| |
| |||||||
Log-Analyse und Auswertung: GVU Trojaner mit Sperrung im abgesicherten Modus, runctf im AutostartWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
01.02.2013, 01:33
| #1 |
| |  GVU Trojaner mit Sperrung im abgesicherten Modus, runctf im Autostart Hallo liebe Community-Gemeinde, nach langer Zeit des interessierten Mitlesens muss ich jetzt hier auch mein Problem schildern. Wie der Titel schon sagt, habe ich mir auch einen GVU Trojaner mit Paysafe-Erpressung eingfangen. Prompt kam die Abschaltung der Windows-Oberfläche. Starten im abgesicherten Modus brachte keinen Erfolg, aber der Tip mit dem Powerknopf drücken und danach Strg Alt Entf stopte das Starten des Trojaners. So dass ich mit OTL die Logs erstellen konnte. Zusätzlich habe ich noch im Autostart-Menü den Eintrag runctf gefunden, aber noch nichts am System gemacht. Hier meine Logs otl logOTL Logfile: Code:
ATTFilter OTL logfile created on: 01.02.2013 00:55:17 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\user\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1013,23 Mb Total Physical Memory | 709,25 Mb Available Physical Memory | 70,00% Memory free 2,38 Gb Paging File | 2,01 Gb Available in Paging File | 84,42% Paging File free Paging file location(s): C:\pagefile.sys 1524 3048 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 39,07 Gb Total Space | 15,35 Gb Free Space | 39,29% Space Free | Partition Type: NTFS Drive D: | 106,07 Gb Total Space | 66,95 Gb Free Space | 63,12% Space Free | Partition Type: NTFS Computer Name: NAME-D882880609 | User Name: user | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Dokumente und Einstellungen\user\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Spyware Terminator\st_rsser.exe (Crawler.com) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Citrix\ICA Client\redirector.exe (Citrix Systems, Inc.) PRC - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe (Oracle Corporation) PRC - C:\Programme\System Control Manager\MSIService.exe () PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION) ========== Modules (No Company Name) ========== MOD - C:\Programme\Avira\AntiVir Desktop\sqlite3.dll () MOD - C:\Programme\System Control Manager\MSIService.exe () MOD - C:\Programme\System Control Manager\MSIWmiAcpi.dll () MOD - C:\Programme\WinRAR 3.61 Multi\RarExt.dll () ========== Services (SafeList) ========== SRV - (AppMgmt) -- %SystemRoot%\System32\appmgmts.dll File not found SRV - (winmgmt) -- C:\Dokumente und Einstellungen\user\Lokale Einstellungen\Temp\wpbt0.dll (Microsoft Corporation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (ST2012_Svc) -- C:\Programme\Spyware Terminator\st_rsser.exe (Crawler.com) SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies) SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (JavaQuickStarterService) -- C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe (Oracle Corporation) SRV - (Micro Star SCM) -- C:\Programme\System Control Manager\MSIService.exe () SRV - (TOSHIBA Bluetooth Service) -- C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION) ========== Driver Services (SafeList) ========== DRV - (WDICA) -- File not found DRV - (upjjl3) -- C:\WINDOWS\SYSTEM32\DRIVERS\upjjl3.sys File not found DRV - (PDRFRAME) -- File not found DRV - (PDRELI) -- File not found DRV - (PDFRAME) -- File not found DRV - (PDCOMP) -- File not found DRV - (PCIDump) -- File not found DRV - (lbrtfdc) -- File not found DRV - (i2omgmt) -- File not found DRV - (Changer) -- File not found DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH) DRV - (ctxusbm) -- C:\WINDOWS\system32\drivers\ctxusbm.sys (Citrix Systems, Inc.) DRV - (avkmgr) -- C:\WINDOWS\system32\drivers\avkmgr.sys (Avira GmbH) DRV - (sp_rsdrv2) -- C:\WINDOWS\system32\drivers\sp_rsdrv2.sys () DRV - (RT-USB) -- C:\WINDOWS\system32\drivers\RT-USB.SYS (Ross-Tech LLC) DRV - (84370762) -- C:\WINDOWS\system32\drivers\84370762.sys (Kaspersky Lab) DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH) DRV - (84370761) -- C:\WINDOWS\system32\drivers\84370761.sys (Kaspersky Lab) DRV - (rtl8187Se) -- C:\WINDOWS\system32\drivers\rtl8187Se.sys (Realtek Semiconductor Corporation ) DRV - (RTLE8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation ) DRV - (RSUSBSTOR) -- C:\WINDOWS\system32\drivers\RTS5121.sys (Realtek Semiconductor Corporation) DRV - (RT80x86) -- C:\WINDOWS\system32\drivers\rt2860.sys (Ralink Technology, Corp.) DRV - (IntcAzAudAddService) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.) DRV - (AR5416) -- C:\WINDOWS\system32\drivers\athw.sys (Atheros Communications, Inc.) DRV - (tosrfbd) -- C:\WINDOWS\system32\drivers\tosrfbd.sys (TOSHIBA CORPORATION) DRV - (Tosrfhid) -- C:\WINDOWS\system32\drivers\Tosrfhid.sys (TOSHIBA Corporation.) DRV - (TosRfSnd) -- C:\WINDOWS\system32\drivers\TosRfSnd.sys (TOSHIBA Corporation) DRV - (tosrfbnp) -- C:\WINDOWS\system32\drivers\tosrfbnp.sys (TOSHIBA Corporation) DRV - (Ser2pl) -- C:\WINDOWS\system32\drivers\ser2pl.sys (Prolific Technology Inc.) DRV - (Tosrfusb) -- C:\WINDOWS\system32\drivers\tosrfusb.sys (TOSHIBA CORPORATION) DRV - (Tosrfcom) -- C:\WINDOWS\system32\drivers\tosrfcom.sys (TOSHIBA Corporation) DRV - (SIUSBXP) -- C:\WINDOWS\system32\drivers\SiUSBXp.sys (Silicon Laboratories) DRV - (tosporte) -- C:\WINDOWS\system32\drivers\tosporte.sys (TOSHIBA Corporation) DRV - (tosrfnds) -- C:\WINDOWS\system32\drivers\tosrfnds.sys (TOSHIBA Corporation.) DRV - (ULCDRHlp) -- C:\WINDOWS\system32\drivers\ULCDRHlp.sys (Ulead Systems, Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msi.com.tw IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msi.com.tw IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msi.com.tw IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msi.com.tw IE - HKU\S-1-5-21-1645950979-3032116726-709124298-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msi.com.tw IE - HKU\S-1-5-21-1645950979-3032116726-709124298-1005\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) IE - HKU\S-1-5-21-1645950979-3032116726-709124298-1005\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-1645950979-3032116726-709124298-1005\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC IE - HKU\S-1-5-21-1645950979-3032116726-709124298-1005\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-flv IE - HKU\S-1-5-21-1645950979-3032116726-709124298-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll () FF - HKLM\Software\MozillaPlugins\@Citrix.com/npican: C:\Programme\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.11.16 20:15:43 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012.11.16 20:16:09 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Mozilla\Extensions [2012.11.16 20:15:43 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.10.24 18:50:04 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll [2012.10.24 23:03:12 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.10.24 23:03:11 | 000,002,465 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml [2012.10.24 23:03:12 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml [2012.10.24 23:03:12 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml [2012.10.24 23:03:12 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml [2012.10.24 23:03:11 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2008.04.14 13:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Adobe PDF Reader Link Helper) - {C0F1636E-13A8-4C84-BB11-774BE45E1F83} - C:\WINDOWS\system32\AcroIEHelpe231.dll File not found O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Programme\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc) O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [ConnectionCenter] C:\Programme\Citrix\ICA Client\redirector.exe (Citrix Systems, Inc.) O4 - HKLM..\Run: [ITSecMng] C:\Programme\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe ( TOSHIBA CORPORATION) O4 - HKLM..\Run: [MGSysCtrl] C:\Programme\System Control Manager\MGSysCtrl.exe (Mirco-Star International CO., LTD.) O4 - HKLM..\Run: [SpywareTerminatorShield] C:\Programme\Spyware Terminator\SpywareTerminatorShield.exe (Crawler.com) O4 - HKLM..\Run: [SpywareTerminatorUpdater] C:\Programme\Spyware Terminator\SpywareTerminatorUpdate.exe (Crawler.com) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKU\S-1-5-21-1645950979-3032116726-709124298-1005..\Run: [GoogleDriveSync] C:\Programme\Google\Drive\googledrivesync.exe (Google) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Bluetooth Manager.lnk = C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.) O4 - Startup: C:\Dokumente und Einstellungen\user\Startmenü\Programme\Autostart\Ross-Tech VCDS RKS Updater.lnk = C:\Kaufmann\VCDS-RKS-GER\VCDS.exe (Ross-Tech, LLC) O4 - Startup: C:\Dokumente und Einstellungen\user\Startmenü\Programme\Autostart\RT-Updater.lnk = C:\Kaufmann\VCDS-RKS-GER\VCDS.exe (Ross-Tech, LLC) O4 - Startup: C:\Dokumente und Einstellungen\user\Startmenü\Programme\Autostart\_uninst_setup_9.0.0.722_18.06.2012_12-34.exe.lnk = File not found O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1645950979-3032116726-709124298-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1353793656383 (WUWebControl Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7DBE57E7-D677-402F-A6D2-02EA79D56B0D}: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica; charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica; charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica; charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica; charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica; charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica; charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica; charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica;charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica;charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica;charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica;charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica;charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica;charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica;charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O20 - AppInit_DLLs: (C:\PROGRA~1\Citrix\ICACLI~1\RSHook.dll) - C:\Programme\Citrix\ICA Client\RSHook.dll (Citrix Systems, Inc.) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008.09.15 03:24:17 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{dd8368f0-c6e9-11de-b6fc-002185b46fba}\Shell\AutoRun\command - "" = E:\jeo3ky.exe O33 - MountPoints2\{dd8368f0-c6e9-11de-b6fc-002185b46fba}\Shell\open\Command - "" = E:\jeo3ky.exe O33 - MountPoints2\{e6a9f2a6-f432-11df-b7e4-002185b46fba}\Shell\AutoRun\command - "" = E:\jeo3ky.exe O33 - MountPoints2\{e6a9f2a6-f432-11df-b7e4-002185b46fba}\Shell\open\Command - "" = E:\jeo3ky.exe O33 - MountPoints2\G\Shell - "" = AutoRun O33 - MountPoints2\G\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\CDSetup.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013.02.01 00:52:16 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\user\Desktop\OTL.exe [2013.01.18 21:08:13 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Canon [2013.01.18 21:03:13 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Canon [2013.01.18 20:56:11 | 000,274,432 | ---- | C] (CANON INC.) -- C:\WINDOWS\System32\CNQL1208.dll [2013.01.18 20:56:11 | 000,040,960 | ---- | C] (CANON INC.) -- C:\WINDOWS\System32\CNQU77.DLL [2013.01.18 20:08:47 | 000,000,000 | ---D | C] -- C:\Programme\Canon [2013.01.18 20:06:03 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2013.01.18 20:04:03 | 000,389,180 | ---- | C] (Canon) -- C:\WINDOWS\System32\UCS32P.DLL [2013.01.18 20:04:01 | 000,000,000 | -H-D | C] -- C:\CanoScan [2013.01.18 20:02:39 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\user\Eigene Dateien\treiber scanner [2013.01.18 08:39:02 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\user\Eigene Dateien\Kontoauszuege [2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.02.01 00:48:22 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\user\Desktop\OTL.exe [2013.02.01 00:44:33 | 095,023,320 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\0tbpw.pad [2013.02.01 00:44:07 | 000,000,870 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2013.02.01 00:43:57 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2013.02.01 00:43:51 | 1062,526,976 | -HS- | M] () -- C:\hiberfil.sys [2013.02.01 00:25:11 | 000,000,201 | ---- | M] () -- C:\WINDOWS\Brownie.ini [2013.01.31 23:34:32 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2013.01.31 23:31:27 | 000,003,079 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\0tbpw.js [2013.01.31 23:21:16 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2013.01.31 23:04:01 | 000,000,874 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2013.01.31 22:57:18 | 000,000,804 | ---- | M] () -- C:\Dokumente und Einstellungen\user\Startmenü\Programme\Autostart\runctf.lnk [2013.01.31 20:07:31 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2013.01.27 16:25:09 | 000,000,432 | ---- | M] () -- C:\WINDOWS\BRWMARK.INI [2013.01.23 22:58:25 | 000,030,072 | ---- | M] () -- C:\Dokumente und Einstellungen\user\Eigene Dateien\Konto_4410089221-Auszug_2013_002_pdf.pdf [2013.01.23 22:51:01 | 000,028,826 | ---- | M] () -- C:\Dokumente und Einstellungen\user\Eigene Dateien\Konto_4410089221-Auszug_2013_003_pdf.pdf [2013.01.20 22:35:23 | 000,123,744 | ---- | M] () -- C:\Dokumente und Einstellungen\user\Eigene Dateien\MarienplatzAudi_te.pdf [2013.01.19 17:20:50 | 000,029,306 | ---- | M] () -- C:\Dokumente und Einstellungen\user\Eigene Dateien\xxx815_20130118.pdf [2013.01.18 19:53:02 | 000,019,480 | ---- | M] () -- C:\Dokumente und Einstellungen\user\Eigene Dateien\Bildungsfonds_Nachweis_2012.odt [2013.01.13 21:06:21 | 000,492,970 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2013.01.13 21:06:21 | 000,473,220 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2013.01.13 21:06:21 | 000,091,182 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2013.01.13 21:06:21 | 000,076,314 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2013.01.11 22:32:15 | 000,009,740 | ---- | M] () -- C:\Dokumente und Einstellungen\user\Eigene Dateien\große_etiketten.odt [2013.01.11 22:31:36 | 000,010,655 | ---- | M] () -- C:\Dokumente und Einstellungen\user\Eigene Dateien\kleine_etiketten.odt [2013.01.10 10:32:45 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2013.01.09 21:22:16 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe [2013.01.09 21:22:16 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl [2013.01.09 09:05:36 | 000,123,440 | ---- | M] () -- C:\Dokumente und Einstellungen\user\Eigene Dateien\MarienplatzAudi_te[1].pdf [2013.01.09 08:27:13 | 000,314,768 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2013.01.06 06:33:34 | 006,009,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll [2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.02.01 00:38:53 | 1062,526,976 | -HS- | C] () -- C:\hiberfil.sys [2013.01.31 23:34:32 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2013.01.31 22:57:18 | 000,003,079 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\0tbpw.js [2013.01.31 22:57:18 | 000,000,804 | ---- | C] () -- C:\Dokumente und Einstellungen\user\Startmenü\Programme\Autostart\runctf.lnk [2013.01.31 22:57:15 | 095,023,320 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\0tbpw.pad [2013.01.23 22:58:25 | 000,030,072 | ---- | C] () -- C:\Dokumente und Einstellungen\user\Eigene Dateien\Konto_4410089221-Auszug_2013_002_pdf.pdf [2013.01.23 22:51:00 | 000,028,826 | ---- | C] () -- C:\Dokumente und Einstellungen\user\Eigene Dateien\Konto_4410089221-Auszug_2013_003_pdf.pdf [2013.01.20 22:35:21 | 000,123,744 | ---- | C] () -- C:\Dokumente und Einstellungen\user\Eigene Dateien\MarienplatzAudi_te.pdf [2013.01.19 17:20:48 | 000,029,306 | ---- | C] () -- C:\Dokumente und Einstellungen\user\Eigene Dateien\xxx815_20130118.pdf [2013.01.18 19:53:01 | 000,019,480 | ---- | C] () -- C:\Dokumente und Einstellungen\user\Eigene Dateien\Bildungsfonds_Nachweis_2012.odt [2013.01.11 18:46:38 | 000,009,740 | ---- | C] () -- C:\Dokumente und Einstellungen\user\Eigene Dateien\große_etiketten.odt [2013.01.09 09:05:36 | 000,123,440 | ---- | C] () -- C:\Dokumente und Einstellungen\user\Eigene Dateien\MarienplatzAudi_te[1].pdf [2012.10.28 11:01:57 | 000,000,026 | ---- | C] () -- C:\WINDOWS\System32\urhtps.dat [2012.09.19 20:52:14 | 000,000,038 | ---- | C] () -- C:\WINDOWS\AviSplitter.INI [2012.06.29 23:12:34 | 000,000,141 | ---- | C] () -- C:\WINDOWS\BRVIDEO.INI [2012.06.29 23:12:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brmx2001.ini [2012.06.29 23:12:33 | 000,000,114 | ---- | C] () -- C:\WINDOWS\System32\brlmw03a.ini [2012.06.29 23:12:32 | 000,009,030 | ---- | C] () -- C:\WINDOWS\HL-2030.INI [2012.06.29 23:12:30 | 000,000,432 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI [2012.06.29 23:12:08 | 000,000,054 | ---- | C] () -- C:\WINDOWS\System32\bd2030.dat [2012.06.29 23:11:56 | 000,000,201 | ---- | C] () -- C:\WINDOWS\Brownie.ini [2012.06.23 15:48:56 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\drivers\sp_rsdrv2.sys [2012.05.07 22:07:58 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2009.11.01 14:25:26 | 000,122,880 | ---- | C] () -- C:\Dokumente und Einstellungen\user\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== ZeroAccess Check ========== [2012.06.30 17:44:01 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shdocvw.dll -- [2012.02.28 19:49:18 | 001,510,400 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009.02.09 11:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008.04.14 13:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2012.07.29 14:29:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Citrix [2013.01.31 20:11:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spyware Terminator [2008.09.15 06:39:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ulead Systems [2013.01.18 21:18:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Canon [2012.09.23 16:13:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\ICAClient [2012.06.22 23:57:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\JPEGsnoop [2009.10.27 00:19:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\OpenOffice.org [2012.06.22 22:48:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Oracle [2012.06.23 15:48:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Spyware Terminator ========== Purity Check ========== < End of report > ############ und der extras log ############OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 01.02.2013 00:55:17 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\user\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1013,23 Mb Total Physical Memory | 709,25 Mb Available Physical Memory | 70,00% Memory free
2,38 Gb Paging File | 2,01 Gb Available in Paging File | 84,42% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 39,07 Gb Total Space | 15,35 Gb Free Space | 39,29% Space Free | Partition Type: NTFS
Drive D: | 106,07 Gb Total Space | 66,95 Gb Free Space | 63,12% Space Free | Partition Type: NTFS
Computer Name: NAME-D882880609 | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
[HKEY_USERS\S-1-5-21-1645950979-3032116726-709124298-1005\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Programme\Spyware Terminator\SpywareTerminator.exe" = C:\Programme\Spyware Terminator\SpywareTerminator.exe:*:Enabled:Spyware Terminator 2012 -- (Crawler.com)
"C:\Programme\Spyware Terminator\SpywareTerminatorUpdate.exe" = C:\Programme\Spyware Terminator\SpywareTerminatorUpdate.exe:*:Enabled:Spyware Terminator 2012 -- (Crawler.com)
"C:\Programme\Skype\Phone\Skype.exe" = C:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{143FB15C-0C48-41E3-9C30-F56FB69BF3D7}" = Canon CanoScan Toolbox 4.5
"{18F68B99-03B9-4B30-BA1C-85432A7914F7}" = Brother HL-2035
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
"{2DE9C112-2482-4D27-AA90-1504DFD9F117}" = Citrix Authentication Manager
"{2EA6C7A4-9178-4C04-887E-D3515F4AAC1B}" = Online Plug-in
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{452F5D68-F680-4F84-9146-509C0DFEB8D6}" = Citrix Receiver (USB)
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C552FD3-2CCD-4E00-AC64-0681DBB3F8B5}" = OpenOffice.org 3.4
"{56736259-613E-4A3B-B428-6235F2E76F44}_is1" = Spyware Terminator 2012
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{73A32AC6-C6DE-410E-8869-83E5D725DDE0}" = Citrix Receiver(Aero)
"{7A21C722-F259-4976-B7AA-6658E5FDEDAF}" = Google Drive
"{7CE1F876-6012-431F-A514-C67107D6D8E1}" = Citrix Receiver (DV)
"{7FC7AD70-1DF3-4B84-9AA2-4FB680F45572}_is1" = Hex-Editor MX
"{8EC50898-E24A-4C0C-A1F2-A71A8DBF291F}" = Citrix Receiver Inside
"{9AE395DB-6BC3-4CA9-B894-351CB8DE915A}" = BurnRecovery
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A3BE3F1E-2472-4211-8735-E8239BE49D9F}" = Ulead Burn.Now 4.5
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{B48A3CE4-2F1E-45EF-841A-C0A3C407EB0F}" = Self-Service Plug-in
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D10CB652-9332-4242-B7A9-2D61570144F7}" = USB 2.0 Card Reader
"{D2A27492-2F6B-49BE-A4E4-BFCE01828FB7}" = Citrix Receiver (HDX Flash-Umleitung)
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}" = PL-2303 USB-to-Serial
"{ED9C5D25-55DF-48D8-9328-2AC0D75DE5D8}" = System Control Manager
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"4E1F54FAB25DB3EE9094949BF3DFDCF6E1CF07E6" = Windows Driver Package - Realtek (rtl8187Se) Net (07/10/2008 5.9067.0710.2008)
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"B4DFFB06B716298277125094C48185BFE8B5A7E1" = Windows-Treiberpaket - Ross-Tech USB Driver Package (06/16/2010 2.06.02)
"CitrixOnlinePluginPackWeb" = Citrix Receiver
"E0E22E828DBDB1F29F3D91CF328727F39AF8062B" = Windows Driver Package - Atheros (AR5416) Net (04/08/2008 7.6.0.200)
"E920DD3E0FC6CCFF23A10B3AF7C6DC99BA39648C" = Windows Driver Package - Ralink Technology, Corp. (RT80x86) Net (05/19/2008 1.01.03.0000)
"FLV Player" = FLV Player 2.0 (build 25)
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"ie8" = Windows Internet Explorer 8
"InstallShield_{A3BE3F1E-2472-4211-8735-E8239BE49D9F}" = Ulead Burn.Now 4.5 SE
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 16.0.2 (x86 de)" = Mozilla Firefox 16.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSNINST" = MSN
"SIUSBXP&10C4&EA61" = VAGdashCOM+CAN (Driver Removal)
"VCDS RKS (GER)" = VCDS RKS 11.11 (GER)
"WinRAR archiver" = WinRAR archiver
"XP Codec Pack" = XP Codec Pack
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 10.01.2013 13:37:48 | Computer Name = NAME-D882880609 | Source = .NET Runtime | ID = 1023
Description = .NET Runtime version 2.0.50727.3643 - CLR: Fatal Execution Engine
Error (7A0BCA72) (80131506)
Error - 10.01.2013 13:37:48 | Computer Name = NAME-D882880609 | Source = .NET Runtime | ID = 1023
Description = .NET Runtime version 2.0.50727.3643 - Fatal Execution Engine Error
(7A0BCA72) (80131506)
Error - 10.01.2013 13:37:48 | Computer Name = NAME-D882880609 | Source = .NET Runtime | ID = 1023
Description = .NET Runtime version 2.0.50727.3643 - Fatal Execution Engine Error
(7A0BCA72) (80131506)
Error - 10.01.2013 13:37:48 | Computer Name = NAME-D882880609 | Source = .NET Runtime | ID = 1023
Description = .NET Runtime version 2.0.50727.3643 - Fatal Execution Engine Error
(7A0BCA72) (80131506)
Error - 10.01.2013 15:31:38 | Computer Name = NAME-D882880609 | Source = .NET Runtime Optimization Service | ID = 1103
Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32)
- Tried to start a service that wasn't the latest version of CLR Optimization service.
Will shutdown
Error - 12.01.2013 19:46:48 | Computer Name = NAME-D882880609 | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung iexplore.exe, Version 8.0.6001.18702, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 12.01.2013 19:46:48 | Computer Name = NAME-D882880609 | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung iexplore.exe, Version 8.0.6001.18702, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 13.01.2013 16:04:35 | Computer Name = NAME-D882880609 | Source = WmiAdapter | ID = 4099
Description = Dienst konnte nicht geöffnet werden.
Error - 17.01.2013 16:39:44 | Computer Name = NAME-D882880609 | Source = crypt32 | ID = 131080
Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer
von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
ist fehlgeschlagen mit dem Fehler: Dieser Vorgang wurde wegen Zeitüberschreitung
zurückgegeben. .
Error - 26.01.2013 06:27:25 | Computer Name = NAME-D882880609 | Source = crypt32 | ID = 131080
Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer
von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
ist fehlgeschlagen mit dem Fehler: Dieser Vorgang wurde wegen Zeitüberschreitung
zurückgegeben. .
[ System Events ]
Error - 31.01.2013 19:48:31 | Computer Name = NAME-D882880609 | Source = DCOM | ID = 10010
Description = Der Server "{8BC3F05E-D86B-11D0-A075-00C04FB68820}" konnte innerhalb
des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Error - 31.01.2013 19:49:01 | Computer Name = NAME-D882880609 | Source = DCOM | ID = 10010
Description = Der Server "{8BC3F05E-D86B-11D0-A075-00C04FB68820}" konnte innerhalb
des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Error - 31.01.2013 19:49:31 | Computer Name = NAME-D882880609 | Source = DCOM | ID = 10010
Description = Der Server "{8BC3F05E-D86B-11D0-A075-00C04FB68820}" konnte innerhalb
des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Error - 31.01.2013 19:50:01 | Computer Name = NAME-D882880609 | Source = DCOM | ID = 10010
Description = Der Server "{8BC3F05E-D86B-11D0-A075-00C04FB68820}" konnte innerhalb
des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Error - 31.01.2013 19:50:31 | Computer Name = NAME-D882880609 | Source = DCOM | ID = 10010
Description = Der Server "{8BC3F05E-D86B-11D0-A075-00C04FB68820}" konnte innerhalb
des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Error - 31.01.2013 19:51:01 | Computer Name = NAME-D882880609 | Source = DCOM | ID = 10010
Description = Der Server "{8BC3F05E-D86B-11D0-A075-00C04FB68820}" konnte innerhalb
des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Error - 31.01.2013 19:51:31 | Computer Name = NAME-D882880609 | Source = DCOM | ID = 10010
Description = Der Server "{8BC3F05E-D86B-11D0-A075-00C04FB68820}" konnte innerhalb
des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Error - 31.01.2013 19:52:01 | Computer Name = NAME-D882880609 | Source = DCOM | ID = 10010
Description = Der Server "{8BC3F05E-D86B-11D0-A075-00C04FB68820}" konnte innerhalb
des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Error - 31.01.2013 19:52:31 | Computer Name = NAME-D882880609 | Source = DCOM | ID = 10010
Description = Der Server "{8BC3F05E-D86B-11D0-A075-00C04FB68820}" konnte innerhalb
des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Error - 31.01.2013 19:53:01 | Computer Name = NAME-D882880609 | Source = DCOM | ID = 10010
Description = Der Server "{8BC3F05E-D86B-11D0-A075-00C04FB68820}" konnte innerhalb
des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
< End of report >
Vielen Dank schon im Voraus. Viele Grüße |
| Themen zu GVU Trojaner mit Sperrung im abgesicherten Modus, runctf im Autostart |
| antivir, avira, bho, down, error, fehler, firefox, flash player, helper, home, homepage, iexplore.exe, kaspersky, logfile, plug-in, problem, realtek, registry, rundll, scan, security, software, spyware, starten, system, trojaner, windows internet |
Baum-Darstellung