLMSvc.exe PRC - [2007.09.07 08:26:54 | 000,086,016 | ---- | M] (Wistron) -- C:\Programme\Launch Manager\WButton.exe PRC - [2007.09.06 10:23:36 | 000,188,416 | ---- | M] (Wistron) -- C:\Programme\Launch Manager\HotkeyApp.exe PRC - [2007.09.04 11:45:24 | 002,560,000 | ---- | M] () -- C:\Programme\Softex\OmniPass\scureapp.exe PRC - [2007.09.04 11:41:00 | 000,069,632 | ---- | M] () -- C:\Programme\Softex\OmniPass\opvapp.exe PRC - [2007.09.03 17:39:22 | 004,702,208 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe PRC - [2007.09.01 13:03:50 | 000,032,768 | ---- | M] () -- C:\Programme\Launch Manager\LaunchAp.exe PRC - [2007.08.31 10:04:26 | 000,102,400 | ---- | M] (Synaptics, Inc.) -- C:\Programme\Synaptics\SynTP\SynTPStart.exe PRC - [2007.08.16 09:31:40 | 001,681,408 | ---- | M] (Buhl Data Service GmbH) -- C:\Programme\Sceneo\AbsolutTV\Services\PVR\pvrservice.exe PRC - [2007.07.12 15:36:12 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe PRC - [2006.12.26 10:23:34 | 000,180,224 | ---- | M] (Wistron Corp.) -- C:\Programme\Launch Manager\OSD.exe PRC - [2006.12.23 17:05:20 | 000,143,360 | ---- | M] (Nero AG) -- C:\Programme\Common Files\Ahead\Lib\NMBgMonitor.exe PRC - [2006.12.23 17:04:42 | 000,905,216 | ---- | M] (Nero AG) -- C:\Programme\Common Files\Ahead\Lib\NMIndexStoreSvr.exe PRC - [2006.10.05 11:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe PRC - [2001.11.12 12:31:48 | 000,020,480 | ---- | M] (X10) -- C:\Programme\Common Files\X10\Common\X10nets.exe ========== Modules (No Company Name) ========== MOD - [2013.01.11 08:25:55 | 003,021,872 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll MOD - [2013.01.09 07:54:43 | 014,586,888 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_5_502_146.dll MOD - [2011.06.24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011.06.24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2009.08.16 16:06:02 | 000,141,312 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll MOD - [2007.09.04 11:45:54 | 000,048,208 | ---- | M] () -- C:\Programme\Softex\OmniPass\hdddrv.dll MOD - [2007.09.04 11:45:24 | 002,560,000 | ---- | M] () -- C:\Programme\Softex\OmniPass\scureapp.exe MOD - [2007.09.04 11:37:26 | 000,434,176 | ---- | M] () -- C:\Programme\Softex\OmniPass\userdata.dll MOD - [2007.09.04 11:37:14 | 001,077,248 | ---- | M] () -- C:\Programme\Softex\OmniPass\autheng.dll MOD - [2007.09.04 11:37:02 | 000,061,440 | ---- | M] () -- C:\Programme\Softex\OmniPass\scuredll.dll MOD - [2007.09.04 11:37:00 | 000,532,480 | ---- | M] () -- C:\Programme\Softex\OmniPass\storeng.dll MOD - [2007.09.04 11:36:54 | 000,065,536 | ---- | M] () -- C:\Programme\Softex\OmniPass\opfsdll.dll MOD - [2007.09.04 11:36:48 | 000,016,896 | ---- | M] () -- C:\Programme\Softex\OmniPass\cryptodll.dll MOD - [2007.09.04 11:36:44 | 000,013,824 | ---- | M] () -- C:\Programme\Softex\OmniPass\SSPLogon.dll MOD - [2007.09.01 13:03:50 | 000,032,768 | ---- | M] () -- C:\Programme\Launch Manager\LaunchAp.exe ========== Services (SafeList) ========== SRV - File not found [Auto | Running] -- C:\Sicherheit\Spybot -- (SBSDWSCService) SRV - File not found [On_Demand | Stopped] -- C:\Program Files\ALDI Foto Service Nord\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance) SRV - [2013.01.12 12:51:37 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.01.11 08:25:56 | 000,115,760 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.01.06 21:49:09 | 000,085,280 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2013.01.06 21:49:02 | 000,109,344 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.12.18 15:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2012.10.17 18:29:39 | 000,544,248 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Programme\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe -- (vpnagent) SRV - [2012.07.11 19:54:49 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Programme\SUPERAntiSpyware\SASCore.exe -- (!SASCORE) SRV - [2012.05.18 04:12:04 | 000,007,680 | ---- | M] (Phase Five Systems) [Auto | Running] -- C:\Programme\Jump Desktop\JumpService.exe -- (JumpDesktop) SRV - [2010.07.08 14:28:56 | 000,815,704 | ---- | M] (GlavSoft LLC.) [Auto | Running] -- C:\Programme\TightVNC\tvnserver.exe -- (tvnserver) SRV - [2010.01.09 21:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2010.01.09 21:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) SRV - [2008.01.18 23:38:26 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2008.01.18 23:33:40 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2007.09.11 14:37:58 | 000,118,784 | ---- | M] (Wistron Corp.) [On_Demand | Running] -- C:\Programme\Launch Manager\WisLMSvc.exe -- (WisLMSvc) SRV - [2007.09.04 11:39:54 | 000,040,960 | ---- | M] (Softex Inc.) [On_Demand | Stopped] -- C:\Programme\Softex\OmniPass\OmniServ.exe -- (omniserv) SRV - [2007.08.16 09:31:40 | 001,681,408 | ---- | M] (Buhl Data Service GmbH) [Auto | Running] -- C:\Programme\Sceneo\AbsolutTV\Services\PVR\pvrservice.exe -- (srvcPVR) SRV - [2007.07.12 15:36:12 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) SRV - [2006.10.05 11:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio) SRV - [2001.11.12 12:31:48 | 000,020,480 | ---- | M] (X10) [Auto | Running] -- C:\Programme\Common Files\X10\Common\X10nets.exe -- (x10nets) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\NetDragon\91 Mobile\iPhone\Tq_91Assistant.sys -- (Tq_91Assistant) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive) DRV - [2013.01.06 21:49:11 | 000,134,336 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2013.01.06 21:49:11 | 000,083,944 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2012.12.14 16:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2012.11.14 16:58:46 | 000,036,552 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2012.10.17 18:13:36 | 000,023,976 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vpnva.sys -- (vpnva) DRV - [2012.10.17 18:11:37 | 000,057,256 | R--- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\acsmux.sys -- (acsmux) DRV - [2012.10.17 18:11:37 | 000,038,440 | R--- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\acsint.sys -- (acsint) DRV - [2012.08.27 15:50:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2011.07.22 17:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV) DRV - [2011.07.12 22:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL) DRV - [2011.05.10 07:06:14 | 000,018,432 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netaapl.sys -- (Netaapl) DRV - [2010.06.23 08:21:32 | 000,259,176 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169) DRV - [2009.03.04 13:33:53 | 000,076,800 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\SSHDRV84.sys -- (SSHDRV84) DRV - [2009.02.05 18:39:08 | 000,017,064 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SiWinAcc.sys -- (SiFilter) DRV - [2009.02.05 18:39:00 | 000,012,200 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SiRemFil.sys -- (SiRemFil) DRV - [2009.02.05 18:38:24 | 000,212,520 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\Si3531.sys -- (Si3531) DRV - [2009.01.19 19:31:56 | 000,277,544 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\acedrv11.sys -- (acedrv11) DRV - [2008.12.28 15:04:40 | 000,101,376 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\acedrv07.sys -- (acedrv07) DRV - [2008.12.28 15:04:40 | 000,099,840 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\acedrv06.sys -- (acedrv06) DRV - [2008.12.28 15:04:40 | 000,097,792 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\acedrv05.sys -- (acedrv05) DRV - [2008.12.28 15:04:40 | 000,097,280 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\acedrv04.sys -- (acedrv04) DRV - [2008.12.28 15:04:40 | 000,097,280 | ---- | M] (ACE GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\acedrv03.sys -- (acedrv03) DRV - [2008.12.28 15:04:40 | 000,097,280 | ---- | M] (ACE GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\acedrv02.sys -- (acedrv02) DRV - [2008.12.28 15:04:40 | 000,093,696 | ---- | M] (ACE GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\acedrv01.sys -- (acedrv01) DRV - [2007.08.30 19:24:24 | 000,805,416 | ---- | M] (Bison Electronics. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BisonC07.sys -- (Cam5607) DRV - [2007.08.28 14:47:36 | 000,146,560 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atswpdrv.sys -- (ATSWPDRV) DRV - [2007.08.08 07:26:06 | 002,226,688 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) DRV - [2007.07.31 10:58:18 | 000,908,896 | ---- | M] (NXP Semiconductors Germany GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PhilCap.sys -- (PhilCap) DRV - [2006.11.30 14:18:18 | 000,027,416 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10ufx2.sys -- (XUIF) DRV - [2006.11.28 14:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2006.11.17 09:31:04 | 000,013,976 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10hid.sys -- (X10Hid) DRV - [2006.11.02 08:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300) DRV - [2006.11.02 08:30:54 | 001,781,760 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) DRV - [2003.04.28 10:27:06 | 000,009,867 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\HOTKEY.sys -- (Hotkey) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/ IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes,DefaultScope /d {67A2568C-7A0A-4EED-AECC-B5405DE63B64} /f >Nul 2>Nul = IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: - No CLSID value found IE - HKCU\..\SearchScopes,DefaultScope = {6552C7DD-90A4-4387-B795-F8F96747DE19} IE - HKCU\..\SearchScopes,DefaultScope /d {67A2568C-7A0A-4EED-AECC-B5405DE63B64} /f >Nul 2>Nul = IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.2.9&q=" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "www.google.de" FF - prefs.js..extensions.enabledAddons: %7Bdd05fd3d-18df-4ce4-ae53-e795339c5f01%7D:1.21 FF - prefs.js..extensions.enabledAddons: %7BACAA314B-EEBA-48e4-AD47-84E31C44796C%7D:4.2.1.9 FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0035-ABCDEFFEDCBA%7D:6.0.35 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0 FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2 FF - prefs.js..extensions.enabledItems: 5 FF - prefs.js..extensions.enabledItems: 3 FF - prefs.js..extensions.enabledItems: 1 FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.5 FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198 FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.36.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.1&q=" FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.6&q=" FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\QuickTime\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\Divx-Player\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\Divx-Player\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Internet-TV\TVU Player\TVUPlayer\npTVUAx.dll (TVU networks) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.16: C:\Internet-TV\Veetle\VLCBroadcast\npvbp.dll (Veetle Inc) FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.19: C:\Internet-TV\Veetle\plugins\npVeetle.dll (Veetle Inc) FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Internet-TV\Veetle\Player\npvlc.dll (Veetle Inc) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Christian\AppData\Roaming\Move Networks\plugins\071802000001\npqmp071802000001.dll (Move Networks) FF - HKCU\Software\MozillaPlugins\@torrentstream.net/tsplugin,version=1.0.6: C:\Users\Christian\AppData\Roaming\TorrentStream\player\npts.dll (The Torrent Stream and VideoLAN and Delft University of Technology) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Christian\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.06.13 22:38:53 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.01.11 08:25:57 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.01.11 08:25:44 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013.01.12 14:47:10 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2013.01.12 14:47:14 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\magicplayer@torrentstream.org: C:\Users\*******\AppData\Roaming\TorrentStream\extensions\firefox\magicplayer@torrentstream.org [2012.11.25 21:08:48 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.01.11 08:25:57 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.01.11 08:25:44 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013.01.12 14:47:10 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2013.01.12 14:47:14 | 000,000,000 | ---D | M] [2010.09.04 22:24:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\Extensions [2010.09.04 22:24:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2012.12.12 07:40:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\tm0k2o27.default\extensions [2010.08.10 16:03:33 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\tm0k2o27.default\extensions\firefox@tvunetworks.com [2012.12.12 07:40:52 | 000,036,098 | ---- | M] () (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\firefox\profiles\tm0k2o27.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi [2011.09.10 14:55:58 | 000,089,388 | ---- | M] () (No name found) -- C:\Users\\AppData\Roaming\mozilla\firefox\profiles\tm0k2o27.default\extensions\{dd05fd3d-18df-4ce4-ae53-e795339c5f01}.xpi [2012.02.05 16:20:44 | 000,000,933 | ---- | M] () -- C:\Users\*****\AppData\Roaming\mozilla\firefox\profiles\tm0k2o27.default\searchplugins\11-suche.xml [2012.02.05 16:20:44 | 000,002,419 | ---- | M] () -- C:\Users\*****\AppData\Roaming\mozilla\firefox\profiles\tm0k2o27.default\searchplugins\englische-ergebnisse.xml [2012.02.05 16:20:44 | 000,010,525 | ---- | M] () -- C:\Users\*****\AppData\Roaming\mozilla\firefox\profiles\tm0k2o27.default\searchplugins\gmx-suche.xml [2011.06.21 10:30:50 | 000,002,342 | ---- | M] () -- C:\Users\*****\AppData\Roaming\mozilla\firefox\profiles\tm0k2o27.default\searchplugins\icq-search.xml [2011.08.16 22:33:00 | 000,000,950 | ---- | M] () -- C:\Users\*****\AppData\Roaming\mozilla\firefox\profiles\tm0k2o27.default\searchplugins\icqplugin-1.xml [2011.09.01 22:02:36 | 000,000,950 | ---- | M] () -- C:\Users\*****\AppData\Roaming\mozilla\firefox\profiles\tm0k2o27.default\searchplugins\icqplugin-2.xml [2011.09.09 09:17:20 | 000,000,950 | ---- | M] () -- C:\Users\*****\AppData\Roaming\mozilla\firefox\profiles\tm0k2o27.default\searchplugins\icqplugin-3.xml [2011.06.21 19:43:53 | 000,000,950 | ---- | M] () -- C:\Users\*****\AppData\Roaming\mozilla\firefox\profiles\tm0k2o27.default\searchplugins\icqplugin.xml [2012.02.05 16:20:44 | 000,002,457 | ---- | M] () -- C:\Users\*****\AppData\Roaming\mozilla\firefox\profiles\tm0k2o27.default\searchplugins\lastminute.xml [2012.02.05 16:20:44 | 000,005,508 | ---- | M] () -- C:\Users\*****\AppData\Roaming\mozilla\firefox\profiles\tm0k2o27.default\searchplugins\webde-suche.xml [2013.01.11 08:25:39 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2013.01.11 08:25:39 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2013.01.11 08:25:39 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2013.01.11 08:25:39 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2013.01.11 08:25:57 | 000,262,704 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.06.13 22:37:58 | 000,129,144 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll [2011.10.03 10:14:54 | 000,083,456 | ---- | M] (vShare.tv ) -- C:\Program Files\mozilla firefox\plugins\npvsharetvplg.dll [2012.06.30 21:22:20 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.09.02 13:23:07 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.06.30 21:22:20 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.06.30 21:22:20 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.06.30 21:22:20 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.30 21:22:20 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - homepage: CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms} CHR - homepage: CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.96\PepperFlash\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.96\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.96\pdf.dll CHR - plugin: vShare.tv plug-in (Enabled) = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj\1.3_0\chvsharetvplg.dll CHR - plugin: vShare.tv plug-in (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npvsharetvplg.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdivx32.dll CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll CHR - plugin: RealPlayer Download Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpplugin.dll CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll CHR - plugin: TVU Web Player for FireFox (Enabled) = C:\Internet-TV\TVU Player\TVUPlayer\npTVUAx.dll CHR - plugin: Veetle TV Player (Enabled) = C:\Internet-TV\Veetle\Player\npvlc.dll CHR - plugin: Veetle Broadcaster Plugin (Enabled) = C:\Internet-TV\Veetle\VLCBroadcast\npvbp.dll CHR - plugin: Veetle TV Core (Enabled) = C:\Internet-TV\Veetle\plugins\npVeetle.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll CHR - plugin: Java(TM) Platform SE 6 U35 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll CHR - plugin: Java Deployment Toolkit 6.0.350.10 (Enabled) = C:\Windows\system32\npdeployJava1.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\QuickTime\Mozilla Plugins\npitunes.dll CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll CHR - plugin: Unity Player (Enabled) = C:\Users\Christian\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll CHR - plugin: Facebook Desktop (Enabled) = C:\Users\*****\AppData\Local\Facebook\Messenger\2.1.4651.0\npFbDesktopPlugin.dll CHR - plugin: Move Media Player 7 (Enabled) = C:\Users\*****\AppData\Roaming\Move Networks\plugins\071802000001\npqmp071802000001.dll CHR - plugin: Torrent Stream P2P Multimedia Plug-in (Enabled) = C:\Users\*****\AppData\Roaming\TorrentStream\player\npts.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - Extension: YouTube = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google-Suche = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\ CHR - Extension: vshare plugin = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj\1.3_0\ CHR - Extension: Google Mail = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2009.09.10 13:01:25 | 000,329,910 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 11301 more lines... O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Sicherheit\Spybot - Search & Destroy\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (IE5BarLauncherBHO Class) - {78F3A323-798E-4AEA-9A57-88F4B05FD5DD} - C:\Programme\vShare.tv plugin\BarLcher.dll (VShare Inc.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (VShareToolBar) - {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - C:\Programme\vShare.tv plugin\BarLcher.dll (VShare Inc.) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Cisco Systems, Inc.) O4 - HKLM..\Run: [CtrlVol] "C:\Program Files\Launch Manager\CtrlVol.exe" File not found O4 - HKLM..\Run: [HotkeyApp] C:\Program Files\Launch Manager\HotkeyApp.exe (Wistron) O4 - HKLM..\Run: [iSaverCtrl] C:\Program Files\iSaver\iSaverCtrl.exe (infoMantis GmbH) O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\QuickTime\iTunesHelper.exe (Apple Inc.) O4 - HKLM..\Run: [LaunchAp] C:\Program Files\Launch Manager\LaunchAp.exe () O4 - HKLM..\Run: [OmniPass] C:\Programme\Softex\OmniPass\scureapp.exe () O4 - HKLM..\Run: [PDFPrint] C:\Programme\PDF24\pdf24.exe (Geek Software GmbH) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [SynTPStart] C:\Programme\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.) O4 - HKLM..\Run: [TkBellExe] c:\program files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [Wbutton] C:\Program Files\Launch Manager\Wbutton.exe (Wistron) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG) O4 - HKCU..\Run: [Facebook Update] "C:\Users\*****\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver File not found O4 - HKCU..\Run: [iPhone PC Suite] C:\Program Files\NetDragon\91 Mobile\iPhone\iPhone PC Suite.exe /start File not found O4 - HKCU..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe File not found O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Sicherheit\Spybot - Search & Destroy\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com) O4 - Startup: C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\******\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1 O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8 - Extra context menu item: Free YouTube Download - C:\Users\*****\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O8 - Extra context menu item: Free YouTube to iPhone Converter - C:\Users\******\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetoiphoneconverter.htm () O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MSOFFI~1\Office10\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-5/4 File not found O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-5/4 File not found O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.4\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.4\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Sicherheit\Spybot - Search & Destroy\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02) O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 10.9.2) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B1BD1AFE-2142-4FF3-B8B0-AE088816908A}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BBAC1B38-AD9B-4082-89BB-802912BFEB33}: DhcpNameServer = 10.74.210.210 10.74.210.211 O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img34.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img34.jpg O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Programme\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{a986aaac-1ace-11e2-9f7a-0016d386c1d4}\Shell - "" = AutoRun O33 - MountPoints2\{a986aaac-1ace-11e2-9f7a-0016d386c1d4}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a O33 - MountPoints2\{e7d0f5bb-ff65-11de-bcaa-0016d386c1d4}\Shell\AutoRun\command - "" = G:\Menu.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013.01.12 20:46:10 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\*****\Desktop\OTL.exe [2013.01.12 20:45:26 | 000,000,000 | ---D | C] -- C:\Users\******\Desktop\Trojaner Board-Dateien [2013.01.12 18:33:49 | 000,000,000 | ---D | C] -- C:\Users\*****\Desktop\Neuer Ordner [2013.01.12 15:55:50 | 000,000,000 | ---D | C] -- C:\Users\******\AppData\Roaming\Malwarebytes [2013.01.12 15:55:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.01.12 15:55:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.01.12 15:55:29 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2013.01.12 15:55:28 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2013.01.12 15:54:21 | 010,156,344 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\******\Desktop\mbam-setup-1.70.0.1100.exe [2013.01.12 15:44:22 | 000,000,000 | ---D | C] -- C:\Users\******\AppData\Roaming\SUPERAntiSpyware.com [2013.01.12 15:43:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware [2013.01.12 15:43:44 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com [2013.01.12 15:43:44 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware [2013.01.12 15:42:58 | 023,008,800 | ---- | C] (SUPERAntiSpyware.com) -- C:\Users\******\Desktop\SUPER14AntiSpyware.exe [2013.01.12 14:47:09 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird [2013.01.12 12:30:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\bwin Scores [2013.01.12 12:30:43 | 000,000,000 | ---D | C] -- C:\Users\******\AppData\Roaming\ScreeNet iSaver [2013.01.12 12:30:43 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\ScreeNet iSaver [2013.01.12 12:30:05 | 000,000,000 | ---D | C] -- C:\Program Files\iSaver [2013.01.11 23:33:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF24 [2013.01.11 08:25:37 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2013.01.09 22:23:07 | 000,000,000 | ---D | C] -- C:\Users\*****\Desktop\index_ger-Dateien [2013.01.06 21:57:42 | 000,000,000 | ---D | C] -- C:\Users\******\Dropbox-Carla [2012.12.28 10:54:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2012.12.28 10:53:36 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2012.12.28 10:53:34 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1 [2012.12.27 21:40:56 | 000,000,000 | ---D | C] -- C:\Users\******\Desktop\Sylvester Mama [2012.12.19 08:14:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth [2007.08.13 17:46:00 | 000,102,912 | ---- | C] (Albert L Faber) -- C:\Users\Christian\AppData\Local\CDRip.dll [2007.01.18 21:09:54 | 000,623,616 | ---- | C] (Ivan Bischof ©2003 - 2005) -- C:\Users\******\AppData\Local\No23 Recorder.exe [2006.12.11 19:13:14 | 000,013,872 | ---- | C] (Un4seen Developments) -- C:\Users\*******\AppData\Local\basscd.dll [2006.12.11 19:13:12 | 000,097,336 | ---- | C] (Un4seen Developments) -- C:\Users\*****\AppData\Local\bass.dll [3 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.01.12 20:46:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\*****\Desktop\OTL.exe [2013.01.12 20:45:27 | 000,064,773 | ---- | M] () -- C:\Users\*****\Desktop\Trojaner Board.htm [2013.01.12 20:44:38 | 000,365,568 | ---- | M] () -- C:\Users\*****\Desktop\gmer-2.0.18444.exe [2013.01.12 20:40:57 | 000,000,000 | ---- | M] () -- C:\Users\*****\defogger_reenable [2013.01.12 20:40:34 | 000,050,477 | ---- | M] () -- C:\Users\*****\Desktop\Defogger.exe [2013.01.12 20:27:52 | 000,638,748 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.01.12 20:27:52 | 000,604,324 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.01.12 20:27:52 | 000,130,668 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.01.12 20:27:52 | 000,107,760 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013.01.12 20:21:24 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore1cb6fbabde62d50.job [2013.01.12 20:20:16 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2013.01.12 20:20:15 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2013.01.12 20:20:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.01.12 20:19:59 | 2137,448,448 | -HS- | M] () -- C:\hiberfil.sys [2013.01.12 20:08:00 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.01.12 19:54:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.01.12 18:28:00 | 000,001,154 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-281377990-157487508-4260827662-1003UA.job [2013.01.12 15:55:33 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.01.12 15:54:33 | 010,156,344 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\******\Desktop\mbam-setup-1.70.0.1100.exe [2013.01.12 15:43:49 | 000,001,804 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk [2013.01.12 15:43:04 | 023,008,800 | ---- | M] (SUPERAntiSpyware.com) -- C:\Users\******\Desktop\SUPER14AntiSpyware.exe [2013.01.12 12:30:49 | 000,001,764 | ---- | M] () -- C:\Users\Public\Desktop\bwin Scores.lnk [2013.01.12 12:24:41 | 000,146,432 | ---- | M] () -- C:\Users\******\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2013.01.12 00:42:13 | 000,002,959 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.js [2013.01.12 00:28:00 | 000,001,132 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-281377990-157487508-4260827662-1003Core.job [2013.01.11 23:33:58 | 000,001,642 | ---- | M] () -- C:\Users\Public\Desktop\PDF24 Fax.lnk [2013.01.11 23:33:57 | 000,001,657 | ---- | M] () -- C:\Users\Public\Desktop\PDF24 Editor.lnk [2013.01.09 22:23:13 | 000,019,401 | ---- | M] () -- C:\Users\******\Desktop\index_ger.html [2013.01.06 21:49:11 | 000,134,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys [2013.01.06 21:49:11 | 000,083,944 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys [2012.12.28 10:54:36 | 000,001,685 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2012.12.27 22:12:43 | 000,000,959 | ---- | M] () -- C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2012.12.27 22:12:19 | 000,000,935 | ---- | M] () -- C:\Users\*****\Desktop\Dropbox.lnk [2012.12.19 08:14:25 | 000,002,077 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk [2012.12.14 16:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [3 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.01.12 20:45:26 | 000,064,773 | ---- | C] () -- C:\Users\*****\Desktop\Trojaner Board.htm [2013.01.12 20:44:38 | 000,365,568 | ---- | C] () -- C:\Users\*****\Desktop\gmer-2.0.18444.exe [2013.01.12 20:40:57 | 000,000,000 | ---- | C] () -- C:\Users\*****\defogger_reenable [2013.01.12 20:40:31 | 000,050,477 | ---- | C] () -- C:\Users\*****\Desktop\Defogger.exe [2013.01.12 15:55:33 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.01.12 15:43:49 | 000,001,804 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk [2013.01.12 12:30:49 | 000,001,764 | ---- | C] () -- C:\Users\Public\Desktop\bwin Scores.lnk [2013.01.12 00:42:13 | 000,002,959 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.js [2013.01.11 23:33:58 | 000,001,642 | ---- | C] () -- C:\Users\Public\Desktop\PDF24 Fax.lnk [2013.01.11 23:33:57 | 000,001,657 | ---- | C] () -- C:\Users\Public\Desktop\PDF24 Editor.lnk [2013.01.09 22:23:05 | 000,019,401 | ---- | C] () -- C:\Users\*****\Desktop\index_ger.html [2013.01.05 18:53:46 | 002,637,101 | ---- | C] () -- C:\Users\*****\Seeed Augenbling 04.m4a [2012.12.28 10:54:36 | 000,001,685 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2012.12.19 08:14:25 | 000,002,077 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk [2012.11.25 19:38:27 | 007,717,738 | ---- | C] () -- C:\Users\*****\01 Million Voices (Radio Edit).mp3 [2012.11.07 19:33:11 | 000,011,182 | ---- | C] () -- C:\Users\******\gsview32.ini [2012.03.03 18:26:06 | 000,477,437 | ---- | C] () -- C:\Users\******\Levels (Klingelton).mp3 [2012.03.03 18:12:59 | 009,523,380 | ---- | C] () -- C:\Users\******\Avicii - Levels (Radio Edit).mp3 [2011.10.08 13:09:05 | 000,000,941 | ---- | C] () -- C:\Windows\uninst.ini [2011.04.02 12:33:00 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2011.04.02 12:32:59 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2011.03.14 14:34:40 | 000,001,473 | ---- | C] () -- C:\Users\******\AppData\Local\RecConfig.xml [2011.03.14 12:58:01 | 000,186,785 | ---- | C] () -- C:\Windows\hpoins28.dat.temp [2011.03.14 12:58:01 | 000,000,752 | ---- | C] () -- C:\Windows\hpomdl28.dat.temp [2011.03.09 22:21:24 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2011.02.09 16:13:59 | 000,185,449 | ---- | C] () -- C:\Windows\hpoins28.dat [2011.02.09 16:13:58 | 000,000,796 | ---- | C] () -- C:\Windows\hpomdl28.dat [2009.08.27 21:32:47 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2009.01.03 22:12:12 | 000,000,680 | ---- | C] () -- C:\Users\*****\AppData\Local\d3d9caps.dat [2008.03.15 22:00:37 | 000,000,126 | ---- | C] () -- C:\Users\******\AppData\Roaming\Default.PLS [2008.03.14 00:16:34 | 000,146,432 | ---- | C] () -- C:\Users\******\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.02.28 17:58:34 | 000,000,097 | ---- | C] () -- C:\Users\******\AppData\Local\fusioncache.dat [2007.08.13 17:46:00 | 000,155,136 | ---- | C] () -- C:\Users\*****\AppData\Local\lame_enc.dll [2006.10.26 01:06:48 | 000,064,000 | ---- | C] () -- C:\Users\******\AppData\Local\vorbisenc.dll [2006.10.26 01:06:48 | 000,019,456 | ---- | C] () -- C:\Users\******\AppData\Local\vorbisfile.dll [2006.10.26 01:06:46 | 000,143,872 | ---- | C] () -- C:\Users\******\AppData\Local\vorbis.dll [2006.10.26 01:06:36 | 000,015,872 | ---- | C] () -- C:\Users\*****\AppData\Local\ogg.dll [2005.08.23 22:34:06 | 000,029,184 | ---- | C] () -- C:\Users\******\AppData\Local\no23xwrapper.dll ========== ZeroAccess Check ========== [2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2012.11.25 21:46:33 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\.Torrent Stream [2012.02.15 19:29:02 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\DiskAid [2013.01.12 20:42:37 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Dropbox [2012.11.08 22:02:24 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\DVDVideoSoft [2012.11.08 22:10:15 | 000,000,000 | ---D | M] -- C:\Users\C\AppData\Roaming\DVDVideoSoftIEHelpers [2010.10.28 11:48:17 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\EyeballChatAvatars [2011.06.16 18:52:12 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\GetRightToGo [2012.01.05 16:14:50 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\ICQ [2008.03.25 09:47:44 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\MAGIX [2012.11.07 16:30:13 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\pdfforge [2012.10.27 12:52:41 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\Phase Five Systems [2010.01.05 16:18:22 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\ProtectDisc [2011.03.14 16:24:35 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\Scan2PDF [2013.01.12 12:36:54 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\ScreeNet iSaver [2011.03.14 13:26:55 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\TeamViewer [2010.09.04 22:24:01 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Thunderbird [2012.10.27 13:14:47 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\TightVNC [2008.11.28 01:36:46 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\TVcentral-Core [2009.12.22 01:24:31 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Ulead Systems [2011.05.06 13:32:29 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\XMedia Recode ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:264B2CC4 < End of report > Extras:OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 12.01.2013 20:46:57 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\*****\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1,99 Gb Total Physical Memory | 0,70 Gb Available Physical Memory | 35,13% Memory free
4,22 Gb Paging File | 2,66 Gb Available in Paging File | 63,18% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 122,59 Gb Total Space | 31,78 Gb Free Space | 25,92% Space Free | Partition Type: NTFS
Drive D: | 26,45 Gb Total Space | 7,54 Gb Free Space | 28,51% Space Free | Partition Type: FAT32
Computer Name: ***** | User Name: ***** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{43978C33-0533-4C09-93C6-59DAC4C7736B}" = lport=2869 | protocol=6 | dir=in | app=system |
"{D34CE02B-4070-4368-93F2-83213C802A6E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05136FF8-872B-40FA-AFE2-523967901185}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{0DAF0B2C-A7A0-4649-8E60-DDBF5C42EEEB}" = protocol=6 | dir=in | app=c:\users\*****\appdata\roaming\dropbox\bin\dropbox.exe |
"{1BB5A5B4-EDA1-4406-BF73-76617B34B2F9}" = protocol=17 | dir=in | app=c:\program files\icq7.4\icq7.5\icq.exe |
"{2E9D9C0B-0137-483D-B92A-CD530592F3E6}" = dir=in | app=c:\program files\home cinema\powerdvd\powerdvd.exe |
"{350E0373-70E8-4058-907D-2CC0BD6FD70C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{39BD27FD-22D6-4DFF-A132-B5FA51BA6EE0}" = protocol=6 | dir=in | app=c:\program files\tightvnc\vncviewer.exe |
"{3AE42502-17E8-44AE-9807-37A925D50A7E}" = dir=in | app=c:\program files\quicktime\itunes.exe |
"{3E12E688-D52B-44F2-8AAB-E81989C59BEF}" = protocol=17 | dir=in | app=c:\users\*****\appdata\roaming\dropbox\bin\dropbox.exe |
"{405AD783-0E8E-4F34-B7F2-28C1451C051F}" = dir=in | app=c:\program files\netdragon\91 mobile\iphone\iphone pc suite.exe |
"{4BB7EAD1-D275-437A-9978-2850CA6F9F8E}" = protocol=17 | dir=in | app=c:\program files\jump desktop\jumpwinclient.exe |
"{5638271A-550C-4248-88C2-D0FD80884EDF}" = protocol=17 | dir=in | app=c:\program files\jump desktop\jumpdesktop.exe |
"{5B32052B-CA51-488F-8DC4-DA067B296154}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{5D81E6E4-4468-442D-9F94-94B6251029C4}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{631DA6EA-2D87-4F40-9368-56A95DA74D4A}" = protocol=17 | dir=in | app=c:\program files\tightvnc\tvnserver.exe |
"{6C556980-84CC-45E3-ABA5-E4C18BFD108F}" = protocol=6 | dir=in | app=c:\program files\tightvnc\tvnserver.exe |
"{6CDC24C6-BD4D-4A9B-8C2B-07C1A8B24ED9}" = dir=in | app=c:\program files\netdragon\91 mobile\iphone\iphone pc suite.exe |
"{806BB757-7FA4-4351-8082-91F14DEFD3F6}" = protocol=17 | dir=in | app=c:\program files\tightvnc\vncviewer.exe |
"{8D7E1BBE-CA23-4839-8213-8797A65E60E6}" = protocol=6 | dir=in | app=c:\users\*****\downloads\sweetimsetup.exe |
"{9D60613D-9A1B-4A36-8F4E-18B8D2E0173C}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{A09338A2-CC74-4A5A-9F57-928168995000}" = dir=in | app=c:\program files\cyberlink\powerdv\powerdv.exe |
"{A2F53028-0405-4657-A179-68322EDF1143}" = protocol=6 | dir=in | app=c:\program files\jump desktop\jumpwinclient.exe |
"{A59BCB09-25CA-4A50-A15A-9C35F2D130C6}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{ACA14BD3-765F-4D3A-B8FF-18DB942FD16A}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{B541AA4C-84DC-406E-BB21-CAF9A78FEE8C}" = protocol=6 | dir=in | app=c:\program files\jump desktop\jumpdesktop.exe |
"{BBB44E15-1AAF-4B7D-AAC6-3493F1D0F38D}" = protocol=17 | dir=in | app=c:\users\*****\downloads\sweetimsetup.exe |
"{C5266161-488E-4B6A-83EB-ED660A50A21E}" = protocol=6 | dir=in | app=c:\internet-tv\veetle\player\veetlenet.exe |
"{C7893FB9-921F-41F4-9205-4D5565A4C912}" = protocol=6 | dir=in | app=c:\program files\icq7.4\icq7.5\icq.exe |
"{CDBEB067-3760-4F26-9C32-2F4450F24E14}" = dir=in | app=c:\program files\msn messenger\livecall.exe |
"{D0C987FB-6AD2-4135-9A81-F1C947CB5BAF}" = protocol=6 | dir=in | app=c:\program files\jump desktop\jumpservice.exe |
"{D5BC4049-BAE6-4201-8F65-531EAA52813D}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{D83E003E-0CE9-4624-AC01-0767A2B7230A}" = protocol=17 | dir=in | app=c:\program files\jump desktop\jumpservice.exe |
"{E5B300A2-8810-4883-8788-1ECD56696E88}" = protocol=6 | dir=in | app=c:\program files\icq7.4\icq7.5\icq.exe |
"{E93A2A2D-71D9-46C8-B4E0-62BBB4B74A88}" = dir=in | app=c:\program files\netdragon\91 mobile\iphone\iphone pc suite.exe |
"{ED0B009A-6C75-4557-A691-2545AB832E8D}" = protocol=17 | dir=in | app=c:\program files\icq7.4\icq7.5\icq.exe |
"{F88D2146-E7DB-4AD7-A844-DCD4E2292B3C}" = dir=in | app=c:\program files\msn messenger\msnmsgr.exe |
"{FC70927E-2A1A-4CE0-82F9-60494B49B6C1}" = protocol=6 | dir=in | app=c:\internet-tv\veetle\player\veetlenet.exe |
"TCP Query User{00554B72-F6A8-422C-88DF-CAF4C7EC319E}C:\program files\bwin casino\casino.exe" = protocol=6 | dir=in | app=c:\program files\bwin casino\casino.exe |
"TCP Query User{075228AA-A9FE-44D6-967B-66855FF376C4}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{1F78973C-C92A-4519-8A2D-756FFDD08097}C:\internet-tv\stream torrent\streamtorrent 1.0\streamtorrent.exe" = protocol=6 | dir=in | app=c:\internet-tv\stream torrent\streamtorrent 1.0\streamtorrent.exe |
"TCP Query User{29EE2FD1-32BE-4D17-8E98-B240A6349E4D}C:\internet-tv\tvu player\tvuplayer\tvuplayer.exe" = protocol=6 | dir=in | app=c:\internet-tv\tvu player\tvuplayer\tvuplayer.exe |
"TCP Query User{3185A3C0-0A5D-4E26-9779-303DAE3BD306}C:\internet-tv\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\internet-tv\sopcast\sopcast.exe |
"TCP Query User{3B513190-492D-4A12-82AE-2B7D7DBA492C}C:\internet-tv\tvuplayer\tvuplayer.exe" = protocol=6 | dir=in | app=c:\internet-tv\tvuplayer\tvuplayer.exe |
"TCP Query User{3BDC91D9-FF41-4C48-8BE0-FAB5EE7125E2}C:\internet-tv\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\internet-tv\sopcast\adv\sopadver.exe |
"TCP Query User{45E03B54-4873-424A-848E-21FD0283452F}C:\program files\netdragon\91 mobile\iphone\iphone pc suite.exe" = protocol=6 | dir=in | app=c:\program files\netdragon\91 mobile\iphone\iphone pc suite.exe |
"TCP Query User{4ACA0744-E099-4648-BEF6-635DD1320D4C}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"TCP Query User{4B922F48-708C-4848-9F39-80EAD86C7CB3}C:\program files\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |
"TCP Query User{5F65946E-66FF-4071-A587-D7F5FD49C88B}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{66A9F0C7-2A2A-4552-A44A-3F9DD35D47DA}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{6D9BE8A4-5659-4285-BBB5-DC9F632C5B15}C:\internet-tv\tvuplayer\tvuplayer.exe" = protocol=6 | dir=in | app=c:\internet-tv\tvuplayer\tvuplayer.exe |
"TCP Query User{767B929B-BA5A-4536-8C49-ADB765098921}C:\program files\icq7.4\icq7.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq7.4\icq7.5\icq.exe |
"TCP Query User{7A6CE756-6B51-49A3-8004-92EC4B671289}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{97079A2A-638E-46C2-A0C6-40BCE0CB82ED}C:\program files\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |
"TCP Query User{99DAEF7A-7B5D-4888-9DF0-E30F3817C211}C:\program files\icq7.4\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq7.4\icq.exe |
"TCP Query User{9E2FE1EE-7A86-4045-B447-7396395777D2}C:\program files\bwin casino\casino.exe" = protocol=6 | dir=in | app=c:\program files\bwin casino\casino.exe |
"TCP Query User{AF7E217D-8182-46DF-9BF2-3EE7989E56F4}C:\program files\icq\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq\icq6.5\icq.exe |
"TCP Query User{B6867211-7491-406C-A5CD-3ECA97180C79}C:\users\*****\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\*****\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{B9EFC2A6-F63A-4060-AC2B-811399D8C189}C:\internet-tv\tvu player\tvuplayer\tvuplayer.exe" = protocol=6 | dir=in | app=c:\internet-tv\tvu player\tvuplayer\tvuplayer.exe |
"TCP Query User{C1D4036D-78C6-4C77-92B0-A445359313BF}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{DAC6E284-3783-4D60-9CCB-E8FE584C22B6}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"TCP Query User{E9C1325B-DC79-4AAF-AFF9-4F3455022E49}C:\program files\real player\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real player\realplay.exe |
"TCP Query User{EB106766-50DA-4A42-AB60-E0C81BC1D7D1}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{ECD396DC-A138-41AE-9A8F-9799C37954D5}C:\users\*****\appdata\roaming\torrentstream\engine\tsengine.exe" = protocol=6 | dir=in | app=c:\users\*****\appdata\roaming\torrentstream\engine\tsengine.exe |
"TCP Query User{EE3DED4F-016C-4CCD-A693-B6AE114610D7}C:\internet-tv\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\internet-tv\sopcast\adv\sopadver.exe |
"TCP Query User{F02DAE4E-E553-4CCB-8E62-B21B6FA9C602}C:\program files\icq\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq\icq6.5\icq.exe |
"TCP Query User{F86F389D-123B-40C3-BF36-524FF33AD72F}C:\internet-tv\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\internet-tv\sopcast\sopcast.exe |
"UDP Query User{14EC71D8-27C7-473F-938D-620E826B12AF}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{1D1198AE-45E5-4123-AE73-779A1FB5BAF7}C:\internet-tv\tvu player\tvuplayer\tvuplayer.exe" = protocol=17 | dir=in | app=c:\internet-tv\tvu player\tvuplayer\tvuplayer.exe |
"UDP Query User{21AEB0E5-08EC-4022-A510-BAF4289448B9}C:\program files\icq\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq\icq6.5\icq.exe |
"UDP Query User{27855607-D929-4B58-832D-246274255C4F}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{27D4A955-A320-43F7-8337-DC7CC9903DC5}C:\internet-tv\tvuplayer\tvuplayer.exe" = protocol=17 | dir=in | app=c:\internet-tv\tvuplayer\tvuplayer.exe |
"UDP Query User{2C6C5067-B6FB-46DA-AC0D-F9CDF449E726}C:\program files\bwin casino\casino.exe" = protocol=17 | dir=in | app=c:\program files\bwin casino\casino.exe |
"UDP Query User{317A2B81-B1B0-42DC-9D66-F14E0477A655}C:\program files\icq7.4\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq7.4\icq.exe |
"UDP Query User{3274B713-25C5-4896-8E26-3E84C8CFCC96}C:\program files\icq\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq\icq6.5\icq.exe |
"UDP Query User{39DF6A62-3EED-4E11-BF42-E783E203B871}C:\program files\bwin casino\casino.exe" = protocol=17 | dir=in | app=c:\program files\bwin casino\casino.exe |
"UDP Query User{3DDF4345-411B-4337-BD98-530CF556BAB9}C:\internet-tv\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\internet-tv\sopcast\sopcast.exe |
"UDP Query User{49959718-E1EE-4DCA-A617-C0BF9C639872}C:\internet-tv\stream torrent\streamtorrent 1.0\streamtorrent.exe" = protocol=17 | dir=in | app=c:\internet-tv\stream torrent\streamtorrent 1.0\streamtorrent.exe |
"UDP Query User{4C33DBFF-C5FE-4577-A118-1BDCCD13E8BB}C:\users\*****\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\*****\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{54D273FB-3715-4F9F-B530-D8EE5469F691}C:\internet-tv\tvuplayer\tvuplayer.exe" = protocol=17 | dir=in | app=c:\internet-tv\tvuplayer\tvuplayer.exe |
"UDP Query User{5C5E2175-AB92-4C29-A718-ED6B528C1FC1}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{62D0D8CB-D429-4FA6-AFE5-7EF696273520}C:\program files\icq7.4\icq7.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq7.4\icq7.5\icq.exe |
"UDP Query User{6D6F38ED-412D-4B5A-BDDF-3EA7948036C2}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"UDP Query User{7BD5FD8A-9F9A-42F3-8FFF-9000E0DF74C6}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{8E02AB0C-5094-453C-AAB6-1E2370F02A7D}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"UDP Query User{9796CEBB-E554-4E04-BAF4-9900BC51BE6E}C:\program files\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |
"UDP Query User{9D0D5808-F16F-466D-AD60-75F982EDA03A}C:\internet-tv\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\internet-tv\sopcast\adv\sopadver.exe |
"UDP Query User{ADC7FCC7-F409-4762-BF49-8D1208313DFE}C:\internet-tv\tvu player\tvuplayer\tvuplayer.exe" = protocol=17 | dir=in | app=c:\internet-tv\tvu player\tvuplayer\tvuplayer.exe |
"UDP Query User{B2D3F9B6-867C-4284-A711-76E661684934}C:\program files\real player\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real player\realplay.exe |
"UDP Query User{B9F1F0B5-D3C9-4EC3-9DE1-6E35C25118C8}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{BD628740-76DD-4270-A78E-C36428B90791}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{C16FF0D2-6414-496F-B5FF-DA245D26D057}C:\internet-tv\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\internet-tv\sopcast\adv\sopadver.exe |
"UDP Query User{DC00F7CA-BC31-46C7-8A6C-00E12B737AEF}C:\program files\netdragon\91 mobile\iphone\iphone pc suite.exe" = protocol=17 | dir=in | app=c:\program files\netdragon\91 mobile\iphone\iphone pc suite.exe |
"UDP Query User{E09C3210-96AE-4153-A9DB-1B0161EC8013}C:\internet-tv\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\internet-tv\sopcast\sopcast.exe |
"UDP Query User{E2027075-864C-4A06-9CAD-C1BCC1872EC0}C:\program files\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |
"UDP Query User{F57C2C86-1411-42C3-97DE-D90E8A81F88F}C:\users\christian\appdata\roaming\torrentstream\engine\tsengine.exe" = protocol=17 | dir=in | app=c:\users\*****\appdata\roaming\torrentstream\engine\tsengine.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{11AFE21E-B193-430D-B57A-DFF7815BB962}" = Ulead PhotoImpact 12
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{17D26CDD-B87C-412B-92F0-2D5DD4313522}" = Facebook Messenger 2.1.4651.0
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1BC99B7B-590A-4796-B6A8-D732AA1D74BB}" = Borland Database Engine
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{22B0E143-2B0B-435B-9F56-136A3D16065F}" = No23 Recorder
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 35
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{459699C3-9430-4381-964B-4248D87B49F9}" = Apple Mobile Device Support
"{47FBD5F1-63FB-4AB7-B8AA-198D56EBFBC8}" = Kamin
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C73B683-B15D-4B94-AC7A-520B70C4FFE9}" = Sceneo AbsolutTV
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{63B75E16-F290-4FCD-AF67-A9134CD01031}" = Nero 7 Essentials
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{69BCC264-0D43-469F-8434-31E738982E7B}" = Cisco AnyConnect Secure Mobility Client
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6F545E5E-4595-11E2-93B6-B8AC6F97B88E}" = Google Earth
"{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7D92ECCB-2E45-4814-AEA0-0900E6EC2776}" = bwin Scores
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 5.2.0
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86CE1746-9EFF-3C9C-8755-81EA8903AC34}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{87079BC7-1A1E-4520-B5C3-9AF582FA26FD}" = AuthenTec Fingerprint Sensor Minimum Install
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8CC68433-5837-4075-B81F-EA7E4F14CE60}" = iCloud
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A4D182C-35C7-4791-8484-4304EBC9101A}" = Windows 7 Upgrade Advisor
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.5) - Deutsch
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B0261E53-B6F1-474A-864B-E7C3CBF468E0}" = iTunes
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{B804C424-B66D-447A-84BD-C6B88C392C3A}" = PowerDV
"{BE8A9C2C-8E41-445B-A746-BEB0B1F992F8}" = DJ_AIO_03_F4200_Software_Min
"{C3B6AEB1-390C-4792-8677-CD87F8B2C959}" = HP Deskjet F4200 All-In-One Driver 11.0 03
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{C89B5E3A-690F-4CEE-909A-BF869E198B0A}" = Scan
"{CAFC9C62-7C33-44C1-B317-F94287756CAA}" = Jump Desktop
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0846526-66DD-4DC9-A02C-98F9A2806812}" = Launch Manager V1.4.8
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{E1180142-3B31-4DCC-9D27-7AC2D37662BF}" = LightScribe 1.4.124.1
"{E96B0085-6659-486b-A221-5042A042728D}" = Toolbox
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4E57F49-84B4-4CF2-B0A1-8CA1752BDF7E}" = OmniPass 5.00.74
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F7B0E599-C114-4493-BC4D-D8FC7CBBABBB}" = 32 Bit HP CIO Components Installer
"{FEDE400D-3381-4087-ACCB-689DD8A56123}" = Inst5657
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Avira AntiVir Desktop" = Avira Free Antivirus
"Bock-Wittkowski Histologie" = Bock-Wittkowski Histologie
"CamStudio" = CamStudio
"Cisco AnyConnect Secure Mobility Client" = Cisco AnyConnect Secure Mobility Client
"ContMedia Glasklar3D v8.0 - Der Mensch" = Glasklar3D v8.0 - Der Mensch
"DiskAid_is1" = DiskAid 5.08
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition 2.0.0.1 (D)
"Free PDF to Word Doc Converter_is1" = Free PDF to Word Doc Converter v1.1
"Free Studio_is1" = Free Studio version 5.3.3
"Free YouTube to iPhone Converter_is1" = Free YouTube to iPhone Converter version 2.11.17.221
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.35.1031
"GPL Ghostscript 9.06" = GPL Ghostscript
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Mediscript-CD GK1" = Mediscript-CD GK1
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 18.0 (x86 de)" = Mozilla Firefox 18.0 (x86 de)
"Mozilla Thunderbird 17.0.2 (x86 de)" = Mozilla Thunderbird 17.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"PDF Blender" = PDF Blender
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"RealPlayer 15.0" = RealPlayer
"Scan2PDF_is1" = Scan2PDF 1.6
"SopCast" = SopCast 3.5.0
"StreamTorrent 1.0" = StreamTorrent 1.0
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TightVNC" = TightVNC 2.0.2
"TVUPlayer" = TVUPlayer 2.5.3.1
"Veetle TV" = Veetle TV
"VLC media player" = VLC media player 2.0.4
"vShare.tv plugin" = vShare.tv plugin 1.3
"WinRAR archiver" = WinRAR
"X10Hardware" = X10 Hardware(TM)
"Xvid_is1" = Xvid 1.1.3 final uninstall
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Adobe Connect Add-in" = Adobe Connect Add-in
"Dropbox" = Dropbox
"Move Media Player" = Move Media Player
"TorrentStream" = Torrent Stream 1.0.6
"UnityWebPlayer" = Unity Web Player
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 12.01.2013 10:32:00 | Computer Name = ***** | Source = Windows Search Service | ID = 3013
Description =
Error - 12.01.2013 10:32:00 | Computer Name = ***** | Source = Windows Search Service | ID = 3013
Description =
Error - 12.01.2013 10:32:00 | Computer Name = ***** | Source = Windows Search Service | ID = 3013
Description =
Error - 12.01.2013 10:32:00 | Computer Name = ***** | Source = Windows Search Service | ID = 3013
Description =
Error - 12.01.2013 10:32:00 | Computer Name = ***** | Source = Windows Search Service | ID = 3013
Description =
Error - 12.01.2013 10:32:00 | Computer Name = ***** | Source = Windows Search Service | ID = 3013
Description =
Error - 12.01.2013 10:32:00 | Computer Name = ***** | Source = Windows Search Service | ID = 3013
Description =
Error - 12.01.2013 10:32:00 | Computer Name = ***** | Source = Windows Search Service | ID = 3013
Description =
Error - 12.01.2013 10:32:00 | Computer Name = ***** | Source = Windows Search Service | ID = 3013
Description =
Error - 12.01.2013 10:32:00 | Computer Name = ***** | Source = Windows Search Service | ID = 3013
Description =
[ Cisco AnyConnect Secure Mobility Client Events ]
Error - 12.01.2013 15:46:08 | Computer Name = ***** | Source = acvpnagent | ID = 67108866
Description = Function: CNetEnvironment::TestNetEnv File: .\NetEnvironment.cpp Line:
225 Invoked Function: CNetEnvironment::testNetwork Return Code: -28966899 (0xFE46000D)
Description:
NETENVIRONMENT_ERROR_PROBE_INCOMPLETE:Network Probe could not contact target
Error - 12.01.2013 15:46:18 | Computer Name = ***** | Source = acvpnagent | ID = 67108866
Description = Function: CNetEnvironment::analyzeHttpResponse File: .\NetEnvironment.cpp
Line:
1509 Invoked Function: CCertHelper::VerifyServerCertificate Return Code: -31391706
(0xFE210026) Description: CERTIFICATE_ERROR_VERIFY_POLICY_FAILED:Certificate failed
a policy check server name: vpn-unidsl.rwth-aachen.de
Error - 12.01.2013 15:46:20 | Computer Name = Chris | Source = acvpnagent | ID = 67108866
Description = Function: CHttpProbeAsync::OnOpenRequestComplete File: .\IP\HttpProbeAsync.cpp
Line:
303 Invoked Function: CHttpSessionAsync::OnOpenRequestComplete Return Code: -31588307
(0xFE1E002D) Description: SOCKETTRANSPORT_ERROR_CONNECT_CANCELED:An asynchronous
connection has been canceled during its initiation.
Error - 12.01.2013 15:46:20 | Computer Name = ***** | Source = acvpnagent | ID = 67108866
Description = Function: CNetEnvironment::TestAccessToSG File: .\NetEnvironment.cpp
Line:
1323 Invoked Function: CNetEnvironment::analyzeHttpResponse Return Code: -28966899
(0xFE46000D) Description: NETENVIRONMENT_ERROR_PROBE_INCOMPLETE:Network Probe could
not contact target
Error - 12.01.2013 15:46:20 | Computer Name = ***** | Source = acvpnagent | ID = 67108866
Description = Function: CNetEnvironment::testNetwork File: .\NetEnvironment.cpp Line:
772 Invoked Function: CNetEnvironment::IsSGAccessible Return Code: -28966899 (0xFE46000D)
Description:
NETENVIRONMENT_ERROR_PROBE_INCOMPLETE:Network Probe could not contact target
Error - 12.01.2013 15:46:20 | Computer Name = ***** | Source = acvpnagent | ID = 67108866
Description = Function: CNetEnvironment::TestNetEnv File: .\NetEnvironment.cpp Line:
225 Invoked Function: CNetEnvironment::testNetwork Return Code: -28966899 (0xFE46000D)
Description:
NETENVIRONMENT_ERROR_PROBE_INCOMPLETE:Network Probe could not contact target
Error - 12.01.2013 15:46:41 | Computer Name = ***** | Source = acvpnagent | ID = 67108866
Description = Function: CNetEnvironment::analyzeHttpResponse File: .\NetEnvironment.cpp
Line:
1509 Invoked Function: CCertHelper::VerifyServerCertificate Return Code: -31391706
(0xFE210026) Description: CERTIFICATE_ERROR_VERIFY_POLICY_FAILED:Certificate failed
a policy check server name: vpn-unidsl.rwth-aachen.de
Error - 12.01.2013 15:46:43 | Computer Name = ***** | Source = acvpnagent | ID = 67108866
Description = Function: CHttpProbeAsync::OnOpenRequestComplete File: .\IP\HttpProbeAsync.cpp
Line:
303 Invoked Function: CHttpSessionAsync::OnOpenRequestComplete Return Code: -31588307
(0xFE1E002D) Description: SOCKETTRANSPORT_ERROR_CONNECT_CANCELED:An asynchronous
connection has been canceled during its initiation.
Error - 12.01.2013 15:46:43 | Computer Name = ***** | Source = acvpnagent | ID = 67108866
Description = Function: CNetEnvironment::TestAccessToSG File: .\NetEnvironment.cpp
Line:
1323 Invoked Function: CNetEnvironment::analyzeHttpResponse Return Code: -28966899
(0xFE46000D) Description: NETENVIRONMENT_ERROR_PROBE_INCOMPLETE:Network Probe could
not contact target
Error - 12.01.2013 15:46:43 | Computer Name = ***** | Source = acvpnagent | ID = 67108866
Description = Function: CNetEnvironment::testNetwork File: .\NetEnvironment.cpp Line:
772 Invoked Function: CNetEnvironment::IsSGAccessible Return Code: -28966899 (0xFE46000D)
Description:
NETENVIRONMENT_ERROR_PROBE_INCOMPLETE:Network Probe could not contact target
[ Media Center Events ]
Error - 16.06.2010 09:25:05 | Computer Name = ***** | Source = ehRecvr | ID = 3
Description =
Error - 16.06.2010 09:25:13 | Computer Name = ***** | Source = ehRecvr | ID = 3
Description =
Error - 16.06.2010 09:27:06 | Computer Name = *****| Source = ehRecvr | ID = 3
Description =
Error - 16.06.2010 09:41:36 | Computer Name = ***** | Source = ehRecvr | ID = 3
Description =
Error - 16.06.2010 09:52:54 | Computer Name = ***** | Source = ehRecvr | ID = 3
Description =
Error - 16.06.2010 09:53:02 | Computer Name = ***** | Source = ehRecvr | ID = 3
Description =
Error - 16.06.2010 09:55:19 | Computer Name = ***** | Source = ehRecvr | ID = 3
Description =
Error - 16.06.2010 09:55:27 | Computer Name = *****| Source = ehRecvr | ID = 3
Description =
Error - 04.11.2012 19:01:27 | Computer Name = ***** | Source = ehRecvr | ID = 3
Description =
Error - 29.11.2012 14:53:48 | Computer Name = ***** | Source = Recording | ID = 19
Description = Der Aufzeichnungszeitplan war beschädigt und wurde am 11/29/2012 19:53:48
automatisch gelöscht. Möglicherweise müssen Sie die Aufzeichnungen erneut planen.
[ System Events ]
Error - 11.01.2013 19:44:04 | Computer Name = ***** | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 12.01.2013 um 00:42:19 unerwartet heruntergefahren.
Error - 11.01.2013 19:44:15 | Computer Name = ***** | Source = Service Control Manager | ID = 7000
Description =
Error - 11.01.2013 19:49:23 | Computer Name = ***** | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 12.01.2013 um 00:47:49 unerwartet heruntergefahren.
Error - 11.01.2013 19:49:33 | Computer Name = ***** | Source = Service Control Manager | ID = 7000
Description =
Error - 11.01.2013 19:49:40 | Computer Name = ***** | Source = Service Control Manager | ID = 7024
Description =
Error - 11.01.2013 19:49:46 | Computer Name = ***** | Source = Service Control Manager | ID = 7031
Description =
Error - 12.01.2013 06:31:13 | Computer Name = ***** | Source = Service Control Manager | ID = 7000
Description =
Error - 12.01.2013 10:27:38 | Computer Name = ***** | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 12.01.2013 um 15:25:54 unerwartet heruntergefahren.
Error - 12.01.2013 10:27:49 | Computer Name = ***** | Source = Service Control Manager | ID = 7000
Description =
Error - 12.01.2013 15:20:17 | Computer Name = ***** | Source = Service Control Manager | ID = 7000
Description =
< End of report >
GMER: GMER 2.0.18444 - hxxp://www.gmer.net Rootkit scan 2013-01-12 22:01:47 Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 WDC_WD16 rev.04.0 149,05GB Running: gmer-2.0.18444.exe; Driver: C:\Users\*****~1\AppData\Local\Temp\fgldqpod.sys ---- System - GMER 2.0 ---- SSDT 8D72797E ZwCreateSection SSDT 8D727988 ZwRequestWaitReplyPort SSDT 8D727983 ZwSetContextThread SSDT 8D72798D ZwSetSecurityObject SSDT 8D727992 ZwSystemDebugControl SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS ZwTerminateProcess [0x87F9A640] ---- Kernel code sections - GMER 2.0 ---- .text ntkrnlpa.exe!KeSetEvent + 215 822B48D8 4 Bytes [7E, 79, 72, 8D] {JLE 0x7b; JB 0xffffff91} .text ntkrnlpa.exe!KeSetEvent + 539 822B4BFC 4 Bytes [88, 79, 72, 8D] .text ntkrnlpa.exe!KeSetEvent + 56D 822B4C30 4 Bytes [83, 79, 72, 8D] {CMP DWORD [ECX+0x72], -0x73} .text ntkrnlpa.exe!KeSetEvent + 5D1 822B4C94 4 Bytes [8D, 79, 72, 8D] .text ntkrnlpa.exe!KeSetEvent + 619 822B4CDC 4 Bytes [92, 79, 72, 8D] .text ... .text C:\Windows\system32\drivers\SSHDRV84.sys section is writeable [0x8DF30000, 0x233D4, 0xE8000020] .pklstb C:\Windows\system32\drivers\SSHDRV84.sys entry point in ".pklstb" section [0x8DF62000] .relo2 C:\Windows\system32\drivers\SSHDRV84.sys unknown last section [0x8DF78000, 0x8E, 0x42000040] .text C:\Windows\system32\drivers\acedrv01.sys section is writeable [0x88363000, 0x2E0F4, 0xE8000020] .pklstb C:\Windows\system32\drivers\acedrv01.sys entry point in ".pklstb" section [0x883A2000] .relo2 C:\Windows\system32\drivers\acedrv01.sys unknown last section [0x883BC000, 0x8E, 0x42000040] .text C:\Windows\system32\drivers\acedrv02.sys section is writeable [0xA9E10000, 0x303A4, 0xE8000020] .pklstb C:\Windows\system32\drivers\acedrv02.sys entry point in ".pklstb" section [0xA9E52000] .relo2 C:\Windows\system32\drivers\acedrv02.sys unknown last section [0xA9E6D000, 0x8E, 0x42000040] .text C:\Windows\system32\drivers\acedrv03.sys section is writeable [0xA9E6F000, 0x303A4, 0xE8000020] .pklstb C:\Windows\system32\drivers\acedrv03.sys entry point in ".pklstb" section [0xA9EB1000] .relo2 C:\Windows\system32\drivers\acedrv03.sys unknown last section [0xA9ECC000, 0x8E, 0x42000040] .text C:\Windows\system32\drivers\acedrv04.sys section is writeable [0xA9ECE000, 0x303A4, 0xE8000020] .pklstb C:\Windows\system32\drivers\acedrv04.sys entry point in ".pklstb" section [0xA9F10000] .relo2 C:\Windows\system32\drivers\acedrv04.sys unknown last section [0xA9F2B000, 0x8E, 0x42000040] .text C:\Windows\system32\drivers\acedrv05.sys section is writeable [0xA9F2D000, 0x30A4A, 0xE8000020] .pklstb C:\Windows\system32\drivers\acedrv05.sys entry point in ".pklstb" section [0xA9F6F000] .relo2 C:\Windows\system32\drivers\acedrv05.sys unknown last section [0xA9F8A000, 0x8E, 0x42000040] .text C:\Windows\system32\drivers\acedrv06.sys section is writeable [0xA9F8C000, 0x319AA, 0xE8000020] .pklstb C:\Windows\system32\drivers\acedrv06.sys entry point in ".pklstb" section [0xA9FCF000] .relo2 C:\Windows\system32\drivers\acedrv06.sys unknown last section [0xA9FEA000, 0x8E, 0x42000040] .text C:\Windows\system32\drivers\acedrv07.sys section is writeable [0xAA601000, 0x328BA, 0xE8000020] .pklstb C:\Windows\system32\drivers\acedrv07.sys entry point in ".pklstb" section [0xAA645000] .relo2 C:\Windows\system32\drivers\acedrv07.sys unknown last section [0xAA661000, 0x8E, 0x42000040] .reloc C:\Windows\system32\drivers\acedrv11.sys section is executable [0xAD320300, 0x25D4C, 0xE0000060] ---- User code sections - GMER 2.0 ---- .text C:\Program Files\Real\RealPlayer\Update\realsched.exe[1332] kernel32.dll!SetUnhandledExceptionFilter 7644A8C5 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4} .text C:\Windows\Explorer.EXE[3264] kernel32.dll!DeleteFileW 7643F54E 5 Bytes JMP 099F63C0 C:\Program Files\Softex\OmniPass\opfolderext.dll (OpFolderExt/Softex Inc.) .text C:\Windows\Explorer.EXE[3264] kernel32.dll!CreateFileW 7646B0EB 5 Bytes JMP 099F5CE0 C:\Program Files\Softex\OmniPass\opfolderext.dll (OpFolderExt/Softex Inc.) ---- Registry - GMER 2.0 ---- Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Media Center\Service\Scheduler@Heartbeat 0xB7 0x46 0x83 0xA7 ... Reg HKLM\SOFTWARE\Classes\CLSID\{B6A930A0-A4F5-43A5-9B4E-6189A6C2B9E8}@c!s!f!`!j!`!m!`!\22!t!t!r!j!r!s!f! 19583823 ---- EOF - GMER 2.0 ---- Vielen Dank im Voraus für die Hilfe! Gruß Geändert von Mark2013 (12.01.2013 um 23:51 Uhr) |
|
13.01.2013, 00:51
| #2 |
| /// Helfer-Team  | GVU-Trojaner, wgsdgsdgdsgsd.exe Die Bereinigung besteht aus mehreren Schritten, die ausgefuehrt werden muessen. Diese Nacheinander abarbeiten und die 3 Logs, die dabei erstellt werden bitte in deine naechste Antwort einfuegen. Sollte der OTL-FIX nicht richig durchgelaufen sein. Fahre nicht fort, sondern melde dies bitte. 1. Schritt Fixen mit OTL Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).
Ersetze die *** Sternchen wieder in den Benutzernamen zurück! Code:
ATTFilter :OTL
[2012.12.28 10:53:34 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2013.01.12 00:42:13 | 000,002,959 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.js
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:264B2CC4
:Files
C:\ProgramData\*.exe
C:\ProgramData\*.dll
C:\ProgramData\*.tmp
C:\ProgramData\TEMP
C:\Users\*****\*.tmp
C:\Users\*****\AppData\Local\Temp\*.exe
C:\Users\*****\AppData\LocalLow\Sun\Java\Deployment\cache
%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup unctf.lnk
ipconfig /flushdns /c
:Commands
[emptytemp]
Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden. Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen! 2. Schritt Downloade dir bitte Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers danach: 3. Schritt Downloade Dir bitte  AdwCleaner auf deinen Desktop.
__________________ |
|
13.01.2013, 02:08
| #3 |
| | GVU-Trojaner, wgsdgsdgdsgsd.exe Den 1. Schritt habe ich ausgeführt, wusste aber nicht genau, ob der Benutzername auch bei den einfachen Sternchen eingefügt werden muss. Ich hatte immer mehrere gemacht, deswegen bin ich davon ausgegangen, dass dort nichts hin muss.
__________________Nachdem OTL fertig gewesen ist, kam eine Meldung von Windows, dass das Programm nicht mehr funktionier und geschlossen werden muss. Daraufhin hatte ich einen Bildschirm ohne Desktopsymbole und konnte nichts machen. Hab einen Reset durchgeführt und nach Minuten mit schwarzem Desktop, kam dann doch eine Rückmeldung. Hier nun die Log-Datei: All processes killed ========== OTL ========== C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1\x86\x86 folder moved successfully. C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1\x86 folder moved successfully. C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1 folder moved successfully. C:\ProgramData\dsgsdgdsgdsgw.js moved successfully. ADS C:\ProgramData\Temp:264B2CC4 deleted successfully. ========== FILES ========== File\Folder C:\ProgramData\*.exe not found. File\Folder C:\ProgramData\*.dll not found. File\Folder C:\ProgramData\*.tmp not found. C:\ProgramData\TEMP folder moved successfully. File\Folder C:\Users\*****\*.tmp not found. C:\Users\*****\AppData\Local\Temp\ose00000.exe moved successfully. C:\Users\*****\AppData\Local\Temp\ose00001.exe moved successfully. C:\Users\*****\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\tmp folder moved successfully. C:\Users\*****\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\muffin folder moved successfully. C:\Users\*****\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\host folder moved successfully. C:\Users\*****\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9 folder moved successfully. C:\Users\*****\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8 folder moved successfully. C:\Users\*****\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7 folder moved successfully. C:\Users\*****\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63 folder moved successfully. C:\Users\*****\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62 folder moved successfully. C:\Users\*****\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61 folder moved successfully. C:\Users\*****\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60 folder moved successfully. C:\Users\*****\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6 folder moved successfully. C:\Users\*****\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59 folder moved successfully. C:\Users\*****\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58 folder moved successfully. C:\Users\*****\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57 folder moved successfully. C:\Users\*****\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56 folder moved successfully. C:\Users\*****\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55 folder moved successfully. C:\Users\*****\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54 folder moved successfully. C:\Users\*****\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53 folder moved successfully. C:\Users\*****\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52 folder moved successfully. C:\Users\*****\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51 folder moved successfully. C:\Users\*****\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50 folder moved successfully. C:\Users\*****\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5 folder moved successfully. C:\Users\*****\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49 folder moved successfully. C:\Users\*****\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48 folder moved successfully. C:\Users\*****\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47 folder moved successfully. C:\Users\*****\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46 folder moved successfully. C:\Users\*****\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45 folder moved successfully. C:\Users\*****\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44 folder moved successfully. C:\Users\*****\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43 folder moved successfully. C:\Users\*****\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42 folder moved successfully. C:\Users\*****\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41 folder moved successfully. C:\Users\*****\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40 folder moved successfully. C:\Users\*****\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4 folder moved successfully. C:\Users\*****\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39 folder moved successfully. C:\Users\*****\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38 folder moved successfully. C:\Users\*****\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37 folder moved successfully. C:\Users\*****\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36 folder moved successfully. C:\Users\*****\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35 folder moved successfully. C:\Users\*****\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34 folder moved successfully. C:\Users\*****\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33 folder moved successfully. C:\Users\*****\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32 folder moved successfully. C:\Users\*****\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31 folder moved successfully. C:\Users\*****\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30 folder moved successfully. C:\Users\*****\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3 folder moved successfully. C:\Users\*****\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29 folder moved successfully. C:\Users\*****\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28 folder moved successfully. C:\Users\*****\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27 folder moved successfully. C:\Users\******\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26 folder moved successfully. C:\Users\*****\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25 folder moved successfully. C:\Users\*****\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24 folder moved successfully. C:\Users\*****\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23 folder moved successfully. C:\Users\*****\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22 folder moved successfully. C:\Users\*****\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21 folder moved successfully. C:\Users\*****\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20 folder moved successfully. C:\Users\*****\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2 folder moved successfully. C:\Users\*****\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19 folder moved successfully. C:\Users\*****\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18 folder moved successfully. C:\Users\*****\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17 folder moved successfully. C:\Users\*****\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16 folder moved successfully. C:\Users\*****\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15 folder moved successfully. C:\Users\*****\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14 folder moved successfully. C:\Users\*****\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13 folder moved successfully. C:\Users\*****\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12 folder moved successfully. C:\Users\*****\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11 folder moved successfully. C:\Users\*****\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10 folder moved successfully. C:\Users\*****\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1 folder moved successfully. C:\Users\*****\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0 folder moved successfully. C:\Users\*****\AppData\LocalLow\Sun\Java\Deployment\cache\6.0 folder moved successfully. C:\Users\*****\AppData\LocalLow\Sun\Java\Deployment\cache folder moved successfully. File/Folder C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup unctf.lnk not found. < ipconfig /flushdns /c > Windows-IP-Konfiguration Der DNS-Aufl”sungscache wurde geleert. C:\Users\*****\Desktop\cmd.bat deleted successfully. C:\Users\*****\Desktop\cmd.txt deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: ***** ->Temp folder emptied: 194007571 bytes ->Temporary Internet Files folder emptied: 54510855 bytes ->Java cache emptied: 15869640 bytes ->FireFox cache emptied: 158377552 bytes ->Flash cache emptied: 4442 bytes User: ***** ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 745912906 bytes ->FireFox cache emptied: 228113075 bytes ->Google Chrome cache emptied: 8878907 bytes ->Flash cache emptied: 7233299 bytes User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 1139200 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 188840033 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 1.529,00 mb OTL by OldTimer - Version 3.2.69.0 log created on 01132013_013249 Files\Folders moved on Reboot... C:\Windows\temp\JET9E22.tmp moved successfully. PendingFileRenameOperations files... Registry entries deleted on Reboot... |
|
13.01.2013, 02:11
| #4 |
| /// Helfer-Team | GVU-Trojaner, wgsdgsdgdsgsd.exe Bitte mit Schritt 2 und 3 weitermachen. |
|
13.01.2013, 03:22
| #5 |
| | GVU-Trojaner, wgsdgsdgdsgsd.exe Schritt 2: Logdatei nach erstem Scan: Malwarebytes Anti-Rootkit BETA 1.01.0.1016 Malwarebytes : Free Anti-Malware download Database version: v2013.01.12.10 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 ***** :: ***** [administrator] 13.01.2013 02:30:36 mbar-log-2013-01-13 (02-30-36).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P Scan options disabled: Objects scanned: 27519 Time elapsed: 15 minute(s), 58 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 17 HKLM\SOFTWARE\CLASSES\CLSID\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Delete on reboot. HKLM\SOFTWARE\CLASSES\CLSID\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Delete on reboot. HKLM\SOFTWARE\CLASSES\TYPELIB\{BB7256DD-EBA9-480B-8441-A00388C2BEC3} (PUP.VShareRedir) -> Delete on reboot. HKLM\SOFTWARE\CLASSES\INTERFACE\{3D782BB2-F2A5-11D3-BF4C-000000000000} (PUP.VShareRedir) -> Delete on reboot. HKLM\SOFTWARE\CLASSES\INTERFACE\{DB1F5554-582C-4F53-82CC-458D2C04A2F1} (PUP.VShareRedir) -> Delete on reboot. HKLM\SOFTWARE\CLASSES\MyNewsBarLauncher.IE5BarLauncher.1 (PUP.VShareRedir) -> Delete on reboot. HKLM\SOFTWARE\CLASSES\MyNewsBarLauncher.IE5BarLauncher (PUP.VShareRedir) -> Delete on reboot. HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Delete on reboot. HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Delete on reboot. HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Delete on reboot. HKLM\SOFTWARE\CLASSES\CLSID\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD}\INPROCSERVER32 (PUP.VShareRedir) -> Delete on reboot. HKLM\SOFTWARE\CLASSES\MyNewsBarLauncher.IE5BarLauncherBHO.1 (PUP.VShareRedir) -> Delete on reboot. HKLM\SOFTWARE\CLASSES\MyNewsBarLauncher.IE5BarLauncherBHO (PUP.VShareRedir) -> Delete on reboot. HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Delete on reboot. HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Delete on reboot. HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Delete on reboot. HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Delete on reboot. Registry Values Detected: 2 HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR|{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Data: VShareTB -> Delete on reboot. HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Data: -> Delete on reboot. Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 1 c:\Program Files\vShare.tv plugin\BarLcher.dll (PUP.VShareRedir) -> Delete on reboot. (end) Logdatei nach zweitem Scan: Malwarebytes Anti-Rootkit BETA 1.01.0.1016 Malwarebytes : Free Anti-Malware download Database version: v2013.01.12.10 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 ***** :: ***** [administrator] 13.01.2013 03:03:40 mbar-log-2013-01-13 (03-03-40).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P Scan options disabled: Objects scanned: 27509 Time elapsed: 20 minute(s), 20 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) Schritt 3: Log-Datei: # AdwCleaner v2.105 - Datei am 13/01/2013 um 03:05:41 erstellt # Aktualisiert am 08/01/2013 von Xplode # Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits) # Benutzer : ***** - ***** # Bootmodus : Normal # Ausgeführt unter : C:\Users\******\Desktop\adwcleaner.exe # Option [Löschen] **** [Dienste] **** ***** [Dateien / Ordner] ***** Datei Gelöscht : C:\Program Files\Mozilla Firefox\Plugins\npvsharetvplg.dll Datei Gelöscht : C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\tm0k2o27.default\searchplugins\11-suche.xml Datei Gelöscht : C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\tm0k2o27.default\searchplugins\icqplugin.xml Datei Gelöscht : C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\tm0k2o27.default\searchplugins\icqplugin-1.xml Datei Gelöscht : C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\tm0k2o27.default\searchplugins\icqplugin-2.xml Datei Gelöscht : C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\tm0k2o27.default\searchplugins\icqplugin-3.xml Ordner Gelöscht : C:\Program Files\ICQ6Toolbar Ordner Gelöscht : C:\Program Files\vShare.tv plugin Ordner Gelöscht : C:\ProgramData\ICQ\ICQToolbar Ordner Gelöscht : C:\Users\*****\AppData\LocalLow\PriceGong Ordner Gelöscht : C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\tm0k2o27.default\SweetIMToolbarData Ordner Gelöscht : C:\Users\*****\AppData\Roaming\pdfforge ***** [Registrierungsdatenbank] ***** Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F97BFF8-488B-4107-BCEE-B161AB4E4183} Schlüssel Gelöscht : HKCU\Software\Softonic Schlüssel Gelöscht : HKCU\Software\StartSearch Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{8F97BFF8-488B-4107-BCEE-B161AB4E4183} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A1B48071-416D-474E-A13B-BE5456E7FC31} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{79D60450-56C5-4A8C-9321-6D5BC2A81E5A} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{99C22A61-21BA-4F81-85FF-CDC9EB5DB10B} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F97BFF8-488B-4107-BCEE-B161AB4E4183} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A1B48071-416D-474E-A13B-BE5456E7FC31} ***** [Internet Browser] ***** -\\ Internet Explorer v9.0.8112.16450 Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - ICQ Search] = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd --> hxxp://www.google.com -\\ Mozilla Firefox v18.0 (de) Datei : C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\tm0k2o27.default\prefs.js Gelöscht : user_pref("browser.search.defaulturl", "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_v[...] Gelöscht : user_pref("keyword.URL", "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.1&q="); Gelöscht : user_pref("sweetim.toolbar.highlight.colors", "#FFFF00,#00FFE4,#5AFF00,#0087FF,#FFCC00,#FF00F0"); Gelöscht : user_pref("sweetim.toolbar.logger.ConsoleHandler.MinReportLevel", "7"); Gelöscht : user_pref("sweetim.toolbar.logger.FileHandler.FileName", "ff-toolbar.log"); Gelöscht : user_pref("sweetim.toolbar.logger.FileHandler.MaxFileSize", "200000"); Gelöscht : user_pref("sweetim.toolbar.logger.FileHandler.MinReportLevel", "7"); Gelöscht : user_pref("sweetim.toolbar.mode.debug", "false"); Gelöscht : user_pref("sweetim.toolbar.previous.keyword.URL", "hxxp://search.icq.com/search/afe_results.php?ch_i[...] Gelöscht : user_pref("sweetim.toolbar.search.external", "<?xml version=\"1.0\"?><TOOLBAR><EXTERNAL_SEARCH engin[...] Gelöscht : user_pref("sweetim.toolbar.search.history.capacity", "10"); Gelöscht : user_pref("sweetim.toolbar.simapp_id", "{E0E781A9-6EEA-462A-B22F-A80A707E684F}"); Gelöscht : user_pref("sweetim.toolbar.version", "1.1.0.2"); Gelöscht : user_pref("vshare.install.date", "1315662959"); Gelöscht : user_pref("vshare.install.finished", "1.0.0"); Gelöscht : user_pref("vshare.install.fresh", "false"); Gelöscht : user_pref("vshare.install.guid", "{55e16d78-819a-408f-a6b5-b674a63c5a8a}"); Gelöscht : user_pref("vshare.install.newtab", false); Datei : C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\n6qnmfb5.default\prefs.js [OK] Die Datei ist sauber. -\\ Google Chrome v [Version kann nicht ermittelt werden] Datei : C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] Die Datei ist sauber. ************************* AdwCleaner[S1].txt - [4932 octets] - [13/01/2013 03:05:41] ########## EOF - C:\AdwCleaner[S1].txt - [4992 octets] ########## Hallo, erstmal Danke für die Hilfe, auch zu sehr später Stunde. Kann ich jetzt noch irgendwas für meinen Laptop machen oder sollte es jetzt halwegs passen? Danke! |
|
13.01.2013, 18:04
| #6 |
| /// Helfer-Team | GVU-Trojaner, wgsdgsdgdsgsd.exe Ich sag bescheid, wenn wir fertig sind  Malware-Scan mit Emsisoft Anti-Malware Lade die Gratisversion von => Emsisoft Anti-Malware herunter und installiere das Programm. Lade über Jetzt Updaten die aktuellen Signaturen herunter. Wähle den Freeware-Modus aus. Wähle Detail Scan und starte über den Button Scan die Überprüfung des Computers. Am Ende des Scans nichts loeschen lassen!. Mit Klick auf Bericht speichern das Logfile auf dem Desktop speichern und hier in den Thread posten. Anleitung: http://www.trojaner-board.de/103809-...i-malware.html
__________________ --> GVU-Trojaner, wgsdgsdgdsgsd.exe |
|
13.01.2013, 21:20
| #7 |
| | GVU-Trojaner, wgsdgsdgdsgsd.exe Der Scan mit Emsisoft ist abgeschlossen und hier folgende Logdatei: Emsisoft Anti-Malware - Version 7.0 Letztes Update: 13.01.2013 18:37:53 Scan Einstellungen: Scan Methode: Detail Scan Objekte: Rootkits, Speicher, Traces, C:\, D:\ Riskware-Erkennung: Aus Archiv Scan: An ADS Scan: An Dateitypen-Filter: Aus Erweitertes Caching: An Direkter Festplattenzugriff: Aus Scan Beginn: 13.01.2013 18:40:21 C:\_OTL\MovedFiles\01132013_013249\C_ProgramData\dsgsdgdsgdsgw.js gefunden: Trojan.Script.480412 (B) C:\Program Files\GK1neu\GK1neu\MScript.ogg gefunden: Trojan.Win32.Agent.AMN (A) C:\Users\******\Desktop\GK1neu\GK1neu\MScript.ogg gefunden: Trojan.Win32.Agent.AMN (A) C:\Users\******\Desktop\gmer-2.0.18444.exe gefunden: Trojan.Generic.8557653 (B) Gescannt 481208 Gefunden 4 Scan Ende: 13.01.2013 21:16:26 Scan Zeit: 2:36:05 |
|
14.01.2013, 10:51
| #8 |
| /// Helfer-Team | GVU-Trojaner, wgsdgsdgdsgsd.exe Sehr gut!  Deinstalliere: Emsisoft Anti-Malware ESET Online Scanner Vorbereitung
|
|
14.01.2013, 20:51
| #9 |
| | GVU-Trojaner, wgsdgsdgdsgsd.exe Hallo, auch der Scan ist nun geschafft! Hier die Logdatei: ESETSmartInstaller@High as downloader log: all ok # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6889 # api_version=3.0.2 # EOSSerial=3743b5ec11868c4aa3c20e167b99e98c # end=finished # remove_checked=true # archives_checked=true # unwanted_checked=false # unsafe_checked=false # antistealth_checked=true # utc_time=2013-01-14 07:41:37 # local_time=2013-01-14 08:41:37 (+0100, Mitteleuropäische Zeit) # country="Germany" # lang=1033 # osver=6.0.6002 NT Service Pack 2 # compatibility_mode=1799 16775165 100 97 14457 223612187 7215 0 # compatibility_mode=5892 16776574 100 100 17529856 195725225 0 0 # scanned=178330 # found=2 # cleaned=2 # scan_time=9703 C:\_OTL\MovedFiles\01132013_013249\C_ProgramData\dsgsdgdsgdsgw.js JS/Agent.NID trojan (cleaned by deleting - quarantined) 73C093B2920822EBF339D4AC3CFC29B9E4C4FB4D C C:\_OTL\MovedFiles\01132013_013249\C_Users\*****\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20\57943e14-60a6aa51 Java/Exploit.CVE-2013-0422.F trojan (cleaned by deleting - quarantined) 4D0C8A6FB4B3F06192EBA6C0692EA84E777B3A8E C |
|
15.01.2013, 09:24
| #10 |
| /// Helfer-Team | GVU-Trojaner, wgsdgsdgdsgsd.exe Java aktualisieren Dein Java ist nicht mehr aktuell. Älter Versionen enthalten Sicherheitslücken, die von Malware missbraucht werden können.
Dann so einstellen: http://www.trojaner-board.de/105213-...tellungen.html Danach poste (kopieren und einfuegen) mir, was du hier angezeigt bekommst: PluginCheck Java deaktivieren Aufgrund derezeitigen Sicherheitsluecke: http://www.trojaner-board.de/122961-...ktivieren.html Danach poste mir (kopieren und einfuegen), was du hier angezeigt bekommst: PluginCheck |
|
15.01.2013, 20:15
| #11 |
| | GVU-Trojaner, wgsdgsdgdsgsd.exe Hab alles durchgeführt. Ein Update auf den Adobe Reader kann ich aber nicht laden. Wird auf deren Seite auch noch nicht angeboten. Hier der Plug-in Check bei aktiviertem Java: PluginCheck Der PluginCheck hilft die größten Sicherheitslücken beim Surfen im Internet zu schliessen. Überprüft wird: Browser, Flash, Java und Adobe Reader Version. Firefox 18.0 ist aktuell Flash (11,5,502,146) ist aktuell. Java (1,7,0,11) ist aktuell. Adobe Reader 10,1,4,38 ist veraltet! Aktualisieren Sie bitte auf die neueste Version: 11.0 Hier bei deaktiviertem Java: PluginCheck Der PluginCheck hilft die größten Sicherheitslücken beim Surfen im Internet zu schliessen. Überprüft wird: Browser, Flash, Java und Adobe Reader Version. Firefox 18.0 ist aktuell Flash (11,5,502,146) ist aktuell. Java ist nicht Installiert oder nicht aktiviert. Adobe Reader 10,1,4,38 ist veraltet! Aktualisieren Sie bitte auf die neueste Version: 11.0 |
|
16.01.2013, 00:39
| #12 |
| /// Helfer-Team | GVU-Trojaner, wgsdgsdgdsgsd.exe Sehr gut! damit bist Du sauber und entlassen!  adwCleaner entfernen
Tool-Bereinigung mit OTL Wir werden nun die CleanUp!-Funktion von OTL nutzen, um die meisten Programme, die wir zur Bereinigung installiert haben, wieder von Deinem System zu löschen.
Zurücksetzen der Sicherheitszonen Lasse die Sicherheitszonen wieder zurücksetzen, da diese manipuliert wurden um den Browser für weitere Angriffe zu öffnen. Gehe dabei so vor: http://www.trojaner-board.de/111805-...ecksetzen.html Systemwiederherstellungen leeren Damit der Rechner nicht mit einer infizierten Systemwiederherstellung erneut infiziert werden kann, muessen wir diese leeren. Dazu schalten wir sie einmal aus und dann wieder ein: Systemwiederherstellung deaktivieren Tutorial fuer Windows XP, Windows Vista, Windows 7 Danach wieder aktivieren. Aufräumen mit CCleaner Lasse mit CCleaner (Download) (Anleitung) Fehler in der
Lektuere zum abarbeiten: http://www.trojaner-board.de/90880-d...tallation.html http://www.trojaner-board.de/105213-...tellungen.html PluginCheck http://www.trojaner-board.de/96344-a...-rechners.html Secunia Online Software Inspector http://www.trojaner-board.de/71715-k...iendungen.html http://www.trojaner-board.de/83238-a...sschalten.html http://www.trojaner-board.de/109844-...ren-seite.html PC wird immer langsamer - was tun? |
|
04.03.2013, 14:33
| #13 |
| /// Helfer-Team | GVU-Trojaner, wgsdgsdgdsgsd.exe Fehlende Rückmeldung Gibt es Probleme beim Abarbeiten obiger Anleitung? Um Kapazitäten für andere Hilfesuchende freizumachen, lösche ich dieses Thema aus meinen Benachrichtigungen. Solltest Du weitermachen wollen, schreibe mir eine PN oder eröffne ein neues Thema. http://www.trojaner-board.de/69886-a...-beachten.html Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner sauber ist. |
|
| Themen zu GVU-Trojaner, wgsdgsdgdsgsd.exe |
| 32 bit, acedrv05.sys, antivir, avira, bonjour, browser, converter, downloader, error, excel, failed, firefox, flash player, google, helper, home, hotkey.sys, iexplore.exe, install.exe, plug-in, problem, real player, realtek, registry, safer networking, scan, security, senden, software, svchost.exe, vista, zahlung |
Linear-Darstellung
