| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Schweizer Variante des GVU-Trojaners auf NetbookWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
02.02.2013, 19:28
| #1 |
 |  Schweizer Variante des GVU-Trojaners auf Netbook Hallo Leute Ihr seid wohl mein letzter Ausweg. Ich habe mir über die Google-Suche unter Firefox die schweizer Variante des GVU-Trojaners eingefangen. Ich habe ein Netbook und somit kann ich nur mit Boot-USB-Sticks arbeiten und nicht mit Boot-CDs/DVDs, Betriebssystem ist Windows 7 Home Premium (32bit). Ich habe schon einige Versuche unternommen, die aber zu keinem Ergebnis geführt haben: 1. Griff ich im abgesicherten Modus auf die Registrierungsdatenbank zu, weil in diversen Foren berichtet wurde, dass sich der Trojaner im Run-Ordner oder in den Policies-Ordner eingenistet hätte, aber dort jedoch nichts Verdächtiges gefunden. 2. Habe einen bootfähigen USB-Stick mit Avira AntiVir Rescue System ausgestattet und das gesamte System nach Viren gescannt. Es wurde nichts gefunden! 3. Ich habe über die Systemwiederherstellung das Netbook auf den Stand vom 25. Januar zurückgesetzt. Ohne Erfolg. 4. Ich habe das System mit HitmanPro wie hier beschrieben gebootet. Der Trojaner kommt immer noch, doch das angeblich grüne Fenster kommt nicht. Ich hoffe, dass mir jemand weiterhelfen kann, denn ich bin mit meinem Latein am Ende... |
|
03.02.2013, 11:00
| #2 |
| /// TB-Ausbilder   | Schweizer Variante des GVU-Trojaners auf Netbook Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen. Bitte beachte folgende Hinweise:
Starte deinen Rechner nach dieser Anleitung im abgesicherten Modus mit Netzwerktreibern und berichte mir, ob dein Rechner dort auch blockiert wird. |
|
04.02.2013, 11:16
| #3 |
| | Schweizer Variante des GVU-Trojaners auf Netbook Hallo Matthias
__________________Ich habe versucht, den Rechner so zu starten, wie du gesagt hast. Ich konnte mich in mein Konto einloggen, doch nach wenigen Sekunden startete der Rechner direkt neu, daraufhin folgte ein Bildschirm, dass Windows nicht geladen werden konnte. |
|
04.02.2013, 11:36
| #4 |
| /// TB-Ausbilder | Schweizer Variante des GVU-Trojaners auf Netbook Servus, alles klar. Du brauchst einen sauberen Rechner und einen USB-Stick. Downloade dir bitte Farbar Recovery Scan Tool 32-Bit von einem sauberen Rechner und speichere diese auf einen USB Stick. Schließe den USB Stick an das infizierte System an. Du musst das System nun in die System Reparatur Option booten. Über den Boot Manager
Mit Windows CD/DVD
Wähle in den Reparaturoptionen Eingabeaufforderung
|
|
04.02.2013, 21:05
| #5 |
| | Schweizer Variante des GVU-Trojaners auf Netbook So hier nun der Scan Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 02-02-2013 02
Ran by SYSTEM at 04-02-2013 20:50:21
Running from E:\
Windows 7 Home Premium (X86) OS Language: English(US)
The current controlset is ControlSet001
==================== Registry (Whitelisted) ===================
HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [1594664 2009-11-19] (Synaptics Incorporated)
HKLM\...\Run: [SynAsusAcpi] %ProgramFiles%\Synaptics\SynTP\SynAsusAcpi.exe [83240 2009-11-19] (Synaptics Incorporated)
HKLM\...\Run: [EeeSplendidAgent] C:\Program Files\ASUS\EPC\EeeSplendid\AsAgent.exe [x]
HKLM\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [35696 2009-02-27] (Adobe Systems Incorporated)
HKLM\...\Run: [HotkeyMon] AsusSender.exe C:\Program Files\ASUS\HotkeyService\HotKeyMon.exe [101288 2010-12-07] (ASUSTeK Computer Inc.)
HKLM\...\Run: [HotkeyService] AsusSender.exe C:\Program Files\ASUS\HotkeyService\HotkeyService.exe [1248176 2010-12-07] (ASUSTeK Computer Inc.)
HKLM\...\Run: [SuperHybridEngine] AsusSender.exe C:\Program Files\ASUS\SHE\SuperHybridEngine.exe [412600 2010-11-15] (ASUSTeK Computer Inc.)
HKLM\...\Run: [LiveUpdate] AsusSender.exe C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe auto [1095080 2011-03-10] (AsusTek Computer Inc.)
HKLM\...\Run: [CapsHook] AsusSender.exe C:\Program Files\ASUS\CapsHook\CapsHook.exe [445344 2010-11-15] (ASUS)
HKLM\...\Run: [Eee Docking] C:\Program Files\ASUS\Eee Docking\Eee Docking.exe autorun [414384 2011-01-06] (ASUSTek Computer Inc.)
HKLM\...\Run: [ASUSWebStorage] C:\Program Files\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe /S [731472 2011-02-23] (ecareme)
HKLM\...\Run: [VizorHtmlDialog.exe] "C:\Program Files\Trend Micro\Titanium\UIFramework\VizorHtmlDialog.exe" "DEF" "EULA" "C:\Program Files\Trend Micro\Titanium\UI\Installer.cmpt\resources\preinstall_01_welcome_trial.html" "DEF" "DEF" "DEF" [x]
HKLM\...\Run: [Trend Micro Client Framework] "C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [112632 2010-10-12] (Trend Micro Inc.)
HKLM\...\Run: [Trend Micro Titanium] C:\Program Files\Trend Micro\Titanium\VizorShortCut.exe -ReFlush "none" "none" [218448 2010-10-20] (Trend Micro Inc.)
HKLM\...\Run: [Boingo Wi-Fi] "C:\Program Files\Boingo\Boingo Wi-Fi\Boingo.lnk" [2429 2012-04-12] ()
HKLM\...\Run: [ASUSPRP] C:\Program Files\ASUS\APRP\APRP.EXE [2018032 2011-04-15] (ASUSTek Computer Inc.)
HKLM\...\Run: [iSeriesCharge] AsusSender.exe C:\Program Files\ASUS\USBChargeSetting\iSeriesCharge.exe [99792 2012-06-28] (AsusTek Computer Inc.)
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.)
HKU\Brehm\...\Winlogon: [Shell] explorer.exe,C:\Users\Brehm\AppData\Roaming\skype.dat [110592 2011-11-16] ()
HKU\Default\...\RunOnce: [Reboot] AsusSender.exe C:\Windows\Reboot.exe 60 [92096 2010-12-12] (AsusTek Computer Inc.)
HKU\Default\...\RunOnce: [IconPatch] C:\Windows\AP\IconPatch.vbs [x]
HKU\Default\...\RunOnce: [AskScreensaver] C:\Program Files\Asus\AsusScreensaver\AsusScreensaver.exe [797104 2011-01-26] (AsusTek Computer Inc.)
HKU\Default User\...\RunOnce: [Reboot] AsusSender.exe C:\Windows\Reboot.exe 60 [92096 2010-12-12] (AsusTek Computer Inc.)
HKU\Default User\...\RunOnce: [IconPatch] C:\Windows\AP\IconPatch.vbs [x]
HKU\Default User\...\RunOnce: [AskScreensaver] C:\Program Files\Asus\AsusScreensaver\AsusScreensaver.exe [797104 2011-01-26] (AsusTek Computer Inc.)
HKLM\...\RunOnce: [*Restore] C:\windows\system32\rstrui.exe /RUNONCE [262656 2010-11-20] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{0B9553F6-C4F3-434F-B724-B2A98C870D1E}: [NameServer]208.67.222.222,208.67.220.220
Startup: C:\Users\All Users\Start Menu\Programs\Startup\AsusVibeLauncher.lnk
ShortcutTarget: AsusVibeLauncher.lnk -> C:\Program Files\Asus\AsusVibe\AsusVibeLauncher.exe ()
==================== Services (Whitelisted) ===================
2 AsusService; C:\windows\system32\AsusService.exe [224680 2010-12-07] ()
2 SetupARService; "C:\Program Files\Realtek\Audio\SetupAfterRebootService.exe" [24576 2012-11-01] (Realtek Semiconductor.)
2 TiMiniService; C:\Program Files\Trend Micro\Titanium\TiMiniService.exe [161104 2010-09-17] (Trend Micro Inc.)
3 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=rb -dt=60000 [x]
==================== Drivers (Whitelisted) ====================
3 AiDriver; C:\Windows\System32\DRIVERS\AiDriver.sys [14720 2012-05-07] (ASUSTek Computer Inc.)
1 AsIO; C:\Windows\System32\drivers\AsIO.sys [11456 2010-06-27] ()
1 AsUpIO; C:\Windows\System32\drivers\AsUpIO.sys [11832 2010-08-02] ()
3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [13880 2009-07-20] ( )
3 L6PODX3LV; C:\Windows\System32\Drivers\L6PODX3LV.sys [583168 2011-11-30] (Line 6)
0 sptd; C:\Windows\System32\Drivers\sptd.sys [477240 2012-08-22] (Duplex Secure Ltd.)
1 tmactmon; C:\Windows\System32\DRIVERS\tmactmon.sys [80464 2010-09-17] (Trend Micro Inc.)
1 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [189520 2010-09-17] (Trend Micro Inc.)
1 tmevtmgr; C:\Windows\System32\DRIVERS\tmevtmgr.sys [64080 2010-09-17] (Trend Micro Inc.)
2 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [92112 2010-09-17] (Trend Micro Inc.)
3 btwampfl; C:\Windows\System32\drivers\btwampfl.sys [x]
3 btwaudio; C:\Windows\System32\drivers\btwaudio.sys [x]
3 btwavdt; C:\Windows\system32\drivers\btwavdt.sys [x]
3 btwl2cap; C:\Windows\System32\DRIVERS\btwl2cap.sys [x]
3 btwrchid; C:\Windows\system32\drivers\btwrchid.sys [x]
3 IntcAzAudAddService; C:\Windows\System32\drivers\RTKVHDA.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-02-01 11:54 - 2013-02-01 11:54 - 00000000 ____D C:\Users\Brehm\AppData\Local\{E6834EBB-5CC2-47E0-AFD1-367BA12557FE}
2013-01-25 11:45 - 2013-01-31 11:47 - 00000000 ____D C:\Users\Brehm\AppData\Local\{CAEB7411-A4F2-44CA-A1BE-64482EF0E424}
2013-01-22 00:12 - 2013-01-24 12:13 - 00000000 ____D C:\Users\Brehm\AppData\Local\{13390C2C-4688-4284-B6F8-5F7D178478C8}
2013-01-21 12:22 - 2013-02-02 20:29 - 00000000 ____D C:\Program Files\Hotel Gigant
2013-01-21 12:12 - 2013-01-21 12:12 - 00000000 ____D C:\Users\Brehm\AppData\Local\{08631867-C902-4E35-9C47-696753AE8CC4}
2013-01-18 08:05 - 2013-01-18 08:05 - 00001146 ____A C:\Users\Brehm\Documents\nhl.txt
2013-01-10 06:37 - 2013-02-02 20:28 - 00000000 ____D C:\Program Files\Transport Gigant GOLD
2013-01-10 00:27 - 2013-01-16 10:41 - 00000000 ____D C:\Users\Brehm\AppData\Local\{9C19EAAB-3CA4-4290-A9A5-B1940B33674D}
2013-01-07 11:11 - 2013-01-09 11:40 - 00000000 ____D C:\Users\Brehm\AppData\Local\{8F5BB913-28DA-4A8C-855A-83802D4B9641}
==================== One Month Modified Files and Folders ========
2013-02-04 20:50 - 2013-02-04 20:50 - 00000000 ____D C:\FRST
2013-02-02 20:36 - 2011-04-15 10:39 - 00000000 ____D C:\Program Files\Common Files\InstantOn
2013-02-02 20:36 - 2011-04-15 10:18 - 00000000 ____D C:\Program Files\E-Cam
2013-02-02 20:36 - 2011-02-16 02:40 - 00000000 ____D C:\Windows\System32\Drivers\de-DE
2013-02-02 20:36 - 2011-02-11 02:57 - 00000000 ____D C:\Windows\System32\SPReview
2013-02-02 20:36 - 2009-07-13 23:49 - 00000000 ____D C:\Program Files\Windows Journal
2013-02-02 20:36 - 2009-07-13 23:48 - 00000000 ___RD C:\Users\Public\Recorded TV
2013-02-02 20:36 - 2009-07-13 23:48 - 00000000 ____D C:\Windows\ShellNew
2013-02-02 20:36 - 2009-07-13 20:52 - 00000000 ____D C:\Windows\twain_32
2013-02-02 20:36 - 2009-07-13 20:52 - 00000000 ____D C:\Windows\System32\WinBioPlugIns
2013-02-02 20:36 - 2009-07-13 20:52 - 00000000 ____D C:\Windows\Offline Web Pages
2013-02-02 20:36 - 2009-07-13 20:52 - 00000000 ____D C:\Windows\addins
2013-02-02 20:36 - 2009-07-13 20:52 - 00000000 ____D C:\Program Files\Windows Sidebar
2013-02-02 20:36 - 2009-07-13 20:52 - 00000000 ____D C:\Program Files\Windows Portable Devices
2013-02-02 20:36 - 2009-07-13 20:52 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2013-02-02 20:36 - 2009-07-13 20:52 - 00000000 ____D C:\Program Files\Windows Defender
2013-02-02 20:36 - 2009-07-13 20:52 - 00000000 ____D C:\Program Files\DVD Maker
2013-02-02 20:36 - 2009-07-13 18:37 - 00000000 __RSD C:\Windows\Media
2013-02-02 20:36 - 2009-07-13 18:37 - 00000000 __RHD C:\Users\Public\Libraries
2013-02-02 20:36 - 2009-07-13 18:37 - 00000000 ___RD C:\users\Public
2013-02-02 20:36 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\TAPI
2013-02-02 20:36 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\zh-TW
2013-02-02 20:36 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\zh-CN
2013-02-02 20:36 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\wfp
2013-02-02 20:36 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\th-TH
2013-02-02 20:36 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\sv-SE
2013-02-02 20:36 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\sl-SI
2013-02-02 20:36 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\pt-BR
2013-02-02 20:36 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\pl-PL
2013-02-02 20:36 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\nl-NL
2013-02-02 20:36 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\nb-NO
2013-02-02 20:36 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\Msdtc
2013-02-02 20:36 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\lv-LV
2013-02-02 20:36 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\lt-LT
2013-02-02 20:36 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\ko-KR
2013-02-02 20:36 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\ja-JP
2013-02-02 20:36 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\it-IT
2013-02-02 20:36 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\he-IL
2013-02-02 20:36 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\fr-FR
2013-02-02 20:36 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\fi-FI
2013-02-02 20:36 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\et-EE
2013-02-02 20:36 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\el-GR
2013-02-02 20:36 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\DriverStore
2013-02-02 20:36 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\de-DE
2013-02-02 20:36 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\com
2013-02-02 20:36 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\AdvancedInstallers
2013-02-02 20:36 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\system
2013-02-02 20:36 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\rescache
2013-02-02 20:36 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\L2Schemas
2013-02-02 20:36 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\IME
2013-02-02 20:36 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\Cursors
2013-02-02 20:36 - 2009-07-13 18:37 - 00000000 ____D C:\Program Files\Common Files\System
2013-02-02 20:36 - 2009-07-13 18:37 - 00000000 ____D C:\Program Files\Common Files\Services
2013-02-02 20:35 - 2011-02-16 02:40 - 00000000 ____D C:\Windows\de-DE
2013-02-02 20:31 - 2011-04-15 10:04 - 00000000 ____D C:\Windows\System32\Lang
2013-02-02 20:31 - 2011-02-16 02:40 - 00000000 ____D C:\Windows\System32\XPSViewer
2013-02-02 20:31 - 2009-07-13 20:56 - 00000000 ____D C:\Windows\System32\winrm
2013-02-02 20:31 - 2009-07-13 20:56 - 00000000 ____D C:\Windows\System32\WCN
2013-02-02 20:31 - 2009-07-13 20:56 - 00000000 ____D C:\Windows\System32\slmgr
2013-02-02 20:31 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\spp
2013-02-02 20:31 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\Speech
2013-02-02 20:31 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\SMI
2013-02-02 20:31 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\NDF
2013-02-02 20:30 - 2012-11-11 09:20 - 00000000 ____D C:\Users\Brehm\AppData\Roaming\vlc
2013-02-02 20:30 - 2012-11-01 12:09 - 00000000 ____D C:\Users\All Users\Skype
2013-02-02 20:30 - 2012-08-23 12:18 - 00000000 ____D C:\Windows\Minidump
2013-02-02 20:30 - 2012-04-12 06:26 - 00000000 ____D C:\users\Brehm
2013-02-02 20:30 - 2011-04-15 10:36 - 00000000 ____D C:\Users\All Users\Trend Micro
2013-02-02 20:30 - 2011-04-15 10:27 - 00000000 ____D C:\Windows\it
2013-02-02 20:30 - 2011-04-15 10:27 - 00000000 ____D C:\Windows\fr
2013-02-02 20:30 - 2011-04-15 10:26 - 00000000 ____D C:\Windows\de
2013-02-02 20:30 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\schemas
2013-02-02 20:30 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\Resources
2013-02-02 20:30 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\PLA
2013-02-02 20:30 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\Globalization
2013-02-02 20:30 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\Branding
2013-02-02 20:30 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\AppCompat
2013-02-02 20:29 - 2013-01-21 12:22 - 00000000 ____D C:\Program Files\Hotel Gigant
2013-02-02 20:29 - 2012-12-06 15:04 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-02-02 20:29 - 2012-11-01 12:09 - 00000000 ___RD C:\Program Files\Skype
2013-02-02 20:29 - 2012-11-01 12:09 - 00000000 ____D C:\Program Files\Common Files\Skype
2013-02-02 20:29 - 2012-08-22 03:07 - 00000000 ____D C:\Program Files\DAEMON Tools Lite
2013-02-02 20:29 - 2012-08-22 03:01 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-02-02 20:29 - 2012-08-22 01:17 - 00000000 ____D C:\Program Files\Audacity
2013-02-02 20:29 - 2011-04-15 10:38 - 00000000 ____D C:\Program Files\Times Reader
2013-02-02 20:29 - 2011-04-15 10:23 - 00000000 ____D C:\Program Files\Windows Live
2013-02-02 20:29 - 2011-04-15 10:18 - 00000000 ____D C:\Program Files\Common Files\Oberon Media
2013-02-02 20:29 - 2011-04-15 10:16 - 00000000 ____D C:\Program Files\Asus
2013-02-02 20:29 - 2011-04-15 10:08 - 00000000 ____D C:\Program Files\Atheros
2013-02-02 20:29 - 2011-04-15 10:04 - 00000000 ____D C:\Program Files\Common Files\InstallShield
2013-02-02 20:29 - 2009-07-13 20:52 - 00000000 ____D C:\Program Files\Reference Assemblies
2013-02-02 20:29 - 2009-07-13 20:52 - 00000000 ____D C:\Program Files\MSBuild
2013-02-02 20:29 - 2009-07-13 18:37 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2013-02-02 20:28 - 2013-01-10 06:37 - 00000000 ____D C:\Program Files\Transport Gigant GOLD
2013-02-02 20:23 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\registration
2013-02-02 20:13 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\Web
2013-02-02 20:13 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\Vss
2013-02-02 20:12 - 2009-07-13 20:52 - 00000000 ____D C:\Windows\System32\WindowsPowerShell
2013-02-02 20:12 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\spool
2013-02-02 20:11 - 2009-07-13 20:56 - 00000000 ____D C:\Windows\System32\Printing_Admin_Scripts
2013-02-02 20:11 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\NetworkList
2013-02-02 20:10 - 2011-04-15 10:20 - 00000000 ____D C:\Windows\System32\Macromed
2013-02-02 20:10 - 2011-02-11 02:44 - 00000000 ____D C:\Windows\System32\EventProviders
2013-02-02 20:10 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\IME
2013-02-02 20:06 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\Speech
2013-02-02 20:05 - 2009-07-13 20:52 - 00000000 ____D C:\Windows\Performance
2013-02-02 20:05 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\security
2013-02-02 20:04 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\Microsoft.NET
2013-02-02 20:02 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\Help
2013-02-02 20:00 - 2012-11-01 12:09 - 00000000 ____D C:\Users\Brehm\AppData\Roaming\Skype
2013-02-02 20:00 - 2009-07-13 18:37 - 00000000 __RHD C:\users\Default
2013-02-02 19:59 - 2009-07-13 18:37 - 00000000 ____D C:\Program Files\Windows NT
2013-02-02 19:58 - 2011-04-15 10:34 - 00000000 ____D C:\Program Files\syncables
2013-02-02 19:58 - 2011-04-15 10:06 - 00000000 ____D C:\Program Files\Synaptics
2013-02-02 19:58 - 2011-04-15 10:04 - 00000000 ____D C:\Program Files\Realtek
2013-02-02 19:57 - 2011-04-15 10:31 - 00000000 ____D C:\Program Files\Microsoft Office
2013-02-02 19:57 - 2011-04-15 10:26 - 00000000 ____D C:\Program Files\Microsoft SQL Server Compact Edition
2013-02-02 19:57 - 2011-04-15 10:03 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2013-02-02 19:57 - 2009-07-13 20:52 - 00000000 ____D C:\Program Files\Microsoft Games
2013-02-02 19:56 - 2011-04-15 10:21 - 00000000 ____D C:\Program Files\Common Files\Windows Live
2013-02-02 19:56 - 2009-07-13 18:37 - 00000000 ____D C:\Program Files\Common Files\SpeechEngines
2013-02-02 19:55 - 2011-04-15 10:20 - 00000000 ____D C:\Program Files\Common Files\Adobe AIR
2013-02-02 19:55 - 2011-04-15 10:19 - 00000000 ____D C:\Program Files\Common Files\Adobe
2013-02-02 19:55 - 2011-04-15 10:19 - 00000000 ____D C:\Program Files\Adobe
2013-02-02 19:55 - 2011-04-15 10:16 - 00000000 ____D C:\AsusVibeData
2013-02-02 19:24 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\LogFiles
2013-02-01 12:31 - 2012-04-12 10:40 - 00000000 ____D C:\Users\Brehm\Tracing
2013-02-01 12:19 - 2012-04-12 06:26 - 00000000 ____D C:\Users\Brehm\AppData\Local\Windows Live
2013-02-01 11:54 - 2013-02-01 11:54 - 00000000 ____D C:\Users\Brehm\AppData\Local\{E6834EBB-5CC2-47E0-AFD1-367BA12557FE}
2013-01-31 11:47 - 2013-01-25 11:45 - 00000000 ____D C:\Users\Brehm\AppData\Local\{CAEB7411-A4F2-44CA-A1BE-64482EF0E424}
2013-01-24 12:13 - 2013-01-22 00:12 - 00000000 ____D C:\Users\Brehm\AppData\Local\{13390C2C-4688-4284-B6F8-5F7D178478C8}
2013-01-21 12:12 - 2013-01-21 12:12 - 00000000 ____D C:\Users\Brehm\AppData\Local\{08631867-C902-4E35-9C47-696753AE8CC4}
2013-01-18 08:05 - 2013-01-18 08:05 - 00001146 ____A C:\Users\Brehm\Documents\nhl.txt
2013-01-16 14:25 - 2012-04-12 06:26 - 00000000 ____D C:\Users\Brehm\AppData\Local\VirtualStore
2013-01-16 10:41 - 2013-01-10 00:27 - 00000000 ____D C:\Users\Brehm\AppData\Local\{9C19EAAB-3CA4-4290-A9A5-B1940B33674D}
2013-01-09 11:40 - 2013-01-07 11:11 - 00000000 ____D C:\Users\Brehm\AppData\Local\{8F5BB913-28DA-4A8C-855A-83802D4B9641}
==================== Known DLLs (Whitelisted) =================
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
TDL4: custom:26000022 <===== ATTENTION!
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
==================== Restore Points =========================
Restore point made on: 2013-01-09 18:00:58
Restore point made on: 2013-01-17 00:12:55
Restore point made on: 2013-01-24 17:19:12
==================== Memory info ===========================
Percentage of memory in use: 18%
Total physical RAM: 2038.12 MB
Available physical RAM: 1656.75 MB
Total Pagefile: 2038.12 MB
Available Pagefile: 1651.96 MB
Total Virtual: 2047.88 MB
Available Virtual: 1960.7 MB
==================== Partitions =============================
1 Drive c: () (Fixed) (Total:100 GB) (Free:66.12 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
2 Drive d: () (Fixed) (Total:350.74 GB) (Free:343.45 GB) NTFS
3 Drive e: (HITMANPRO) (Removable) (Total:29.75 GB) (Free:29.73 GB) FAT32
4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 465 GB 0 B
Disk 1 Online 29 GB 0 B
Partitions of Disk 0:
===============
Disk ID: 90DD1478
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 100 GB 1024 KB
Partition 2 Primary 15 GB 100 GB
Partition 3 Primary 350 GB 115 GB
Partition 4 Primary 16 MB 465 GB
=========================================================
Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 0 C NTFS Partition 100 GB Healthy
=========================================================
Disk: 0
Partition 2
Type : 1B
Hidden: Yes
Active: No
There is no volume associated with this partition.
=========================================================
Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 D NTFS Partition 350 GB Healthy
=========================================================
Disk: 0
Partition 4
Type : EF
Hidden: Yes
Active: No
There is no volume associated with this partition.
=========================================================
Partitions of Disk 1:
===============
Disk ID: F910D2C7
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 29 GB 31 KB
=========================================================
Disk: 1
Partition 1
Type : 0B
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 E HITMANPRO FAT32 Removable 29 GB Healthy
=========================================================
Last Boot: 2013-01-23 17:39
==================== End Of Log ============================
|
|
05.02.2013, 16:44
| #6 |
| /// TB-Ausbilder | Schweizer Variante des GVU-Trojaners auf Netbook Servus, Drücke bitte die  + R Taste und schreibe notepad in das Ausführen Fenster.Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter start
HKU\Brehm\...\Winlogon: [Shell] explorer.exe,C:\Users\Brehm\AppData\Roaming\skype.dat [110592 2011-11-16] ()
C:\Users\Brehm\AppData\Roaming\skype.dat
TDL4: custom:26000022 <===== ATTENTION!
end
Bitte berichte mir, ob du anschließend wieder normal starten kannst. |
|
05.02.2013, 20:17
| #7 |
| | Schweizer Variante des GVU-Trojaners auf Netbook Hier nun der Inhalt der Fixlog.txt Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 02-02-2013 02
Ran by SYSTEM at 2013-02-05 20:10:37 Run:1
Running from E:\
==============================================
HKEY_USERS\Brehm\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell Value deleted successfully.
C:\Users\Brehm\AppData\Roaming\skype.dat moved successfully.
The operation completed successfully.
The operation completed successfully.
==== End of Fixlog ====
Der Rechner liess sich daraufhin wieder normal starten, ich konnte mich normal einloggen und auch der Trojaner scheint verschwunden zu sein. Auf jeden Fall ist der Desktop schon mal nicht mehr gesperrt. Auf dem Desktop erschien eine Meldung, dass die Systemwiederherstellung nicht erfolgreich war (Hatte dies ja vor deiner Hilfe als Punkt 3 versucht gehabt). |
|
06.02.2013, 18:02
| #8 |
| /// TB-Ausbilder | Schweizer Variante des GVU-Trojaners auf Netbook Servus, sehr gut.  Dann überprüfen wir deinen Rechner mit den "normalen Analysetools". Schritt 1 Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop (falls noch nicht vorhanden).
Code:
ATTFilter activex
netsvcs
msconfig
drivers32
safebootminimal
safebootnetwork
CREATERESTOREPOINT
Schritt 2 Downloade Dir bitte defogger von jpshortstuff auf Deinem Desktop.
Schritt 3 Bitte
Bitte poste mit deiner nächsten Antwort
|
|
09.02.2013, 09:25
| #9 |
| | Schweizer Variante des GVU-Trojaners auf Netbook Hallo, ich befinde mich gerade noch auf einer Geschäftsreise und werde erst heute im Verlauf des Abends zuhause ankommen. Werde dann die gesamten Scans morgen durchführen. Gruss stagatha |
|
09.02.2013, 12:37
| #10 |
| /// TB-Ausbilder | Schweizer Variante des GVU-Trojaners auf Netbook Servus, vielen Dank für deine Rückmeldung. Ich warte gespannt auf die Logdateien.  |
|
13.02.2013, 23:36
| #11 |
| | Schweizer Variante des GVU-Trojaners auf Netbook So, ich habe es nun auch endlich geschafft, die Scans durchzuführen. 1. OTL-Log Code:
ATTFilter OTL logfile created on: 13.02.2013 19:47:04 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Brehm\Desktop Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy 1,99 Gb Total Physical Memory | 1,37 Gb Available Physical Memory | 68,88% Memory free 3,98 Gb Paging File | 3,12 Gb Available in Paging File | 78,35% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files Drive C: | 100,00 Gb Total Space | 65,52 Gb Free Space | 65,52% Space Free | Partition Type: NTFS Drive D: | 350,74 Gb Total Space | 343,45 Gb Free Space | 97,92% Space Free | Partition Type: NTFS Drive F: | 29,75 Gb Total Space | 29,73 Gb Free Space | 99,93% Space Free | Partition Type: FAT32 Computer Name: BREHM-EEE | User Name: Brehm | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.02.13 19:40:34 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Brehm\Desktop\OTL.exe PRC - [2012.11.30 03:55:25 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe PRC - [2012.11.23 03:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2012.06.28 16:13:20 | 000,099,792 | ---- | M] (AsusTek Computer Inc.) -- C:\Program Files\ASUS\USBChargeSetting\iSeriesCharge.exe PRC - [2011.03.11 02:05:54 | 001,095,080 | ---- | M] (AsusTek Computer Inc.) -- C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe PRC - [2011.02.25 18:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE PRC - [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2011.01.06 23:16:38 | 000,414,384 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files\Asus\Eee Docking\Eee Docking.exe PRC - [2010.12.07 17:20:02 | 000,101,288 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\ASUS\HotkeyService\HotKeyMon.exe PRC - [2010.12.07 17:19:54 | 000,224,680 | ---- | M] () -- C:\Windows\System32\AsusService.exe PRC - [2010.12.07 17:19:52 | 001,248,176 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\ASUS\HotkeyService\HotkeyService.exe PRC - [2010.11.15 20:27:22 | 000,445,344 | ---- | M] (ASUS) -- C:\Program Files\ASUS\CapsHook\CapsHook.exe PRC - [2010.11.15 20:25:36 | 000,412,600 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\ASUS\SHE\SuperHybridEngine.exe PRC - [2010.09.17 09:32:44 | 000,197,968 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Titanium\TiResumeSrv.exe PRC - [2010.09.17 09:32:44 | 000,161,104 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Titanium\TiMiniService.exe PRC - [2009.11.19 14:44:14 | 000,083,240 | ---- | M] (Synaptics Incorporated) -- C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe PRC - [2009.08.12 11:32:56 | 000,365,936 | ---- | M] (Boingo Wireless, Inc.) -- C:\Program Files\Boingo\Boingo Wi-Fi\Boingo Wi-Fi.exe ========== Modules (No Company Name) ========== MOD - [2013.02.07 12:55:49 | 001,670,144 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\b95e7795ea5951d09521cddfc03b5c4e\Microsoft.VisualBasic.ni.dll MOD - [2013.02.07 00:08:07 | 012,436,480 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\865d2bf19a7af7fab8660a42d92550fe\System.Windows.Forms.ni.dll MOD - [2013.02.07 00:07:39 | 001,592,832 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll MOD - [2013.02.07 00:06:32 | 005,453,312 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll MOD - [2013.02.07 00:06:20 | 000,971,264 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll MOD - [2013.02.07 00:06:17 | 007,989,760 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll MOD - [2013.02.07 00:05:55 | 011,493,376 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll MOD - [2010.09.02 12:08:00 | 000,118,784 | ---- | M] () -- C:\PROGRA~1\ASUS\ASUSWE~1\3084~1.161\ASUSWS~1.DLL ========== Services (SafeList) ========== SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe -- (Amsp) SRV - [2013.02.11 20:21:37 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.12.07 00:04:11 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.11.01 21:26:34 | 000,024,576 | ---- | M] (Realtek Semiconductor.) [Auto | Stopped] -- C:\Program Files\Realtek\Audio\SetupAfterRebootService.exe -- (SetupARService) SRV - [2012.10.19 16:56:30 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.04.15 16:02:03 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc) SRV - [2011.03.02 05:23:36 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc) SRV - [2011.02.25 18:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (SeaPort) SRV - [2010.12.07 17:19:54 | 000,224,680 | ---- | M] () [Auto | Running] -- C:\Windows\System32\AsusService.exe -- (AsusService) SRV - [2010.09.17 09:32:44 | 000,161,104 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\Titanium\TiMiniService.exe -- (TiMiniService) SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\btwrchid.sys -- (btwrchid) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\btwl2cap.sys -- (btwl2cap) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\btwavdt.sys -- (btwavdt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\btwaudio.sys -- (btwaudio) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\btwampfl.sys -- (btwampfl) DRV - File not found [Kernel | On_Demand | Unknown] -- -- (acdp52ww) DRV - [2012.08.22 12:09:09 | 000,477,240 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd) DRV - [2012.05.07 14:10:18 | 000,014,720 | ---- | M] (ASUSTek Computer Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AiDriver.sys -- (AiDriver) DRV - [2011.11.30 21:13:48 | 000,583,168 | ---- | M] (Line 6) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\L6PODX3LV.sys -- (L6PODX3LV) DRV - [2010.11.20 11:24:42 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010.11.20 11:24:42 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD) DRV - [2010.11.20 10:59:46 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2010.09.17 09:32:48 | 000,189,520 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\tmcomm.sys -- (tmcomm) DRV - [2010.09.17 09:32:48 | 000,092,112 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\tmtdi.sys -- (tmtdi) DRV - [2010.09.17 09:32:48 | 000,080,464 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\tmactmon.sys -- (tmactmon) DRV - [2010.09.17 09:32:48 | 000,064,080 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\tmevtmgr.sys -- (tmevtmgr) DRV - [2010.08.03 06:20:56 | 000,011,832 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\AsUpIO.sys -- (AsUpIO) DRV - [2010.07.29 06:25:03 | 000,068,208 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C62x86.sys -- (L1C) DRV - [2010.06.28 06:24:00 | 000,011,456 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\AsIO.sys -- (AsIO) DRV - [2009.10.05 17:31:50 | 001,221,632 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2009.07.20 10:29:40 | 000,013,880 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\kbfiltr.sys -- (kbfiltr) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP07&src=IE-SearchBox IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1035479231-4169450188-213944045-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com IE - HKU\S-1-5-21-1035479231-4169450188-213944045-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://eeepc.asus.com [binary data] IE - HKU\S-1-5-21-1035479231-4169450188-213944045-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://eeepc.asus.com [binary data] IE - HKU\S-1-5-21-1035479231-4169450188-213944045-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com IE - HKU\S-1-5-21-1035479231-4169450188-213944045-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-1035479231-4169450188-213944045-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP07&src=IE-SearchBox IE - HKU\S-1-5-21-1035479231-4169450188-213944045-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1 FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32_11_5_502_149.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\firefoxextension\ [2013.02.03 04:58:39 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.02.03 05:29:47 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.02.03 05:29:47 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.04.12 19:49:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Brehm\AppData\Roaming\mozilla\Extensions [2012.11.01 15:41:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Brehm\AppData\Roaming\mozilla\Firefox\Profiles\5fpjdjtg.default\extensions [2013.01.18 22:42:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions [2012.12.07 00:04:11 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.11.04 11:26:33 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.11.04 11:26:33 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.11.04 11:26:33 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.11.04 11:26:33 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.11.04 11:26:33 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.11.04 11:26:33 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg.dll (Trend Micro Inc.) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe32.dll (Trend Micro Inc.) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4 - HKLM..\Run: [ASUSPRP] C:\Program Files\ASUS\APRP\APRP.EXE (ASUSTek Computer Inc.) O4 - HKLM..\Run: [ASUSWebStorage] C:\Program Files\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe (ecareme) O4 - HKLM..\Run: [Boingo Wi-Fi] C:\Program Files\Boingo\Boingo Wi-Fi\Boingo.lnk () O4 - HKLM..\Run: [CapsHook] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.) O4 - HKLM..\Run: [Eee Docking] C:\Program Files\ASUS\Eee Docking\Eee Docking.exe (ASUSTek Computer Inc.) O4 - HKLM..\Run: [EeeSplendidAgent] C:\Program Files\ASUS\EPC\EeeSplendid\AsAgent.exe File not found O4 - HKLM..\Run: [HotkeyMon] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.) O4 - HKLM..\Run: [HotkeyService] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.) O4 - HKLM..\Run: [iSeriesCharge] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.) O4 - HKLM..\Run: [LiveUpdate] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.) O4 - HKLM..\Run: [SuperHybridEngine] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.) O4 - HKLM..\Run: [SynAsusAcpi] C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe (Synaptics Incorporated) O4 - HKLM..\Run: [Trend Micro Client Framework] C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe (Trend Micro Inc.) O4 - HKLM..\Run: [Trend Micro Titanium] C:\Program Files\Trend Micro\Titanium\VizorShortCut.exe (Trend Micro Inc.) O4 - HKLM..\Run: [VizorHtmlDialog.exe] C:\Program Files\Trend Micro\Titanium\UIFramework\VizorHtmlDialog.exe (Trend Micro Inc.) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\S-1-5-21-1035479231-4169450188-213944045-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Brehm\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0B9553F6-C4F3-434F-B724-B2A98C870D1E}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0B9553F6-C4F3-434F-B724-B2A98C870D1E}: NameServer = 208.67.222.222,208.67.220.220 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe32.dll (Trend Micro Inc.) O18 - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg.dll (Trend Micro Inc.) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: MSVideo8 - C:\windows\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\windows\System32\iccvid.dll (Radius Inc.) SafeBootMin: AppMgmt - Service SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - Service SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2013.02.13 19:44:46 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Brehm\Desktop\OTL.exe [2013.02.05 23:55:41 | 002,345,984 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\win32k.sys [2013.02.05 23:55:14 | 000,271,360 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\conhost.exe [2013.02.05 23:55:14 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\winsrv.dll [2013.02.05 23:55:14 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-file-l1-1-0.dll [2013.02.05 23:55:14 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-processthreads-l1-1-0.dll [2013.02.05 23:55:14 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll [2013.02.05 23:55:14 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-synch-l1-1-0.dll [2013.02.05 23:55:14 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-misc-l1-1-0.dll [2013.02.05 23:55:14 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-localregistry-l1-1-0.dll [2013.02.05 23:55:14 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll [2013.02.05 23:55:14 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll [2013.02.05 23:55:14 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-memory-l1-1-0.dll [2013.02.05 23:55:14 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll [2013.02.05 23:55:14 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-interlocked-l1-1-0.dll [2013.02.05 23:55:14 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-heap-l1-1-0.dll [2013.02.05 23:55:14 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-string-l1-1-0.dll [2013.02.05 23:55:14 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-profile-l1-1-0.dll [2013.02.05 23:55:14 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-io-l1-1-0.dll [2013.02.05 23:55:14 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-handle-l1-1-0.dll [2013.02.05 23:55:14 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll [2013.02.05 23:55:14 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-delayload-l1-1-0.dll [2013.02.05 23:55:13 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-security-base-l1-1-0.dll [2013.02.05 23:55:13 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-threadpool-l1-1-0.dll [2013.02.05 23:55:13 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-localization-l1-1-0.dll [2013.02.05 23:55:13 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-xstate-l1-1-0.dll [2013.02.05 23:55:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-util-l1-1-0.dll [2013.02.05 23:55:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll [2013.02.05 23:55:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-fibers-l1-1-0.dll [2013.02.05 23:55:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-debug-l1-1-0.dll [2013.02.05 23:55:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-datetime-l1-1-0.dll [2013.02.05 23:55:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-console-l1-1-0.dll [2013.02.05 23:54:42 | 002,576,384 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\gameux.dll [2013.02.05 23:54:42 | 000,308,736 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\Wpc.dll [2013.02.05 23:54:42 | 000,046,592 | ---- | C] (Microsoft) -- C:\windows\System32\fpb.rs [2013.02.05 23:54:42 | 000,045,568 | ---- | C] (Microsoft) -- C:\windows\System32\oflc-nz.rs [2013.02.05 23:54:42 | 000,044,544 | ---- | C] (Microsoft) -- C:\windows\System32\pegibbfc.rs [2013.02.05 23:54:42 | 000,043,520 | ---- | C] (Microsoft) -- C:\windows\System32\csrr.rs [2013.02.05 23:54:42 | 000,040,960 | ---- | C] (Microsoft) -- C:\windows\System32\cob-au.rs [2013.02.05 23:54:42 | 000,030,720 | ---- | C] (Microsoft) -- C:\windows\System32\usk.rs [2013.02.05 23:54:42 | 000,021,504 | ---- | C] (Microsoft) -- C:\windows\System32\grb.rs [2013.02.05 23:54:42 | 000,020,480 | ---- | C] (Microsoft) -- C:\windows\System32\pegi-pt.rs [2013.02.05 23:54:42 | 000,020,480 | ---- | C] (Microsoft) -- C:\windows\System32\pegi.rs [2013.02.05 23:54:42 | 000,015,360 | ---- | C] (Microsoft) -- C:\windows\System32\djctq.rs [2013.02.05 23:54:41 | 000,055,296 | ---- | C] (Microsoft) -- C:\windows\System32\cero.rs [2013.02.05 23:54:41 | 000,051,712 | ---- | C] (Microsoft) -- C:\windows\System32\esrb.rs [2013.02.05 23:54:41 | 000,023,552 | ---- | C] (Microsoft) -- C:\windows\System32\oflc.rs [2013.02.05 23:54:41 | 000,020,480 | ---- | C] (Microsoft) -- C:\windows\System32\pegi-fi.rs [2013.02.05 23:54:26 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ncrypt.dll [2013.02.05 23:54:26 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\taskhost.exe [2013.02.05 05:50:12 | 000,000,000 | ---D | C] -- C:\FRST [2013.02.02 19:20:34 | 000,000,000 | ---D | C] -- C:\Users\Brehm\AppData\Local\ElevatedDiagnostics [2013.02.01 20:54:14 | 000,000,000 | ---D | C] -- C:\Users\Brehm\AppData\Local\{E6834EBB-5CC2-47E0-AFD1-367BA12557FE} [2013.01.25 20:45:15 | 000,000,000 | ---D | C] -- C:\Users\Brehm\AppData\Local\{CAEB7411-A4F2-44CA-A1BE-64482EF0E424} [2013.01.22 09:12:28 | 000,000,000 | ---D | C] -- C:\Users\Brehm\AppData\Local\{13390C2C-4688-4284-B6F8-5F7D178478C8} [2013.01.21 21:32:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hotel Gigant [2013.01.21 21:22:46 | 000,000,000 | ---D | C] -- C:\Program Files\Hotel Gigant [2013.01.21 21:12:03 | 000,000,000 | ---D | C] -- C:\Users\Brehm\AppData\Local\{08631867-C902-4E35-9C47-696753AE8CC4} ========== Files - Modified Within 30 Days ========== [2013.02.13 19:45:37 | 000,665,578 | ---- | M] () -- C:\windows\System32\perfh007.dat [2013.02.13 19:45:37 | 000,627,420 | ---- | M] () -- C:\windows\System32\perfh009.dat [2013.02.13 19:45:37 | 000,133,758 | ---- | M] () -- C:\windows\System32\perfc007.dat [2013.02.13 19:45:37 | 000,110,140 | ---- | M] () -- C:\windows\System32\perfc009.dat [2013.02.13 19:43:55 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job [2013.02.13 19:43:45 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2013.02.13 19:42:20 | 000,365,568 | ---- | M] () -- C:\Users\Brehm\Desktop\gmer_2.0.18454.exe [2013.02.13 19:41:54 | 000,050,477 | ---- | M] () -- C:\Users\Brehm\Desktop\Defogger.exe [2013.02.13 19:40:34 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Brehm\Desktop\OTL.exe [2013.02.11 20:21:36 | 000,697,712 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerApp.exe [2013.02.11 20:21:36 | 000,074,096 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerCPLApp.cpl [2013.02.07 12:26:13 | 000,009,920 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.02.07 12:26:12 | 000,009,920 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.02.07 12:17:59 | 1602,838,528 | -HS- | M] () -- C:\hiberfil.sys [2013.02.07 00:04:22 | 000,269,680 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT ========== Files Created - No Company Name ========== [2013.02.13 19:44:46 | 000,365,568 | ---- | C] () -- C:\Users\Brehm\Desktop\gmer_2.0.18454.exe [2013.02.13 19:44:46 | 000,050,477 | ---- | C] () -- C:\Users\Brehm\Desktop\Defogger.exe [2013.01.16 23:27:33 | 002,265,552 | R--- | C] () -- C:\Users\Brehm\Documents\TGConfig.gen [2012.04.12 15:29:06 | 000,005,576 | ---- | C] () -- C:\windows\Language.ini [2011.04.15 19:20:34 | 000,224,680 | ---- | C] () -- C:\windows\System32\AsusService.exe [2011.04.15 19:20:33 | 000,025,616 | ---- | C] () -- C:\windows\AsAcpiSvrLang.ini [2011.04.15 19:18:36 | 000,131,984 | ---- | C] () -- C:\ProgramData\FullRemove.exe [2011.04.15 19:16:20 | 000,011,832 | ---- | C] () -- C:\windows\System32\drivers\AsUpIO.sys [2011.04.15 19:16:18 | 000,011,456 | ---- | C] () -- C:\windows\System32\drivers\AsIO.sys [2011.04.15 19:15:55 | 000,000,852 | ---- | C] () -- C:\windows\System32\drivers\RTKHDRC.dat [2011.04.15 19:15:55 | 000,000,520 | ---- | C] () -- C:\windows\System32\drivers\RTEQEX0.dat [2011.04.15 19:15:53 | 000,000,399 | ---- | C] () -- C:\windows\Reboot.ini [2011.04.15 19:08:43 | 000,013,931 | ---- | C] () -- C:\windows\System32\RaCoInst.dat [2011.04.15 19:05:03 | 000,004,692 | ---- | C] () -- C:\windows\System32\drivers\SamSfPa.dat [2011.04.15 19:05:03 | 000,000,008 | ---- | C] () -- C:\windows\System32\drivers\rtkhdaud.dat [2011.02.16 11:41:17 | 000,665,578 | ---- | C] () -- C:\windows\System32\perfh007.dat [2011.02.16 11:41:17 | 000,295,922 | ---- | C] () -- C:\windows\System32\perfi007.dat [2011.02.16 11:41:17 | 000,133,758 | ---- | C] () -- C:\windows\System32\perfc007.dat [2011.02.16 11:41:17 | 000,038,104 | ---- | C] () -- C:\windows\System32\perfd007.dat ========== ZeroAccess Check ========== [2009.07.14 05:42:31 | 000,000,227 | ---- | M] () -- C:\windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both < End of report > Code:
ATTFilter OTL Extras logfile created on: 13.02.2013 19:47:04 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Brehm\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy
1,99 Gb Total Physical Memory | 1,37 Gb Available Physical Memory | 68,88% Memory free
3,98 Gb Paging File | 3,12 Gb Available in Paging File | 78,35% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 100,00 Gb Total Space | 65,52 Gb Free Space | 65,52% Space Free | Partition Type: NTFS
Drive D: | 350,74 Gb Total Space | 343,45 Gb Free Space | 97,92% Space Free | Partition Type: NTFS
Drive F: | 29,75 Gb Total Space | 29,73 Gb Free Space | 99,93% Space Free | Partition Type: FAT32
Computer Name: BREHM-EEE | User Name: Brehm | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-1035479231-4169450188-213944045-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07D7C2D6-91D7-45A1-9265-E08A7C5D2375}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{093DD550-0C09-42D2-948B-C0C795AF0E7D}" = lport=10243 | protocol=6 | dir=in | app=system |
"{0AC6AD1A-CED8-4905-B390-24C4CCC9D22C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1465FF2D-3542-42E9-AD32-D870C70A2172}" = rport=445 | protocol=6 | dir=out | app=system |
"{350D3F7A-9E95-4EDB-BFEB-6081D8673F8F}" = rport=138 | protocol=17 | dir=out | app=system |
"{3B6415A4-3982-4A6C-9109-E6579F6C390D}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{400827AE-EB1E-4231-A73D-4E659567F707}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{446EB92A-7455-448A-8508-5A38C80AC1A2}" = rport=10243 | protocol=6 | dir=out | app=system |
"{4D45C187-1152-492A-A03E-C0C4684BD6E4}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{63E82B4C-F75D-481B-A73C-EAE8074D9739}" = lport=138 | protocol=17 | dir=in | app=system |
"{6540AF1A-2078-4CF5-BE63-58B19CD855D4}" = lport=139 | protocol=6 | dir=in | app=system |
"{66663E50-6B98-4276-B53B-F3F5EFD0B60F}" = rport=137 | protocol=17 | dir=out | app=system |
"{7E962CC3-BAD0-4D66-B6F3-E0F78D2D7159}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{92D97D5D-1D71-42C4-860E-F61313D642A4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{98BE0766-4FD4-40F5-80D7-E41E1AA3B93C}" = lport=137 | protocol=17 | dir=in | app=system |
"{98C3B615-51ED-4F87-9F9F-3E72B0ABB51E}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{A2919F00-EB3D-4065-B7A7-0BCDD84EA80A}" = lport=2869 | protocol=6 | dir=in | app=system |
"{A4487380-8E51-4C1A-B1D5-67DCD93F7CC5}" = lport=5353 | protocol=17 | dir=in | name=java(tm) platform se binary |
"{B6CACCD3-EE5E-4CFF-896F-F3D959FC5D10}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{CA39A7ED-41E6-4F6C-A1EB-90482E452ADA}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F22CF440-3F8E-41DE-9C77-67CE35D19913}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{F415D6D7-D0B8-4154-A336-59CBA44B072A}" = lport=8182 | protocol=6 | dir=in | name=java(tm) platform se binary |
"{F43D3AAB-6E2F-4848-8C96-DF9E77732430}" = rport=139 | protocol=6 | dir=out | app=system |
"{F83EBCAF-0FD2-445E-8E81-12B67FBED90C}" = lport=445 | protocol=6 | dir=in | app=system |
"{FE79A564-4189-44D9-8AE6-D3D37BA5A087}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1E426BA7-70F9-4F14-9DF2-386A91F7DFA7}" = dir=in | app=c:\program files\windows live\mesh\moe.exe |
"{20353FD6-4B63-4BC3-B423-083C5DD8AE31}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{3B5ECABF-F20C-4892-8073-CFDD9DFD60D3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4AB9E0DD-F392-4759-911A-7E07D7E17954}" = protocol=6 | dir=out | app=system |
"{5AB70756-BD6D-4BEF-B585-BF371706C67D}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5CF123F2-1F31-45F3-954B-BDE85C9611AC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6481A40D-AC03-4275-A949-A5A848B1350C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6A8F18F1-6029-4339-8424-284F7D143871}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7999E6D8-DD12-47B3-85CE-4F69A351570B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7E8B1FA5-FC26-465C-AE38-FB996CF1AFE5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{83642EDE-8909-486F-BDAD-AA73C32EA3BD}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{8BB26DB3-5812-4C5D-8813-8064B2E534F1}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{97A96353-DB5A-4BEB-B902-9921C5DB1C9C}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{A4491E50-D957-4789-8D89-CCE5320DE529}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B1E8C883-32DA-4A5D-8F9C-51FB45526A69}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C9FA8287-7A34-40AF-9DEF-A29D76282405}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{D119BDA5-C31A-4D0E-8841-B63EFDB0D58B}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{D490D370-0F93-4F4C-82BE-B694E05582A2}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{D8BC9027-1411-4B12-ABC4-4C9E4CDF8D16}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{E9950407-194A-4F0A-8F67-8C546992C93B}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"TCP Query User{D5553A7A-3C0C-4F67-93F8-BE5529C818C1}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"UDP Query User{8D130EA7-C0B6-4244-943C-B9560C8F11C3}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02602409-9189-4567-BC07-562605243B69}" = Windows Live Remote Client Resources
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0F1A2E4E-E2EE-4806-B7CE-356D83A3CDEB}" = Windows Live Family Safety
"{1111706F-666A-4037-7777-210328764D10}" = JavaFX 2.1.0
"{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources
"{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources
"{17780F99-A9DF-450B-81B3-6781B20A17A8}" = FontResizer
"{185AFA7A-F63E-450B-94AA-011CAC18090E}" = E-Cam
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1E03DB52-D5CB-4338-A338-E526DD4D4DB1}" = Bing Bar
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{294BF709-D758-4363-8D75-01479AD20927}" = Windows Live Family Safety
"{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials
"{2B4E24A0-A06F-488D-87D8-16738E5E1104}" = Windows Live Family Safety
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{341697D8-9923-445E-B42A-529E5A99CB7A}" = syncables desktop SE
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{38E5A3B1-ADF1-47E0-8024-76310A30EB36}" = LiveUpdate
"{3A65A74A-5B6E-451A-92D8-50F1182BBE9A}" = Windows Live Remote Service Resources
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D0C22FA-96D7-4789-BC5B-991A5A99BFFA}" = Windows Live Messenger
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3F4143A1-9C21-4011-8679-3BC1014C6886}" = Windows Live Mesh
"{40BFD84C-64CD-42CC-9909-8734C50429C6}" = Windows Live UX Platform Language Pack
"{41D6CED7-65E8-4EBB-BB1A-B45E2D8CF6D7}" = Windows Live Family Safety
"{43E8D9E7-AFC9-4BA3-8106-B95E02B87AB7}" = EZdrummer
"{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources
"{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{490BF87E-1F75-4453-BF55-9F540543A3CA}" = Steinberg Drum Loop Expansion 01
"{491ADA37-04EE-2ECE-9F86-DDC0106047AC}" = Times Reader
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A19D6AC-ADE0-4A07-80FF-9C9812C45557}" = Steinberg Cubase 5
"{4B1EDAFC-B0EB-465F-886C-24FAC1BED2AC}" = Windows Live Remote Client Resources
"{4B5092B6-F231-4D18-83BC-2618B729CA45}" = CapsHook
"{4D454CF8-12FD-464D-B57B-B46FE27B78BB}" = Steinberg LoopMash Content
"{4FCBCF89-1823-4D97-A6F2-0E8DD66E273A}" = Broadcom Wireless Network Adapter
"{532B917B-8235-4FA5-BE36-643A8BB053A5}" = Steinberg REVerence Content 01
"{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5866520C-8857-4986-833A-039F4584C3F7}" = Toontrack solo
"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate for Eee PC
"{6057E21C-ABE9-4059-AE3E-3BEB9925E660}" = Windows Live Messenger
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{6333FC29-BFE5-4024-AC78-958A1A7555D1}" = EeeSplendid
"{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A563426-3474-41C6-B847-42B39F1485B2}" = Windows Live Messenger
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71C0E38E-09F2-4386-9977-404D4F6640CD}" = Hotkey Service
"{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common
"{749F674B-2674-47E8-879C-5626A06B2A91}" = InstantOn
"{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{8165EFD2-0EB8-4C4F-A0E4-0E641B117ED2}" = USBCharge+
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110209593}" = Chicken Invaders 2
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{845E0BCB-8C8D-4FAB-8588-AD5FFD156C95}" = Windows Live Remote Service Resources
"{84C2B80B-64A2-4B22-93EC-F30C3D6BF7D8}" = Boingo Wi-Fi
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{865D9ED1-EAC2-436D-AFA7-0B750EB5AAAB}" = Steinberg HALionOne Studio Drum Set
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{88F08F98-12BC-4613-81A2-8F9B88CFC73E}" = Super Hybrid Engine
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}" = Ralink RT2860 Wireless LAN Card
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{99E77016-BCF2-48C8-9119-43ECF5815F65}" = AsusScreensaver
"{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB93C51F-71F9-4A28-8134-FE1B5B9373E9}" = Windows Live Remote Service Resources
"{ABBD4BA8-6703-40D2-AB1E-5BB1F7DB49A4}" = Trend Micro Titanium
"{ABBD4BA9-6703-40D2-AB1E-5BB1F7DB49A4}" = Trend Micro Titanium
"{AC0628FF-532F-4800-91EC-40903B04682F}" = Windows Live Remote Service Resources
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.1 MUI
"{AC997F93-0757-4ED4-A701-F40C2D654D09}" = Steinberg HALionOne GM Drum Set
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{BD86F1AC-B594-46E4-85DC-1258AC9E2232}" = Steinberg Groove Agent ONE Content
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C32CE55C-12BA-4951-8797-0967FDEF556F}" = Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}" = Windows Live Mesh ActiveX Control for Remote Connections
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D23CBFDA-C46B-4920-BA70-FC7878A3F05A}" = Steinberg HALionOne Studio Set
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D44AA979-47C2-4BC0-A860-09A54224EA44}_is1" = Game Park Console
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail
"{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack
"{D802DD00-16A8-4A58-AFC9-020C2380ECDA}" = EeeSplendid
"{D82CDA0D-C182-42C8-8FF2-5649C98D6003}" = Steinberg HALionOne Pro Set
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials
"{DFDBE1F9-04CE-4645-BB6C-4590EABC7A9C}" = Windows Live Remote Client Resources
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E22AD5D3-EB60-4A8F-835C-6C10E369DCE2}" = Steinberg HALionOne Expression Set
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E70E7159-93B1-470D-9FBD-D8E9EF34B538}" = Steinberg HALionOne
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live
"{F057965A-D974-4C64-ADB1-4381CD4B8956}" = Steinberg HALionOne GM Set
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0CCBE54-9132-44E9-82DF-CD364AD5C22D}" = Windows Live Remote Client Resources
"{F3AFD063-8BAD-485E-B641-E7F5A2C5AE71}" = Steinberg HALionOne Additional Content Set 01
"{F53D678E-238F-4A71-9742-08BB6774E9DC}" = Windows Live Family Safety
"{F58C1D44-4AC9-48E8-9049-7A6CDFCB415C}" = LocaleMe
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FCFBA290-CB48-4AF1-A241-2685AEDEDD66}" = Windows Live Family Safety
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Asus Vibe2.0" = AsusVibe2.0
"ASUS WebStorage" = ASUS WebStorage
"Audacity_is1" = Audacity 2.0
"com.nyt.timesreader.78C54164786ADE80CB31E1C5D95607D0938C987A.1" = Times Reader
"DAEMON Tools Lite" = DAEMON Tools Lite
"Eee Docking_is1" = Eee Docking 3.8.3
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.18.403
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"InstallShield_{17780F99-A9DF-450B-81B3-6781B20A17A8}" = FontResizer
"Line 6 Uninstaller" = Line 6 Uninstaller
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 17.0.1 (x86 de)" = Mozilla Firefox 17.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VLC media player" = VLC media player 2.0.4
"WinLiveSuite" = Windows Live Essentials
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 01.11.2012 10:28:19 | Computer Name = Brehm-EEE | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: FlashPlayerPlugin_11_4_402_287.exe,
Version: 0.0.0.0, Zeitstempel: 0x5066dda3 Name des fehlerhaften Moduls: unknown,
Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset:
0x00156e60 ID des fehlerhaften Prozesses: 0x11f8 Startzeit der fehlerhaften Anwendung:
0x01cdb83d22df43b0 Pfad der fehlerhaften Anwendung: C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe
Pfad
des fehlerhaften Moduls: unknown Berichtskennung: 611d0281-2430-11e2-969c-5404a602abf6
Error - 01.11.2012 10:29:29 | Computer Name = Brehm-EEE | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: FlashPlayerPlugin_11_4_402_287.exe,
Version: 0.0.0.0, Zeitstempel: 0x5066dda3 Name des fehlerhaften Moduls: unknown,
Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset:
0x00156e60 ID des fehlerhaften Prozesses: 0x1580 Startzeit der fehlerhaften Anwendung:
0x01cdb83d4d484f02 Pfad der fehlerhaften Anwendung: C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe
Pfad
des fehlerhaften Moduls: unknown Berichtskennung: 8b0f0905-2430-11e2-969c-5404a602abf6
Error - 01.11.2012 10:30:37 | Computer Name = Brehm-EEE | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: FlashPlayerPlugin_11_4_402_287.exe,
Version: 0.0.0.0, Zeitstempel: 0x5066dda3 Name des fehlerhaften Moduls: unknown,
Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset:
0x00156e60 ID des fehlerhaften Prozesses: 0x17a4 Startzeit der fehlerhaften Anwendung:
0x01cdb83d7616d991 Pfad der fehlerhaften Anwendung: C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe
Pfad
des fehlerhaften Moduls: unknown Berichtskennung: b3e55479-2430-11e2-969c-5404a602abf6
Error - 02.11.2012 18:44:24 | Computer Name = Brehm-EEE | Source = SetupARService | ID = 0
Description = Der Dienst kann nicht gestartet werden. System.NullReferenceException:
Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt. bei SetupAfterRebootService.SetupARService.OnStart(String[]
args) bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object
state)
Error - 14.11.2012 15:07:54 | Computer Name = Brehm-EEE | Source = Application Hang | ID = 1002
Description = Programm wmplayer.exe, Version 12.0.7601.17514 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: 3d88 Startzeit: 01cdc29b4385023e Endzeit: 29 Anwendungspfad:
C:\Program Files\Windows Media Player\wmplayer.exe Berichts-ID: 952e5463-2e8e-11e2-b4a1-5404a602abf6
Error - 14.11.2012 15:13:12 | Computer Name = Brehm-EEE | Source = SetupARService | ID = 0
Description = Der Dienst kann nicht gestartet werden. System.NullReferenceException:
Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt. bei SetupAfterRebootService.SetupARService.OnStart(String[]
args) bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object
state)
Error - 14.11.2012 17:22:11 | Computer Name = Brehm-EEE | Source = Application Hang | ID = 1002
Description = Programm rundll32.exe, Version 6.1.7600.16385 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: 6f4 Startzeit: 01cdc2ae11ee62dc Endzeit: 15 Anwendungspfad:
C:\windows\System32\rundll32.exe Berichts-ID: 577c9f52-2ea1-11e2-a7de-5404a602abf6
Error - 14.11.2012 17:25:42 | Computer Name = Brehm-EEE | Source = SetupARService | ID = 0
Description = Der Dienst kann nicht gestartet werden. System.NullReferenceException:
Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt. bei SetupAfterRebootService.SetupARService.OnStart(String[]
args) bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object
state)
Error - 16.11.2012 05:52:05 | Computer Name = Brehm-EEE | Source = System Restore | ID = 8193
Description =
Error - 16.11.2012 10:29:52 | Computer Name = Brehm-EEE | Source = SetupARService | ID = 0
Description = Der Dienst kann nicht gestartet werden. System.NullReferenceException:
Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt. bei SetupAfterRebootService.SetupARService.OnStart(String[]
args) bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object
state)
[ System Events ]
Error - 01.02.2013 15:55:51 | Computer Name = Brehm-EEE | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerkspeicher-Schnittstellendienst" ist vom Dienst
"NSI proxy service driver." abhängig, der aufgrund folgenden Fehlers nicht gestartet
wurde: %%31
Error - 01.02.2013 15:55:51 | Computer Name = Brehm-EEE | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Arbeitsstationsdienst" ist vom Dienst "Netzwerkspeicher-Schnittstellendienst"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 01.02.2013 15:55:51 | Computer Name = Brehm-EEE | Source = Service Control Manager | ID = 7001
Description = Der Dienst "IP-Hilfsdienst" ist vom Dienst "Netzwerkspeicher-Schnittstellendienst"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 01.02.2013 15:55:51 | Computer Name = Brehm-EEE | Source = Service Control Manager | ID = 7001
Description = Der Dienst "SMB-Miniredirector-Wrapper und -Modul" ist vom Dienst
"Umgeleitetes Puffersubsystem" abhängig, der aufgrund folgenden Fehlers nicht gestartet
wurde: %%31
Error - 01.02.2013 15:55:51 | Computer Name = Brehm-EEE | Source = Service Control Manager | ID = 7001
Description = Der Dienst "SMB 1.x-Miniredirector" ist vom Dienst "SMB-Miniredirector-Wrapper
und -Modul" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 01.02.2013 15:55:51 | Computer Name = Brehm-EEE | Source = Service Control Manager | ID = 7001
Description = Der Dienst "SMB 2.0-Miniredirector" ist vom Dienst "SMB-Miniredirector-Wrapper
und -Modul" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 01.02.2013 15:55:51 | Computer Name = Brehm-EEE | Source = Service Control Manager | ID = 7001
Description = Der Dienst "NLA (Network Location Awareness)" ist vom Dienst "Netzwerkspeicher-Schnittstellendienst"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 01.02.2013 15:55:53 | Computer Name = Brehm-EEE | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
AFD AsIO AsUpIO cdrom DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr tdx tmactmon tmcomm
tmevtmgr
vwififlt
Wanarpv6
WfpLwf
Error - 01.02.2013 15:56:23 | Computer Name = Brehm-EEE | Source = DCOM | ID = 10005
Description =
Error - 01.02.2013 15:56:25 | Computer Name = Brehm-EEE | Source = DCOM | ID = 10010
Description =
< End of report >
Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 20:07 on 13/02/2013 (Brehm)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
SPTD -> Disabled (Service running -> reboot required)
-=E.O.F=-
Code:
ATTFilter GMER 2.0.18454 - hxxp://www.gmer.net
Rootkit scan 2013-02-13 20:48:18
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 ST950032 rev.0003 465.76GB
Running: gmer_2.0.18454.exe; Driver: C:\Users\Brehm\AppData\Local\Temp\agdyypow.sys
---- System - GMER 2.0 ----
SSDT 878F9B80 ZwCreateKey
SSDT 87912AE0 ZwCreateMutant
SSDT 878F8680 ZwCreateProcess
SSDT 878F8980 ZwCreateProcessEx
SSDT 87912EA0 ZwCreateSymbolicLinkObject
SSDT 87912420 ZwCreateThread
SSDT 87912600 ZwCreateThreadEx
SSDT 878F8C80 ZwCreateUserProcess
SSDT 878FA180 ZwDeleteKey
SSDT 878FAA80 ZwDeleteValueKey
SSDT 87913080 ZwDuplicateObject
SSDT 879127E0 ZwLoadDriver
SSDT 878F8F80 ZwOpenProcess
SSDT 878FAFC0 ZwOpenSection
SSDT 878F9280 ZwOpenThread
SSDT 878FA480 ZwRenameKey
SSDT 878FA780 ZwRestoreKey
SSDT 87912CC0 ZwSetSystemInformation
SSDT 878F9E80 ZwSetValueKey
SSDT 878F9580 ZwTerminateProcess
SSDT 878F9880 ZwTerminateThread
SSDT 87912240 ZwWriteVirtualMemory
---- Kernel code sections - GMER 2.0 ----
.text ntkrnlpa.exe!ZwRollbackEnlistment + 140D 82E4FA49 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82E894D2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 11BF 82E905F4 4 Bytes [80, 9B, 8F, 87]
.text ntkrnlpa.exe!KeRemoveQueueEx + 11CF 82E90604 4 Bytes [E0, 2A, 91, 87]
.text ntkrnlpa.exe!KeRemoveQueueEx + 11E3 82E90618 8 Bytes [80, 86, 8F, 87, 80, 89, 8F, ...]
.text ntkrnlpa.exe!KeRemoveQueueEx + 11FF 82E90634 12 Bytes [A0, 2E, 91, 87, 20, 24, 91, ...]
.text ntkrnlpa.exe!KeRemoveQueueEx + 121B 82E90650 4 Bytes [80, 8C, 8F, 87]
.text ...
PAGE spsys.sys!?SPRevision@@3PADA + 4F90 98793000 290 Bytes [8B, FF, 55, 8B, EC, 33, C0, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 50B3 98793123 629 Bytes [E5, 78, 98, FE, 05, 34, E5, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 5329 98793399 101 Bytes [6A, 28, 59, A5, 5E, C6, 03, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 538F 987933FF 148 Bytes [18, 5D, C2, 14, 00, 8B, FF, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 543B 987934AB 2228 Bytes [8B, FF, 55, 8B, EC, FF, 75, ...]
PAGE ...
---- Registry - GMER 2.0 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0025d3b2962e
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\74f06da02506
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xEA 0x60 0x10 0xAA ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x5E 0x77 0x7E 0x1B ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xC7 0x29 0xA3 0x27 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0025d3b2962e (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\74f06da02506 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xEA 0x60 0x10 0xAA ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x5E 0x77 0x7E 0x1B ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xC7 0x29 0xA3 0x27 ...
---- EOF - GMER 2.0 ----
|
|
14.02.2013, 17:31
| #12 |
| /// TB-Ausbilder | Schweizer Variante des GVU-Trojaners auf Netbook Servus, das sieht alles gut aus. Wir kontrollieren nochmal alles. Anschließend entfernen wir alle verwendeten Tools und ich gebe dir noch ein paar Tipps mit auf den Weg. Schritt 1 Fixen mit OTL
Code:
ATTFilter :OTL
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
:Commands
[emptytemp]
Schritt 2 Downloade Dir bitte  Malwarebytes Anti-Malware
Schritt 3 ESET Online Scanner
Schritt 4 Downloade Dir bitte  SecurityCheck und:
Bitte poste mit deiner nächsten Antwort
|
|
19.02.2013, 14:15
| #13 |
| /// TB-Ausbilder | Schweizer Variante des GVU-Trojaners auf Netbook Fehlende Rückmeldung Dieses Thema wurde aus den Abos gelöscht. Somit bekomme ich keine Benachrichtigung über neue Antworten. PM an mich falls Du denoch weiter machen willst. Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner schon sauber ist. Jeder andere bitte hier klicken und einen eigenen Thread erstellen! |
|
| Themen zu Schweizer Variante des GVU-Trojaners auf Netbook |
| abgesicherten, angeblich, antivir, arbeiten, avira, avira antivir, betriebssystem, diverse, ergebnis, fenster, firefox, foren, griff, home, januar, modus, nichts, registrierungsdatenbank, rescue, systemwiederherstellung, variante, versuche, viren, weiterhelfen, windows, windows 7 |
Textbox.
Linear-Darstellung
