| |  wie den GVU-Trojaner loswerden?
 hey leute,
habe mir auch den gvu trojaner eingefangen. bei dem sperrbildschirm habe ich dann erstmal den rechner per powerknopf ausgemacht und kam dann durch abbrechen des herunterfahrens vom sperrbildschirm auf den desktop. habe gvu gegoogelt und bin über deren seite auf dieses forum gestoßen.
habe jetzt defogger, OTL und GMER laufen lassen. kann schonmal vorwerg sagen, dass der trojaner noch da ist, da der sperrbildschirm bei neustart wieder erschien und ich wie oben beschrieben auf den desktop gelangt bin um jetzt hier ins forum zu schreiben.
defogger lief problemlos, OTL gab jedoch schon schwierigkeiten: es wurde keine Extra.txt datei angefertigt. füge euch mal die OTL.txt und die Gmer.txt hinzu und hoffe, dass ihr mir helfen könnt. bin wirklich ahnungslos auf dem gebiet.
PS:
bevor der anschein entsteht: die download-dateien von far cry 3 sind legal, habe das spiel über den ubishop erstanden und dort ist der download nunmal merkwürdig (AMD verteilte bei aktuellen grafikkarten codes für das spiel, habe die HD7870)
PPS:
wäre das formatieren der festplatte auch eine option, den virus loszuwerden? wenn ja, könnte ich dann trotzdem ein backup von manchen dateien (z.B. ein Steam Backup) auf eine externe festplatte machen, ohne den virus "mitzuschleppen"? denn wenn ja, wäre das formatieren garnicht mal so schlimm für mich. habe den rechner keine 3 monate, es wäre also nicht besonders viel arbeit, den neu einzurichten, windows cd habe ich hier ja schließlich liegen.
OTL: PHP-Code: OTL logfile created on: 16.01.2013 00:18:58 - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Helge\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
7,90 Gb Total Physical Memory | 6,51 Gb Available Physical Memory | 82,40% Memory free
15,79 Gb Paging File | 14,20 Gb Available in Paging File | 89,92% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931,41 Gb Total Space | 821,17 Gb Free Space | 88,16% Space Free | Partition Type: NTFS
Computer Name: HELGE-PC | User Name: Helge | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
[color=#E56717]========== Processes (SafeList) ==========[/color]
PRC - [2013.01.15 23:09:01 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Helge\Desktop\OTL.exe
PRC - [2013.01.08 01:06:24 | 001,248,360 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2012.12.11 17:51:07 | 000,085,280 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012.12.11 17:50:58 | 000,109,344 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.11.29 15:59:49 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2007.05.28 17:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
[color=#E56717]========== Modules (No Company Name) ==========[/color]
MOD - [2013.01.08 01:06:22 | 000,460,392 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\ppGoogleNaClPluginChrome.dll
MOD - [2013.01.08 01:06:19 | 004,012,648 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\pdf.dll
MOD - [2013.01.08 01:05:29 | 000,598,120 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\libglesv2.dll
MOD - [2013.01.08 01:05:28 | 000,124,520 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\libegl.dll
MOD - [2013.01.08 01:05:25 | 001,553,000 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\ffmpegsumo.dll
[color=#E56717]========== Services (SafeList) ==========[/color]
SRV:[b]64bit:[/b] - [2012.12.02 08:36:50 | 000,240,640 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2012.12.21 16:53:49 | 000,541,760 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012.12.11 17:51:07 | 000,085,280 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.12.11 17:50:58 | 000,109,344 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.11.29 15:59:49 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012.11.09 11:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007.05.28 17:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) [Auto | Running] -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
DRV:[b]64bit:[/b] - [2012.12.11 17:51:10 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:[b]64bit:[/b] - [2012.12.11 17:51:10 | 000,099,912 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:[b]64bit:[/b] - [2012.12.02 09:29:48 | 011,270,656 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:[b]64bit:[/b] - [2012.12.02 08:13:20 | 000,546,816 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:[b]64bit:[/b] - [2012.11.04 22:16:29 | 000,868,848 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:[b]64bit:[/b] - [2012.11.04 20:39:06 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:[b]64bit:[/b] - [2012.09.24 09:58:11 | 000,027,800 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:[b]64bit:[/b] - [2012.07.17 18:12:08 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:[b]64bit:[/b] - [2012.05.14 07:12:30 | 000,096,896 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:[b]64bit:[/b] - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:[b]64bit:[/b] - [2012.01.26 18:39:34 | 000,787,736 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc)
DRV:[b]64bit:[/b] - [2012.01.26 18:39:34 | 000,356,120 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub)
DRV:[b]64bit:[/b] - [2012.01.26 18:39:34 | 000,016,152 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs)
DRV:[b]64bit:[/b] - [2011.08.23 14:57:24 | 000,565,352 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:[b]64bit:[/b] - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:[b]64bit:[/b] - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:[b]64bit:[/b] - [2010.11.21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:[b]64bit:[/b] - [2010.11.21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:[b]64bit:[/b] - [2010.11.21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:[b]64bit:[/b] - [2009.11.18 00:12:00 | 000,032,344 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBfilt64.sys -- (MBfilt)
DRV:[b]64bit:[/b] - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:[b]64bit:[/b] - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:[b]64bit:[/b] - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:[b]64bit:[/b] - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:[b]64bit:[/b] - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:[b]64bit:[/b] - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:[b]64bit:[/b] - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:[b]64bit:[/b] - [2007.07.17 17:42:38 | 000,056,336 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:[b]64bit:[/b] - [2007.07.17 17:42:32 | 000,054,288 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
[color=#E56717]========== Internet Explorer ==========[/color]
IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 44 14 D1 A7 6A B9 CD 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
[color=#E56717]========== FireFox ==========[/color]
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_110.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.138.0: C:\Program Files (x86)\Battlelog Web Plugins\1.138.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)
[color=#E56717]========== Chrome ==========[/color]
CHR - homepage: hxxp://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage: hxxp://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - Extension: YouTube = C:\Users\Helge\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Google-Suche = C:\Users\Helge\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: Google Mail = C:\Users\Helge\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:[b]64bit:[/b] - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:[b]64bit:[/b] - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:[b]64bit:[/b] - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:[b]64bit:[/b] - HKLM..\Run: [itype] C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4:[b]64bit:[/b] - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
O4 - HKCU..\Run: [Foged] C:\Users\Helge\AppData\Roaming\Gytodi\isomi.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\Helge\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O4 - Startup: C:\Users\Helge\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Users\Helge\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk = C:\Programme\Rainmeter\Rainmeter.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O13[b]64bit:[/b] - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{14F304A1-0E1E-45F2-9393-319BE41AABBC}: DhcpNameServer = 192.168.178.1
O18:[b]64bit:[/b] - Protocol\Handler\bwfile-8876480 - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{834dfd97-2684-11e2-b8f5-bc5ff452d6b5}\Shell - "" = AutoRun
O33 - MountPoints2\{834dfd97-2684-11e2-b8f5-bc5ff452d6b5}\Shell\AutoRun\command - "" = E:\hmh-dishonored.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %*
O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
[2013.01.15 23:08:59 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Helge\Desktop\OTL.exe
[2013.01.15 22:19:41 | 000,190,464 | ---- | C] (Корпорация Майкрософт) -- C:\Users\Helge\wgsdgsdgdsgsd.exe
[2013.01.12 19:22:48 | 000,000,000 | ---D | C] -- C:\Users\Helge\AppData\Roaming\Gytodi
[2013.01.12 19:22:48 | 000,000,000 | ---D | C] -- C:\Users\Helge\AppData\Roaming\Esixiw
[2013.01.12 19:22:48 | 000,000,000 | ---D | C] -- C:\Users\Helge\AppData\Roaming\Aknu
[2013.01.07 17:07:46 | 000,000,000 | ---D | C] -- C:\Users\Helge\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
[2013.01.07 16:56:20 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\directx
[2013.01.06 15:10:51 | 000,000,000 | ---D | C] -- C:\Users\Helge\Documents\Witcher 2
[2013.01.06 15:10:51 | 000,000,000 | ---D | C] -- C:\Users\Helge\AppData\Local\The Witcher 2
[2013.01.03 15:34:30 | 000,000,000 | ---D | C] -- C:\Users\Helge\Desktop\EC1 eVo
[2012.12.23 16:59:28 | 000,000,000 | ---D | C] -- C:\Users\Helge\AppData\Roaming\Skype
[2012.12.23 16:59:24 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2012.12.23 16:59:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012.12.23 16:59:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2012.12.23 16:59:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
[2013.01.16 00:18:08 | 000,021,856 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.01.16 00:18:08 | 000,021,856 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.01.16 00:15:11 | 001,612,484 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.01.16 00:15:11 | 000,696,620 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.01.16 00:15:11 | 000,651,938 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.01.16 00:15:11 | 000,147,916 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.01.16 00:15:11 | 000,120,870 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.01.16 00:11:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.01.16 00:11:25 | 095,023,320 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.pad
[2013.01.16 00:11:08 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.01.16 00:10:51 | 2064,912,383 | -HS- | M] () -- C:\hiberfil.sys
[2013.01.15 23:42:00 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.01.15 23:11:08 | 000,365,568 | ---- | M] () -- C:\Users\Helge\Desktop\gmer-2.0.18444.exe
[2013.01.15 23:09:01 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Helge\Desktop\OTL.exe
[2013.01.15 23:04:24 | 000,000,358 | ---- | M] () -- C:\Users\Helge\defogger_reenable
[2013.01.15 23:02:23 | 000,050,477 | ---- | M] () -- C:\Users\Helge\Desktop\Defogger.exe
[2013.01.15 22:19:42 | 000,002,890 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.js
[2013.01.15 22:19:42 | 000,001,049 | ---- | M] () -- C:\Users\Helge\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk
[2013.01.15 22:19:42 | 000,000,159 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.reg
[2013.01.15 22:19:42 | 000,000,066 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.bat
[2013.01.15 22:19:41 | 000,190,464 | ---- | M] (Корпорация Майкрософт) -- C:\Users\Helge\wgsdgsdgdsgsd.exe
[2013.01.10 11:52:16 | 000,296,080 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.01.09 20:42:53 | 001,589,442 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013.01.04 17:12:53 | 000,281,688 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2013.01.04 17:12:53 | 000,281,688 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2013.01.03 16:57:11 | 000,281,688 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2012.12.23 16:59:24 | 000,002,517 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[color=#E56717]========== Files Created - No Company Name ==========[/color]
[2013.01.15 23:11:08 | 000,365,568 | ---- | C] () -- C:\Users\Helge\Desktop\gmer-2.0.18444.exe
[2013.01.15 23:04:23 | 000,000,358 | ---- | C] () -- C:\Users\Helge\defogger_reenable
[2013.01.15 23:02:22 | 000,050,477 | ---- | C] () -- C:\Users\Helge\Desktop\Defogger.exe
[2013.01.15 22:19:42 | 000,002,890 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.js
[2013.01.15 22:19:42 | 000,001,049 | ---- | C] () -- C:\Users\Helge\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk
[2013.01.15 22:19:42 | 000,000,159 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.reg
[2013.01.15 22:19:42 | 000,000,066 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.bat
[2013.01.15 22:19:41 | 095,023,320 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.pad
[2013.01.06 15:10:29 | 001,589,442 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.12.23 16:59:24 | 000,002,517 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2012.11.29 15:59:51 | 000,281,688 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.11.29 15:59:49 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012.11.12 16:07:25 | 000,000,545 | ---- | C] () -- C:\Users\Helge\AppData\Roaming\All CPU MeterV3_Settings.ini
[2012.11.03 03:58:22 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012.11.03 03:27:44 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012.11.03 03:27:44 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012.11.03 03:27:44 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2012.05.02 13:58:10 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[color=#E56717]========== ZeroAccess Check ==========[/color]
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
[color=#E56717]========== LOP Check ==========[/color]
[2013.01.15 22:23:00 | 000,000,000 | ---D | M] -- C:\Users\Helge\AppData\Roaming\Aknu
[2012.11.04 19:35:27 | 000,000,000 | ---D | M] -- C:\Users\Helge\AppData\Roaming\DAEMON Tools Lite
[2013.01.12 19:22:48 | 000,000,000 | ---D | M] -- C:\Users\Helge\AppData\Roaming\Esixiw
[2012.11.29 15:41:34 | 000,000,000 | ---D | M] -- C:\Users\Helge\AppData\Roaming\GetRightToGo
[2013.01.12 19:22:48 | 000,000,000 | ---D | M] -- C:\Users\Helge\AppData\Roaming\Gytodi
[2012.11.07 01:25:13 | 000,000,000 | ---D | M] -- C:\Users\Helge\AppData\Roaming\OpenOffice.org
[2012.11.06 18:48:02 | 000,000,000 | ---D | M] -- C:\Users\Helge\AppData\Roaming\Rainmeter
[2012.12.13 20:09:29 | 000,000,000 | ---D | M] -- C:\Users\Helge\AppData\Roaming\Spotify
[color=#E56717]========== Purity Check ==========[/color]
< End of report >
Gmer.txt : PHP-Code: GMER 2.0.18444 - hxxp://www.gmer.net
Rootkit scan 2013-01-16 00:32:03
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1 ST1000DM003-9YN162 rev.CC4B 931,51GB
Running: gmer-2.0.18444.exe; Driver: C:\Users\Helge\AppData\Local\Temp\ugloipod.sys
---- User code sections - GMER 2.0 ----
.text C:\Windows\SysWOW64\PnkBstrA.exe[1696] C:\Windows\SysWOW64\WSOCK32.dll!recv + 82 00000000730417fa 2 bytes [04, 73]
.text C:\Windows\SysWOW64\PnkBstrA.exe[1696] C:\Windows\SysWOW64\WSOCK32.dll!recvfrom + 88 0000000073041860 2 bytes [04, 73]
.text C:\Windows\SysWOW64\PnkBstrA.exe[1696] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 98 0000000073041942 2 bytes [04, 73]
.text C:\Windows\SysWOW64\PnkBstrA.exe[1696] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 109 000000007304194d 2 bytes [04, 73]
.text C:\Windows\SysWOW64\PnkBstrA.exe[1696] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000751a1401 2 bytes [1A, 75]
.text C:\Windows\SysWOW64\PnkBstrA.exe[1696] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000751a1419 2 bytes [1A, 75]
.text C:\Windows\SysWOW64\PnkBstrA.exe[1696] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000751a1431 2 bytes [1A, 75]
.text C:\Windows\SysWOW64\PnkBstrA.exe[1696] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000751a144a 2 bytes [1A, 75]
.text ... * 9
.text C:\Windows\SysWOW64\PnkBstrA.exe[1696] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000751a14dd 2 bytes [1A, 75]
.text C:\Windows\SysWOW64\PnkBstrA.exe[1696] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000751a14f5 2 bytes [1A, 75]
.text C:\Windows\SysWOW64\PnkBstrA.exe[1696] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000751a150d 2 bytes [1A, 75]
.text C:\Windows\SysWOW64\PnkBstrA.exe[1696] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000751a1525 2 bytes [1A, 75]
.text C:\Windows\SysWOW64\PnkBstrA.exe[1696] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000751a153d 2 bytes [1A, 75]
.text C:\Windows\SysWOW64\PnkBstrA.exe[1696] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000751a1555 2 bytes [1A, 75]
.text C:\Windows\SysWOW64\PnkBstrA.exe[1696] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000751a156d 2 bytes [1A, 75]
.text C:\Windows\SysWOW64\PnkBstrA.exe[1696] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000751a1585 2 bytes [1A, 75]
.text C:\Windows\SysWOW64\PnkBstrA.exe[1696] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000751a159d 2 bytes [1A, 75]
.text C:\Windows\SysWOW64\PnkBstrA.exe[1696] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000751a15b5 2 bytes [1A, 75]
.text C:\Windows\SysWOW64\PnkBstrA.exe[1696] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000751a15cd 2 bytes [1A, 75]
.text C:\Windows\SysWOW64\PnkBstrA.exe[1696] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000751a16b2 2 bytes [1A, 75]
.text C:\Windows\SysWOW64\PnkBstrA.exe[1696] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000751a16bd 2 bytes [1A, 75]
---- Threads - GMER 2.0 ----
Thread C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [1312:1720] 00000000746132fb
Thread C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [1608:2376] 000000007310e2db
Thread C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [1608:2468] 0000000072708de0
Thread C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [1608:2472] 0000000072708de0
Thread C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [1608:2476] 0000000072708de0
Thread C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [1608:2480] 0000000072704e00
---- Processes - GMER 2.0 ----
Library ? (*** suspicious ***) @ C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [1312] 0000000074600000
Library ? (*** suspicious ***) @ C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [1608] 0000000075420000
---- Registry - GMER 2.0 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files (x86)\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x40 0xC6 0x78 0x9B ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x66 0x3B 0x57 0x88 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xBA 0x3C 0x81 0x69 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files (x86)\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x40 0xC6 0x78 0x9B ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x66 0x3B 0x57 0x88 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xBA 0x3C 0x81 0x69 ...
---- EOF - GMER 2.0 ----
hoffe mir kann geholfen werden 
mfg helge
|
16.01.2013, 00:56
Baum-Darstellung