| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: GVU-Trojaner und keine Ahnung...Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
03.04.2013, 09:38
| #1 |
 |  GVU-Trojaner und keine Ahnung... ... ... wie nun weiter. Hallo, ich habe mich schon durch einige Beiträge mit dem gleichen Trojaner durchgelesen, aber ich komme trotzdem nicht weiter. Seit 2 Tagen hat sich nun auch auf meinem Netbook dieser Trojaner breit gemacht. Wenn ich aber hartnäckig bleibe und mein Netbook mehrmals starte, komme ich doch irgendwann ins Internet. Ich weiß nun aber nicht, wie ich irgendwelche Logs oder ein Sample oder sowas anlege... Mittlerweile bin ich ein Stück weiter, Dank der wirklich ausführlichen Beschreibung hier in den Foren und der Schritt für Schritt Anweisungen. Mein Netbook startet zumindest wieder. Wenn ich das aber richtig gedeutet habe, ist mein Problem damit noch nicht behoben? Ich habe das Anti-Malware-Programm durchlaufen lassen und dies ist das Ergebnis: Malwarebytes Anti-Malware (Test) 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.04.03.02 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 Anja :: ANJANARVIK [Administrator] Schutz: Aktiviert 03.04.2013 09:47:53 mbam-log-2013-04-03 (09-47-53).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 237980 Laufzeit: 21 Minute(n), 35 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 1 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|ctfmon.exe (Trojan.Agent.Gen) -> Daten: C:\DOKUME~1\ALLUSE~1\ANWEND~1\rundll32.exe C:\DOKUME~1\ALLUSE~1\ANWEND~1\fo3to8.dat,FG00 -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 2 C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\fo3to8.dat (Trojan.Agent.NR) -> Löschen bei Neustart. C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\rundll32.exe (Trojan.Agent.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Wie geht es nun weiter? Liebe Grüße und jetzt schon mal Danke für die Hilfe Anja |
|
03.04.2013, 11:28
| #2 |
| /// Malwareteam / Visitor  | GVU-Trojaner und keine Ahnung... Hallo Anja ich bin smeenk und ich werde versuchen dir mit deinem Problem zu helfen
__________________ Ich möchte gerne einige Logfiles von dir empfangen  Schritt 1 Bitte lade dir ZOEK auf deinen Desktop und starte es. Falls ihre virenscanner reklamiert kannst du das ignorieren, unsere tools werden öfter falsch angezeigt.
Schritt 2 Lade dir bitte OTL (von Oldtimer) herunter und speichere es auf deinen Desktop.
Bitte poste in deiner nächsten Antwort:
Bitte alles nach Möglichkeit hier in CODE-Tags posten  |
|
03.04.2013, 12:00
| #3 |
| | GVU-Trojaner und keine Ahnung... Hallo smeenk,
__________________vielen Dank für deine Antwort, werde mich gleich ran machen. Frage mich zwar, was CODE-Tags sind, aber ich schau mal, was mir die beiden Programme auswerfen ;-) ZOEK nach vielen Versuchen endlich auf dem Desktop installiert bekommen, aber es startet nicht :-( Wenn ich auf Run Script klicke, kommt Internet Explorer Scriptfehler ... URL: file:///C:/DOKUME~1/Anja/LOKALE~1/Temp/zoek.hta Frage, ob das Script weiterhin ausgeführt werden soll, beantworte ich mit Ja, aber nix passiert Geändert von Narvik (03.04.2013 um 12:14 Uhr) |
|
03.04.2013, 12:09
| #4 | |
| /// Malwareteam / Visitor | GVU-Trojaner und keine Ahnung... Code tags kann man so machen: [code] Logfile hier [/code] Zitat:
|
|
03.04.2013, 13:19
| #5 |
| | GVU-Trojaner und keine Ahnung... Hmmm, nun läuft das schon fast seit einer Stunde, aber ich habe den Eindruck, dass sich da nix tut. Auch wenn da steht: Zoek.exe is running now. Do not start any browser windows, they will be closed automatically. Please wait! This window will close when finished. A logfile will open afterwards and can also be found on your systemdrive as zoek-results.log Wie lange dauert das denn so im Schnitt? |
|
03.04.2013, 13:22
| #6 |
| /// Malwareteam / Visitor | GVU-Trojaner und keine Ahnung... Kuck mal C:\zoek-results.log nach ob da schon etwas drin ist und poste es mir |
|
03.04.2013, 15:23
| #7 |
| | GVU-Trojaner und keine Ahnung...Code:
ATTFilter Zoek.exe Version 4.0.0.2 Updated 31-03-2013
Tool run by Anja on 03.04.2013 at 13:32:09,04.
Running in: Normal Mode Internet Access Detected
Ich bekomme leider noch nicht mal mehr das Programm gestartet, ich werf gleich mein Netbook aus dem Fenster... |
|
03.04.2013, 15:54
| #8 |
| /// Malwareteam / Visitor | GVU-Trojaner und keine Ahnung... Nicht ganz was ich erwartet hatte  Mach weiter mit OTL, wenn du Zoek nicht runterfahren kannst dein Computer neustarten |
|
03.04.2013, 16:16
| #9 |
| | GVU-Trojaner und keine Ahnung... Es tut sich was... Ich muss anscheinend nur hartnäckig genug sein. Installieren, deinstallieren... neustarten... Aber im Log steht was. Allerdings weiß ich nicht, ob der fertig ist... Wollte mal grade in alten Postings nur schauen, ob die Einträge irgendwie ein einheitliches Ende haben ;-) Code:
ATTFilter Zoek.exe Version 4.0.0.2 Updated 31-03-2013
Tool run by Anja on 03.04.2013 at 16:29:45,28.
Running in: Normal Mode Internet Access Detected
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-2367859620-1397157102-713918328-1005\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102} deleted successfully
==== Deleting CLSID Registry Values ======================
==== Deleting Services ======================
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ICQ Service deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\ICQ Service deleted successfully
==== FireFox Fix ======================
ProfilePath: C:\Dokumente und Einstellungen\Anja\Anwendungsdaten\Mozilla\Firefox\Profiles\jj0p8jvu.default
---- Lines 1FD91A9C-410C-4090-BBCC-55D3450EF433 removed from prefs.js ----
---- Lines 1FD91A9C-410C-4090-BBCC-55D3450EF433 modified from prefs.js ----
user_pref("extensions.enabledAddons", "%7B1FD91A9C-410C-4090-BBCC-55D3450EF433%7D:1.0,%7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2");
---- Lines 1FD91A9C-410C-4090-BBCC-55D3450EF433 removed from user.js ----
---- FireFox user.js and prefs.js backups ----
user__1650_.backup
prefs__1650_.backup
==== Deleting Files \ Folders ======================
"C:\Dokumente und Einstellungen\Anja\Anwendungsdaten\Mozilla\Firefox\Profiles\jj0p8jvu.default\extensions\{1FD91A9C-410C-4090-BBCC-55D3450EF433}" deleted
"C:\Dokumente und Einstellungen\Anja\Anwendungsdaten\Mozilla\Extensions\{1FD91A9C-410C-4090-BBCC-55D3450EF433}" deleted
"C:\Programme\Mozilla Firefox\extensions\{1FD91A9C-410C-4090-BBCC-55D3450EF433}" deleted
"C:\Programme\Mozilla Firefox\searchplugins\Search_Results.xml" deleted
"C:\Dokumente und Einstellungen\Anja\Anwendungsdaten\Mozilla\Firefox\Profiles\jj0p8jvu.default\searchplugins\Search_Results.xml" deleted
"C:\Programme\Search Results Toolbar\Datamngr\datamngrUI.exe" deleted
"C:\Programme\Elf_1.13" deleted
"C:\Programme\ICQ6Toolbar" deleted
"C:\Programme\Search Results Toolbar" not deleted
"C:\Programme\Conduit" deleted
"C:\Dokumente und Einstellungen\Anja\Anwendungsdaten\PriceGong" deleted
"C:\Programme\Search Results Toolbar\Datamngr" not deleted
==== Files Recently Created / Modified ======================
====== C:\WINDOWS ====
====== C:\DOKUME~1\Anja\LOKALE~1\Temp ====
2013-04-03 08:29:01 72412B526BCC716382E62B7939DCFD8F 1085952 ----a-w- C:\DOKUME~1\Anja\LOKALE~1\Temp\SRAssetsHelper.dll
2013-04-03 08:28:56 2304BF0FF7B559373BE4645A09F34F3E 1635328 ----a-w- C:\DOKUME~1\Anja\LOKALE~1\Temp\installhelper.dll
2013-04-01 18:48:17 4D96CDEFC029825F943CD6CEC5600997 1571065 ----a-w- C:\DOKUME~1\Anja\LOKALE~1\Temp\{98D20EBB-927B-441C-8066-20FC3ADC6BEB}-GoogleEarth-Win-Bundle-7.0.3.8542.exe
====== C:\WINDOWS\system32 =====
2013-03-21 19:31:37 1FBCCC1C540ACC4EB3F718B659ED63CA 693976 ----a-w- C:\WINDOWS\System32\FlashPlayerApp.exe
====== C:\WINDOWS\system32\drivers =====
2013-04-03 07:41:40 629CABB0421668C9D3D402A3C3D77E14 21104 ----a-w- C:\WINDOWS\System32\drivers\mbam.sys
2013-04-02 22:08:38 C940F10C31E2C60CC967FFD6A370720C 142496 ----a-w- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
2013-04-02 22:08:38 8378774ABC9CAA2C60B298AE0C084FB7 7446 ----a-w- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
2013-04-02 22:08:38 2A8DCC2EC2AC5C0588F818B16E606CED 806 ----a-w- C:\WINDOWS\System32\drivers\SYMEVENT.INF
2013-03-18 19:31:16 D41D8CD98F00B204E9800998ECF8427E 0 ---ha-w- C:\WINDOWS\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
====== C:\WINDOWS\Tasks ======
2013-03-21 19:31:38 3176F1847BB3476FA13561797A1D686B 884 ----a-w- C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
====== C:\WINDOWS\Temp ======
======= C:\Programme =====
2013-04-03 08:28:59 -------- d-----w- C:\Programme\Search Results Toolbar
2013-04-03 08:28:20 -------- d-----w- C:\Programme\jZip
======= C: =====
====== C:\Dokumente und Einstellungen\Anja\Anwendungsdaten ======
2013-04-03 08:29:33 -------- d-----w- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Wincert
2013-04-03 08:29:12 -------- d-----w- C:\Dokumente und Einstellungen\Anja\Anwendungsdaten\jziptoolbargaw
2013-04-03 08:29:00 -------- d-----w- C:\Dokumente und Einstellungen\Anja\Lokale Einstellungen\Anwendungsdaten\jZip
2013-04-02 22:26:18 -------- d-----w- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\boost_interprocess
2013-04-02 22:05:24 -------- d-----w- C:\Dokumente und Einstellungen\Anja\Lokale Einstellungen\Anwendungsdaten\Avg2013
2013-04-02 19:56:32 -------- d-----w- C:\Dokumente und Einstellungen\Anja\Anwendungsdaten\TuneUp Software
2013-04-02 19:55:19 -------- d-----w- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVG2013
2013-04-02 19:48:28 -------- d--h--w- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Common Files
2013-04-02 19:48:28 -------- d-----w- C:\Dokumente und Einstellungen\Anja\Lokale Einstellungen\Anwendungsdaten\MFAData
2013-04-02 19:48:28 -------- d-----w- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MFAData
2013-04-01 18:46:30 6160CDC7B10A089E612E7AA860D5CC98 95023320 ----atw- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\8ot3of.pad
====== C:\Dokumente und Einstellungen\Anja ======
====== C: exe-files ==
2013-04-03 11:15:03 4ADCFEE16EE9978F06157634669D36FB 602112 ----a-w- C:\Dokumente und Einstellungen\Anja\Desktop\OTL.exe
2013-04-03 08:28:55 E36C77166AD9D7E4E280489AF13D1A3A 812880 ----a-w- C:\Programme\jZip\change.exe
2013-04-03 08:28:55 5979846710B90465BEB465C0751133B1 3595088 ----a-w- C:\Programme\jZip\jZip.exe
2013-04-02 19:49:01 DF5ADF896EE6C175C0B298BBA14BED49 42104 ----a-w- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MFAData\SelfUpd\avguirux.exe
2013-04-02 19:49:01 A2DD738C3E673E76E5EA538702414BB7 15480 ----a-w- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MFAData\SelfUpd\avgrdtestx.exe
2013-04-02 19:49:00 C44F12B72DF42A037E65713B0F50B9D8 7330384 ----a-w- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MFAData\SelfUpd\avgmfapx.exe
2013-04-02 19:48:57 150DE281AA5F4DA6FECAB535F93EC7F4 270968 ----a-w- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MFAData\SelfUpd\avgrunasx.exe
2013-04-02 19:48:57 0214EC38CFEF72AA54F5243F9D689F04 621176 ----a-w- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MFAData\SelfUpd\avgntdumpx.exe
2013-04-02 10:47:15 D13879F9A51F6F8C6AC33A5B86694E9F 24449680 ----a-w- C:\Programme\Google\Update\Download\{74AF07D8-FB8F-4D51-8AC7-927721D56EBB}\0.0.0.0\GoogleEarth-Win-Bundle-7.0.3.8542.exe
2013-04-01 18:48:17 4D96CDEFC029825F943CD6CEC5600997 1571065 ----a-w- C:\Dokumente und Einstellungen\Anja\Lokale Einstellungen\Temp\{98D20EBB-927B-441C-8066-20FC3ADC6BEB}-GoogleEarth-Win-Bundle-7.0.3.8542.exe
=== C: other files ==
2013-04-03 07:41:40 629CABB0421668C9D3D402A3C3D77E14 21104 ----a-w- C:\WINDOWS\system32\drivers\mbam.sys
2013-04-02 22:09:17 1277AD8F053CC60C17CAFAB411F3CF40 134304 ----a-r- C:\WINDOWS\system32\drivers\NST\7DD03000.01A\ccSetx86.sys
2013-04-02 22:08:38 C940F10C31E2C60CC967FFD6A370720C 142496 ----a-w- C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2013-04-02 22:08:15 FE9BD381778A344F0E39AE2D5E607D7F 32344 ----a-r- C:\WINDOWS\system32\drivers\NAV\1403000.024\srtspx.sys
2013-04-02 22:08:15 EC979002EBA25C9D109B2FE0E03457DA 394656 ----a-r- C:\WINDOWS\system32\drivers\NAV\1403000.024\symtdi.sys
2013-04-02 22:08:15 93DE018EC6FBAA9A58FF9F2EB9198092 350368 ----a-r- C:\WINDOWS\system32\drivers\NAV\1403000.024\symtdiv.sys
2013-04-02 22:08:15 6EA77FF0CE4E839EA8B1CEA5F5B28C00 367704 ----a-r- C:\WINDOWS\system32\drivers\NAV\1403000.024\SymDS.sys
2013-04-02 22:08:15 40D7124FB57EB208E3DD56A73545FB64 21400 ----a-r- C:\WINDOWS\system32\drivers\NAV\1403000.024\SymELAM.sys
2013-04-02 22:08:15 21698476A90ACAA056B8CFE09A82785F 338592 ----a-r- C:\WINDOWS\system32\drivers\NAV\1403000.024\symnets.sys
2013-04-02 22:08:15 1773FB2920EBB3A8BAD0360618091470 934488 ----a-r- C:\WINDOWS\system32\drivers\NAV\1403000.024\SymEFA.sys
2013-04-02 22:08:14 8C9B9036E301A9965CF15BEC91C58A12 175264 ----a-r- C:\WINDOWS\system32\drivers\NAV\1403000.024\Ironx86.sys
2013-04-02 22:08:14 1277AD8F053CC60C17CAFAB411F3CF40 134304 ----a-r- C:\WINDOWS\system32\drivers\NAV\1403000.024\ccSetx86.sys
2013-04-02 22:08:14 0A8F71E1DB5432A5B9285111421E77EC 602712 ----a-r- C:\WINDOWS\system32\drivers\NAV\1403000.024\srtsp.sys
2013-04-02 19:56:40 5BF69764C718DEDBF6ED40C805E9FB74 323 ----a-w- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVG2013\IDS\config\quarantinedList.zip
==== Firefox Extensions ======================
ProfilePath: C:\Dokumente und Einstellungen\Anja\Anwendungsdaten\Mozilla\Firefox\Profiles\jj0p8jvu.default
- Undetermined - C:\Programme\Search Results Toolbar\Datamngr\FirefoxExtension
- Search-Results Toolbar - %ProfilePath%\extensions\{7abe12ca-e995-4ab4-9a4e-ef8820a20182}
- WEB.DE MailCheck - %ProfilePath%\extensions\toolbar@web.de.xpi
==== Firefox Plugins ======================
Profilepath: C:\Dokumente und Einstellungen\Anja\Anwendungsdaten\Mozilla\Firefox\Profiles\jj0p8jvu.default
47299371607DC2FB234444EEACB1639E - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll - Shockwave Flash
E971E06DDE68684CB3957C5D0E133CB0 - C:\Programme\Google\Google Earth\plugin\npgeplugin.dll - Google Earth Plugin
E0FF893763BA82BAABB869A351F0C455 - C:\Programme\Google\Update\1.3.21.135\npGoogleUpdate3.dll - Google Update
A5C14075B571AF1C9592595BE724D9D2 - C:\Programme\Microsoft Silverlight\5.1.20125.0\npctrl.dll - Silverlight Plug-In
667CB7D2CAF917608421E5250462C0AA - C:\Programme\Adobe\Reader 9.0\Reader\browser\nppdf32.dll - Adobe Acrobat
667CB7D2CAF917608421E5250462C0AA - C:\Programme\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll - Adobe Acrobat
DEEB200AA66D28FFA51F058B6188383C - C:\Programme\QuickTime\Plugins\npqtplugin7.dll - QuickTime Plug-in 7.6.9
1235A453E19E57803BF610FB1982ADCA - C:\Programme\QuickTime\Plugins\npqtplugin6.dll - QuickTime Plug-in 7.6.9
A0EB7E853F9D66F55F82BCE4DDEC4B9F - C:\Programme\QuickTime\Plugins\npqtplugin5.dll - QuickTime Plug-in 7.6.9
E660A02B8CB7270E41B7BAFE1BD6B985 - C:\Programme\QuickTime\Plugins\npqtplugin4.dll - QuickTime Plug-in 7.6.9
2C491C350092162D4606A70E8ABBC024 - C:\Programme\QuickTime\Plugins\npqtplugin3.dll - QuickTime Plug-in 7.6.9
9005F853AED82932A78971E8C1574298 - C:\Programme\QuickTime\Plugins\npqtplugin2.dll - QuickTime Plug-in 7.6.9
1C54A3E20123C232C621DB55AD98CEB9 - C:\Programme\QuickTime\Plugins\npqtplugin.dll - QuickTime Plug-in 7.6.9
7A1E2AF50DDCDD49C114C1099DBEF6E1 - C:\WINDOWS\system32\npDeployJava1.dll - Java Deployment Toolkit 7.0.50.255
D0DA6B2FB50A0667CF4BACC2AEFEA009 - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll - Java(TM) Platform SE 7 U5
45D7F2FABDFD500E3C35DC068B552544 - d:\Programme\Google\Picasa3\npPicasa3.dll - Picasa
AB87EEFFD18F2BAAFC274E7075EA6C67 - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll - Windows Presentation Foundation / Windows Presentation Foundation
38A1E65626558B8776C3546BE4491993 - C:\Programme\Windows Media Player\npdrmv2.dll - Microsoft® DRM
AE3A029E3DC4EEB5EF5A4C2C997F78F8 - C:\Programme\Windows Media Player\npdsplay.dll - Windows Media Player Plug-in Dynamic Link Library
1D187905079ACC40C420E7C8BD167731 - C:\Programme\Windows Media Player\npwmsdrm.dll - Microsoft® DRM
F630B4A9D9C1AAF6BBABBB41E9BD45B5 - C:\WINDOWS\system32\npptools.dll - Betriebssystem Microsoft® Windows®
2AA3703D87E1327A2290C9D416D89A28 - C:\Programme\Microsoft Silverlight\5.1.20125.0\npctrlui.dll - Microsoft® Silverlight
==== Deleting Files \ Folders ======================
"C:\Dokumente und Einstellungen\Anja\Anwendungsdaten\Mozilla\Firefox\Profiles\jj0p8jvu.default\extensions\{7abe12ca-e995-4ab4-9a4e-ef8820a20182}" deleted
==== Chrome Look ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
nppllibpnmahfaklnpggkibhkapjkeob - C:\Programme\Norton Identity Safe\Engine\2013.3.0.26\Exts\Chrome.crx[07.03.2013 07:26]
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://www.searchnu.com/102"
"Search Bar"="hxxp://www.google.com/ie"
"Default_Page_URL"="hxxp://www.vodafone.de"
"ICQ Search"="hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
@="hxxp://www.google.com/search?q=%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="C:\\Dokumente und Einstellungen\\All Users\\Anwendungsdaten\\ICQ\\ICQNewTab\\newTab.html"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="hxxp://www.google.com/ie"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"SearchAssistant"="hxxp://www.google.com/ie"
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Bar"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"ICQ Search"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="hxxp://www.google.com"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="hxxp://search.msn.com/results.asp?q=%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"SearchAssistant"="hxxp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{67A2568C-7A0A-4EED-AECC-B5405DE63B64}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{6552C7DD-90A4-4387-B795-F8F96747DE19} ICQ Search Url="hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd"
{6552C7DD-90A4-4387-B795-F8F96747DE19} ICQ Search Url="hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd"
{67A2568C-7A0A-4EED-AECC-B5405DE63B64} Google Url="hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SUNC_deDE387"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-2367859620-1397157102-713918328-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{855F3B16-6D32-4FE6-8A56-BBB695989046} deleted successfully
HKEY_USERS\S-1-5-21-2367859620-1397157102-713918328-1005\HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{855F3B16-6D32-4FE6-8A56-BBB695989046} deleted successfully
HKEY_USERS\S-1-5-21-2367859620-1397157102-713918328-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{855F3B16-6D32-4FE6-8A56-BBB695989046} deleted successfully
HKEY_USERS\S-1-5-21-2367859620-1397157102-713918328-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{b80f591e-fe9a-46cf-a13e-180377240586} deleted successfully
HKEY_USERS\S-1-5-21-2367859620-1397157102-713918328-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{b80f591e-fe9a-46cf-a13e-180377240586} deleted successfully
HKEY_USERS\S-1-5-21-2367859620-1397157102-713918328-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7abe12ca-e995-4ab4-9a4e-ef8820a20182} deleted successfully
HKEY_USERS\S-1-5-21-2367859620-1397157102-713918328-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9D717F81-9148-4F12-8568-69135F087DB0} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{855F3B16-6D32-4FE6-8A56-BBB695989046} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{855F3B16-6D32-4FE6-8A56-BBB695989046} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{b80f591e-fe9a-46cf-a13e-180377240586} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b80f591e-fe9a-46cf-a13e-180377240586} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7abe12ca-e995-4ab4-9a4e-ef8820a20182} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{7abe12ca-e995-4ab4-9a4e-ef8820a20182} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7abe12ca-e995-4ab4-9a4e-ef8820a20182} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{9D717F81-9148-4F12-8568-69135F087DB0} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D717F81-9148-4F12-8568-69135F087DB0} deleted successfully
==== Deleting CLSID Registry Values ======================
HKEY_USERS\S-1-5-21-2367859620-1397157102-713918328-1005\Software\Microsoft\Internet Explorer\URLSearchHooks\{855F3B16-6D32-4FE6-8A56-BBB695989046} deleted successfully
HKEY_USERS\S-1-5-21-2367859620-1397157102-713918328-1005\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{b80f591e-fe9a-46cf-a13e-180377240586} deleted successfully
HKEY_USERS\S-1-5-21-2367859620-1397157102-713918328-1005\Software\Microsoft\Internet Explorer\URLSearchHooks\{b80f591e-fe9a-46cf-a13e-180377240586} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{855F3B16-6D32-4FE6-8A56-BBB695989046} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{b80f591e-fe9a-46cf-a13e-180377240586} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{7abe12ca-e995-4ab4-9a4e-ef8820a20182} deleted successfully
==== Empty IE Cache ======================
C:\Dokumente und Einstellungen\Default User\Lokale Einstellungen\Temporary Internet Files\Content.IE5 emptied successfully
C:\Dokumente und Einstellungen\Gast\Lokale Einstellungen\Temporary Internet Files\Content.IE5 emptied successfully
C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Temporary Internet Files\Content.IE5 emptied successfully
C:\WINDOWS\system32\config\systemprofile\Lokale Einstellungen\Temporary Internet Files\Content.IE5 emptied successfully
C:\Dokumente und Einstellungen\Anja\Lokale Einstellungen\Temporary Internet Files\Content.IE5\06SARSG1 will be deleted at reboot
C:\Dokumente und Einstellungen\Anja\Lokale Einstellungen\Temporary Internet Files\Content.IE5\9O03SV2Y will be deleted at reboot
C:\Dokumente und Einstellungen\Anja\Lokale Einstellungen\Temporary Internet Files\Content.IE5\desktop.ini will be deleted at reboot
C:\Dokumente und Einstellungen\Anja\Lokale Einstellungen\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
==== Empty FireFox Cache ======================
C:\Dokumente und Einstellungen\Anja\Lokale Einstellungen\Anwendungsdaten\Mozilla\Firefox\Profiles\jj0p8jvu.default\Cache emptied successfully
==== Empty Chrome Cache ======================
No Chrome User Data found
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
Java Cache cleared successfully
After Reboot
Geändert von Narvik (03.04.2013 um 16:33 Uhr) |
|
03.04.2013, 17:05
| #10 | |
| /// Malwareteam / Visitor | GVU-Trojaner und keine Ahnung...Zitat:
 Mach mal ein Neustart und mach dann Schritt 2: OTL |
|
03.04.2013, 17:26
| #11 | |
| | GVU-Trojaner und keine Ahnung... OTL.Txt-Editor: Code:
ATTFilter OTL logfile created on: 03.04.2013 17:29:07 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\Anja\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1014,04 Mb Total Physical Memory | 269,89 Mb Available Physical Memory | 26,61% Memory free 2,38 Gb Paging File | 1,48 Gb Available in Paging File | 62,07% Paging File free Paging file location(s): C:\pagefile.sys 1524 3048 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 50,00 Gb Total Space | 26,02 Gb Free Space | 52,04% Space Free | Partition Type: NTFS Drive D: | 95,05 Gb Total Space | 77,60 Gb Free Space | 81,65% Space Free | Partition Type: NTFS Computer Name: ANJANARVIK | User Name: Anja | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.04.03 13:15:03 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Anja\Desktop\OTL.exe PRC - [2013.03.11 14:24:25 | 000,917,400 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe PRC - [2013.02.08 13:25:48 | 002,563,968 | ---- | M] (Symantec Corporation) -- C:\Programme\Symantec\Norton Online Backup\NOBuClient.exe PRC - [2013.02.08 13:21:32 | 003,235,200 | ---- | M] (Symantec Corporation) -- C:\Programme\Symantec\Norton Online Backup\NOBuAgent.exe PRC - [2012.12.24 06:33:30 | 000,144,520 | R--- | M] (Symantec Corporation) -- C:\Programme\Norton Identity Safe\Engine\2013.3.0.26\ccSvcHst.exe PRC - [2012.12.23 21:33:30 | 000,144,520 | R--- | M] (Symantec Corporation) -- C:\Programme\Norton AntiVirus\Engine\20.3.0.36\ccSvcHst.exe PRC - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.12.14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2012.12.03 09:35:28 | 000,946,352 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe PRC - [2012.05.04 19:29:46 | 000,161,664 | ---- | M] (Oracle Corporation) -- C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe PRC - [2012.04.27 16:50:00 | 000,603,536 | R--- | M] (WinZip Computing, S.L.) -- C:\Programme\WinZip\WZQKPICK32.EXE PRC - [2012.01.17 11:07:54 | 000,252,296 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe PRC - [2011.08.05 12:29:56 | 000,057,056 | ---- | M] (Microsoft Corporation) -- C:\Programme\Zune\ZuneBusEnum.exe PRC - [2010.03.25 02:32:30 | 002,499,584 | ---- | M] (Vodafone) -- C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe PRC - [2009.02.26 14:03:50 | 000,315,392 | -H-- | M] (DeviceVM) -- C:\SPLASH.SYS\config\DVMExportService.exe PRC - [2009.02.04 13:47:06 | 000,724,992 | ---- | M] (BIT LEADER) -- C:\Programme\lg_swupdate\Gilautouc.exe PRC - [2008.12.01 09:45:10 | 000,532,480 | ---- | M] (Vimicro) -- C:\Programme\USB Camera\VM331_STI.EXE PRC - [2008.09.12 15:01:24 | 000,182,808 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe PRC - [2008.09.12 11:45:04 | 001,056,768 | ---- | M] (LG Electronics Inc.) -- C:\Programme\LG Software\IP Operator\IP Operator.exe PRC - [2008.09.05 11:03:56 | 000,069,632 | ---- | M] (SRS Labs, Inc.) -- C:\Programme\SRS Labs\WOWHD and TSXT Driver\SRS_PostInstaller.exe PRC - [2008.09.05 11:03:48 | 000,241,664 | ---- | M] (SRS Labs, Inc.) -- C:\Programme\SRS Labs\WOWHD and TSXT Driver\SRSTrayApp.exe PRC - [2008.04.14 14:00:00 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2007.02.02 17:26:44 | 000,283,136 | ---- | M] (AVM Berlin) -- C:\Programme\avmwlanstick\FRITZWLANMini.exe ========== Modules (No Company Name) ========== MOD - [2013.03.21 21:31:36 | 014,717,144 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll MOD - [2013.03.11 14:24:25 | 003,069,848 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll MOD - [2013.02.17 12:35:16 | 001,552,896 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\VMC.ConnectionServi#\16d96fa21c44ef1de674ebe65c3767d9\VMC.ConnectionServices.ni.dll MOD - [2013.02.17 12:35:06 | 000,675,840 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\VMC.BaseServices.Xm#\3ea28b6f94d401a40e7d6e9ece07aaf8\VMC.BaseServices.XmlSerializers.ni.dll MOD - [2013.02.17 12:35:04 | 000,492,544 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\VMC.BaseServices.Da#\dc89418887f3d953d0ee5c7214abbd4f\VMC.BaseServices.DataAccessor.ni.dll MOD - [2013.02.17 12:35:01 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\d7ee03714420b252415b952d40ef59e4\System.ServiceProcess.ni.dll MOD - [2013.02.14 23:17:52 | 000,497,152 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\VMC.ConnectionServi#\e0cfaf81333fa378654f35291ebd0ce7\VMC.ConnectionServicesInterface.ni.dll MOD - [2013.02.14 23:17:49 | 000,946,688 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\VMC.BaseServices.Pl#\41a68a507ac01b6a9841e0d747038070\VMC.BaseServices.Platform.ni.dll MOD - [2013.02.14 23:17:45 | 000,357,888 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\VMC.UI.CommonDialogs\7765a5d102483b64924d5a5b56b9c780\VMC.UI.CommonDialogs.ni.dll MOD - [2013.02.14 23:17:37 | 004,333,056 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\MobileConnect\9f463d42cb12831b01c0b262cb9e247a\MobileConnect.ni.exe MOD - [2013.02.14 23:15:54 | 012,433,920 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ba12e418b906593b7c9c18f971f36bf9\System.Windows.Forms.ni.dll MOD - [2013.01.17 21:15:34 | 000,248,832 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\VMC.WindowsService.#\d079f604d92a6a7aa198d7fbe58b6878\VMC.WindowsService.Core.ni.dll MOD - [2013.01.17 21:15:33 | 000,715,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\VMC.WwanWrapper\06f5849355aba14ac71aa227acd6d3ae\VMC.WwanWrapper.ni.dll MOD - [2013.01.17 21:15:31 | 000,329,728 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\CancelAutoPlay\3a28a96c1128d8035ddacf9f5fda6f73\CancelAutoPlay.ni.dll MOD - [2013.01.17 21:15:31 | 000,050,176 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\VMC.ConnectionServi#\9d2b216400b7e2f8d532373991013d43\VMC.ConnectionServices.TrafficOptimiser.ni.dll MOD - [2013.01.17 21:15:30 | 000,247,296 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\VMC.CsUtil\5ad748bd831bfed896e21d17108b7dee\VMC.CsUtil.ni.dll MOD - [2013.01.17 21:15:29 | 000,101,888 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Interop.Shell32\98b17f15af5d386ce9a5ae6b702d0e25\Interop.Shell32.ni.dll MOD - [2013.01.17 21:15:20 | 000,031,232 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\VMC.BaseServices.Ou#\b52edd0c24bbee86f5b1615c7620f315\VMC.BaseServices.OutlookConnector.ni.dll MOD - [2013.01.17 21:15:18 | 000,218,624 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Interop.FNCClient11#\f8299d436022a352075afdc803d8973f\Interop.FNCClient11Lib.ni.dll MOD - [2013.01.17 21:15:10 | 000,998,400 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\1a6f9e23985e3159e6dd9827fd81c2fd\System.Management.ni.dll MOD - [2013.01.17 21:15:07 | 000,070,656 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\VMC.WindowsService.#\13e2845c0da0e2fc2fc77fb0521f0d7f\VMC.WindowsService.Messaging.ni.dll MOD - [2013.01.17 21:14:30 | 000,771,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\d7a2248a76f0e94d56c92c5bf96f5175\System.Runtime.Remoting.ni.dll MOD - [2013.01.17 21:14:19 | 000,684,032 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Security\203f25ba39b45027d2d0c8f849a471db\System.Security.ni.dll MOD - [2013.01.17 21:14:11 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\96b7a0136e9e72e8f4eb0230c20766d2\System.Configuration.ni.dll MOD - [2013.01.10 13:07:33 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\fe025743210c22bea2f009e1612c38bf\System.Xml.ni.dll MOD - [2013.01.10 13:06:48 | 001,593,856 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\7782f356a838c403b4a8e9c80df5a577\System.Drawing.ni.dll MOD - [2013.01.10 13:03:35 | 007,977,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\aeac298c43c77d8860db8e7634d9f2eb\System.ni.dll MOD - [2013.01.10 13:02:46 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\eab2340ead8e1a84bdf1a87868659979\mscorlib.ni.dll MOD - [2012.05.30 17:51:08 | 000,699,280 | R--- | M] () -- C:\Programme\Norton Identity Safe\Engine\2013.3.0.26\wincfi39.dll MOD - [2010.11.21 16:54:34 | 000,094,208 | ---- | M] () -- d:\Programme\FileZilla FTP Client\fzshellext.dll MOD - [2009.05.13 11:32:00 | 000,943,104 | ---- | M] () -- C:\Programme\Ipswitch\WS_FTP 12\libeay32.dll MOD - [2009.05.13 11:32:00 | 000,147,968 | ---- | M] () -- C:\Programme\Ipswitch\WS_FTP 12\ssleay32.dll MOD - [2008.10.10 10:43:56 | 000,348,160 | ---- | M] () -- C:\WINDOWS\system32\bmpsap.dll MOD - [2008.05.30 13:26:52 | 000,069,632 | R--- | M] () -- C:\Programme\Vodafone Music Manager\VFShell.dll MOD - [2008.04.14 14:00:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll MOD - [2005.04.26 19:30:40 | 000,114,688 | ---- | M] () -- C:\Programme\lg_swupdate\DMBUSB.dll MOD - [2005.03.04 16:53:00 | 000,045,056 | ---- | M] () -- C:\Programme\lg_swupdate\RecogVFD.dll ========== Services (SafeList) ========== SRV - File not found [Auto | Stopped] -- C:\DOKUME~1\ALLUSE~1\ANWEND~1\fo3to8.dat -- (winmgmt) SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ) SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt) SRV - [2013.03.22 08:18:51 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.03.11 14:24:25 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.02.08 13:21:32 | 003,235,200 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Programme\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU) SRV - [2012.12.24 06:33:30 | 000,144,520 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Programme\Norton Identity Safe\Engine\2013.3.0.26\ccSvcHst.exe -- (NCO) SRV - [2012.12.23 21:33:30 | 000,144,520 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Programme\Norton AntiVirus\Engine\20.3.0.36\ccSvcHst.exe -- (NAV) SRV - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.05.04 19:29:46 | 000,161,664 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe -- (JavaQuickStarterService) SRV - [2011.08.05 12:30:02 | 000,444,640 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Zune\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc) SRV - [2011.08.05 12:30:02 | 000,268,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Zune\WMZuneComm.exe -- (WMZuneComm) SRV - [2011.08.05 12:29:56 | 006,363,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Zune\ZuneNss.exe -- (ZuneNetworkSvc) SRV - [2011.08.05 12:29:56 | 000,057,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Zune\ZuneBusEnum.exe -- (ZuneBusEnum) SRV - [2010.03.25 02:32:16 | 000,009,216 | ---- | M] (Vodafone) [Auto | Stopped] -- C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe -- (VMCService) SRV - [2009.02.26 14:03:50 | 000,315,392 | -H-- | M] (DeviceVM) [Auto | Running] -- C:\SPLASH.SYS\config\DVMExportService.exe -- (DvmMDES) SRV - [2008.09.12 15:01:28 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) SRV - [2008.09.05 11:03:56 | 000,069,632 | ---- | M] (SRS Labs, Inc.) [Auto | Running] -- C:\Programme\SRS Labs\WOWHD and TSXT Driver\SRS_PostInstaller.exe -- (SRS_PostInstaller) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\PCASp50.sys -- (PCASp50) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\lgodd_filter.sys -- (lgodd_filter) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - [2013.04.03 00:08:38 | 000,142,496 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent) DRV - [2013.04.02 12:30:32 | 001,603,824 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.3.0.36\Definitions\VirusDefs\20130402.025\NAVEX15.SYS -- (NAVEX15) DRV - [2013.04.02 12:30:32 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl) DRV - [2013.04.02 12:30:32 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv) DRV - [2013.04.02 12:30:32 | 000,093,296 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.3.0.36\Definitions\VirusDefs\20130402.025\NAVENG.SYS -- (NAVENG) DRV - [2013.03.30 05:26:56 | 000,373,728 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.3.0.36\Definitions\IPSDefs\20130402.001\IDSXpx86.sys -- (IDSxpx86) DRV - [2013.03.22 03:52:23 | 000,997,464 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.3.0.36\Definitions\BASHDefs\20130322.001\BHDrvx86.sys -- (BHDrvx86) DRV - [2013.01.30 21:18:18 | 000,394,656 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NAV\1403000.024\symtdi.sys -- (SYMTDI) DRV - [2013.01.30 21:18:06 | 000,934,488 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\NAV\1403000.024\SymEFA.sys -- (SymEFA) DRV - [2013.01.28 19:45:18 | 000,602,712 | R--- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NAV\1403000.024\srtsp.sys -- (SRTSP) DRV - [2013.01.28 19:45:18 | 000,032,344 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NAV\1403000.024\srtspx.sys -- (SRTSPX) DRV - [2013.01.21 20:15:32 | 000,367,704 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\NAV\1403000.024\SymDS.sys -- (SymDS) DRV - [2012.12.14 16:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector) DRV - [2012.11.16 05:18:04 | 000,134,304 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NST\7DD03000.01A\ccSetx86.sys -- (ccSet_NST) DRV - [2012.11.15 20:22:02 | 000,175,264 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NAV\1403000.024\Ironx86.sys -- (SymIRON) DRV - [2012.11.15 20:18:04 | 000,134,304 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NAV\1403000.024\ccSetx86.sys -- (ccSet_NAV) DRV - [2011.07.24 21:02:52 | 000,018,184 | ---- | M] (OTi.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Usbnic.sys -- (Usbnic) DRV - [2010.03.11 09:36:26 | 000,024,192 | ---- | M] (Bytemobile, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\tcpipBM.sys -- (tcpipBM) DRV - [2010.03.11 09:36:24 | 000,013,184 | ---- | M] (Bytemobile, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\BMLoad.sys -- (BMLoad) DRV - [2010.03.01 18:35:22 | 000,080,000 | ---- | M] (Vodafone) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\vodafone_K3805-z_dc_enum.sys -- (vodafone_K3805-z_dc_enum) DRV - [2009.08.18 13:06:56 | 000,009,728 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\massfilter.sys -- (massfilter) DRV - [2009.03.09 10:39:46 | 000,997,888 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\vm331avs.sys -- (vm331avs) DRV - [2009.02.03 10:22:00 | 005,030,912 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) DRV - [2008.10.30 14:14:20 | 000,117,888 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp) DRV - [2008.10.10 10:46:22 | 000,007,552 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lgsnd_filter.sys -- (lgsnd_filter) DRV - [2008.09.08 12:22:02 | 000,076,840 | R--- | M] (Ericsson AB) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emc2gps.sys -- (emc2gps) DRV - [2008.09.05 15:39:04 | 000,404,864 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emc2mdm2.sys -- (emc2mdm2) DRV - [2008.09.05 15:39:04 | 000,368,000 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emc2unic.sys -- (emc2unic) DRV - [2008.09.05 15:39:04 | 000,360,192 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emc2mdm.sys -- (emc2mdm) DRV - [2008.09.05 15:39:04 | 000,025,856 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emc2nd5.sys -- (emc2nd5) DRV - [2008.09.05 15:39:04 | 000,014,976 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emc2mdfl2.sys -- (emc2mdfl2) DRV - [2008.09.05 15:39:04 | 000,014,976 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emc2mdfl.sys -- (emc2mdfl) DRV - [2008.09.05 15:39:02 | 000,351,488 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emc2card.sys -- (emc2card) DRV - [2008.09.05 15:39:02 | 000,276,352 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emc2bus.sys -- (emc2bus) DRV - [2008.09.05 11:08:14 | 000,022,528 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WOWFilter.sys -- (wowfilter) DRV - [2008.08.22 11:25:14 | 000,308,608 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rtl8187Se.sys -- (rtl8187Se) DRV - [2008.08.07 16:23:22 | 000,024,104 | R--- | M] (Sony Ericsson) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emc2scard.sys -- (Sony_EricssonWWSC) DRV - [2008.08.05 13:10:12 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt) DRV - [2008.04.03 18:38:40 | 000,015,232 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Ndisipo.sys -- (Ndisipo) DRV - [2007.01.26 01:00:00 | 000,265,088 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\fwlanusb.sys -- (FWLANUSB) DRV - [2007.01.26 01:00:00 | 000,004,352 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avmeject.sys -- (avmeject) DRV - [2006.11.02 07:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB) DRV - [2006.01.04 08:41:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2102} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LGEL IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2367859620-1397157102-713918328-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-21-2367859620-1397157102-713918328-1005\..\URLSearchHook: - No CLSID value found IE - HKU\S-1-5-21-2367859620-1397157102-713918328-1005\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKU\S-1-5-21-2367859620-1397157102-713918328-1005\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-2367859620-1397157102-713918328-1005\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd IE - HKU\S-1-5-21-2367859620-1397157102-713918328-1005\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SUNC_deDE387 IE - HKU\S-1-5-21-2367859620-1397157102-713918328-1005\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage} IE - HKU\S-1-5-21-2367859620-1397157102-713918328-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2367859620-1397157102-713918328-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = fritz.box;192.168.178.1 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Search Results" FF - prefs.js..browser.search.order.1: "Search Results" FF - prefs.js..browser.search.selectedEngine: "Search Results" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.quadportal-brandenburg.de/" FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2 FF - prefs.js..keyword.URL: "hxxp://dts.search-results.com/sr?src=ffb&gct=ds&appid=133&systemid=102&apn_dtid=BND102&apn_ptnrs=AG7&apn_uid=1025687346264913&o=APN10646&q=" FF - prefs.js..network.proxy.no_proxies_on: "fritz.box,192.168.178.1" FF - prefs.js..network.proxy.type: 0 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: d:\Programme\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Programme\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ff-bmboc@bytemobile.com: C:\Programme\Vodafone\Vodafone Mobile Connect\Optimization Client\addon\ [2010.09.07 08:41:47 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.3.0.36\IPSFFPlgn\ [2013.04.03 00:10:00 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F04D2D30-776C-4d02-8627-8E4385ECA58D}: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2013.3.0.26\coFFPlgn\ [2013.04.03 17:24:50 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Programme\Mozilla Firefox\components [2013.03.11 14:24:25 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smstoolbar@vodafone.de: C:\Programme\Vodafone\Messenger PC\Plugins\Vodafone SMS Toolbar\Firefox [2009.03.20 13:05:38 | 000,000,000 | ---D | M] [2013.04.03 16:51:13 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Anja\Anwendungsdaten\Mozilla\Extensions [2013.04.03 16:56:52 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Anja\Anwendungsdaten\Mozilla\Firefox\Profiles\jj0p8jvu.default\extensions [2013.03.22 10:56:12 | 000,549,639 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Anja\Anwendungsdaten\Mozilla\Firefox\Profiles\jj0p8jvu.default\extensions\toolbar@web.de.xpi [2012.07.02 11:56:34 | 000,000,853 | ---- | M] () -- C:\Dokumente und Einstellungen\Anja\Anwendungsdaten\Mozilla\Firefox\Profiles\jj0p8jvu.default\searchplugins\11-suche.xml [2012.07.02 11:56:35 | 000,002,209 | ---- | M] () -- C:\Dokumente und Einstellungen\Anja\Anwendungsdaten\Mozilla\Firefox\Profiles\jj0p8jvu.default\searchplugins\englische-ergebnisse.xml [2012.07.02 11:56:34 | 000,010,506 | ---- | M] () -- C:\Dokumente und Einstellungen\Anja\Anwendungsdaten\Mozilla\Firefox\Profiles\jj0p8jvu.default\searchplugins\gmx-suche.xml [2012.07.02 11:56:35 | 000,002,368 | ---- | M] () -- C:\Dokumente und Einstellungen\Anja\Anwendungsdaten\Mozilla\Firefox\Profiles\jj0p8jvu.default\searchplugins\lastminute.xml [2012.07.02 11:56:34 | 000,005,489 | ---- | M] () -- C:\Dokumente und Einstellungen\Anja\Anwendungsdaten\Mozilla\Firefox\Profiles\jj0p8jvu.default\searchplugins\webde-suche.xml [2013.04.03 16:51:13 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2013.03.11 14:24:25 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll [2012.06.28 14:33:40 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.09.14 11:34:51 | 000,002,465 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml [2012.06.28 14:33:40 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml [2012.06.28 14:33:40 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml [2012.06.28 14:33:40 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.28 14:33:40 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2008.04.14 14:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Programme\Norton AntiVirus\Engine\20.3.0.36\IPS\IPSBHO.dll (Symantec Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Norton Identity Protection) - {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} - C:\Programme\Norton Identity Safe\Engine\2013.3.0.26\CoIEPlg.dll (Symantec Corporation) O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (Vodafone SMS Toolbar) - {27743AB1-8A7C-442A-8F10-AE39E2F26538} - C:\Programme\Vodafone\Messenger PC\Plugins\Vodafone SMS Toolbar\IE\SMSToolbar.dll (Vodafone) O3 - HKLM\..\Toolbar: (Norton Identity Safe Toolbar) - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Programme\Norton Identity Safe\Engine\2013.3.0.26\CoIEPlg.dll (Symantec Corporation) O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O4 - HKLM..\Run: [331BigDog] C:\Programme\USB Camera\VM331_STI.EXE (Vimicro) O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Alcmtr] ALCMTR.EXE File not found O4 - HKLM..\Run: [AVMWlanClient] C:\Programme\avmwlanstick\FRITZWLANMini.exe (AVM Berlin) O4 - HKLM..\Run: [batterymiser] C:\Program Files\LG Software\Battery Miser\batterymiser.exe (LG Electronics Inc.) O4 - HKLM..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent File not found O4 - HKLM..\Run: [DATAMNGR] C:\PROGRA~1\SEARCH~1\Datamngr\DATAMN~1.EXE File not found O4 - HKLM..\Run: [Ettin] C:\WINDOWS\system32\Ettin\EtEngineU.exe File not found O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) O4 - HKLM..\Run: [IPO3] C:\Programme\LG Software\IP Operator\IP Operator.exe (LG Electronics Inc.) O4 - HKLM..\Run: [KeybdUtility] C:\Programme\LG Software\On Screen Display\HotKey.exe (LG Electronics) O4 - HKLM..\Run: [LG Intelligent Update] C:\Programme\lg_swupdate\autoupdate.exe (BIT LEADER) O4 - HKLM..\Run: [LG Magnifier] C:\Programme\LG Software\LG Magnifier\MagnifyingGlass.exe (LG Electronics Inc.) O4 - HKLM..\Run: [MobileConnect] C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Vodafone) O4 - HKLM..\Run: [RTHDCPL] RTHDCPL.EXE File not found O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [zOSD] C:\Programme\LG Software\On Screen Display\HotKey.exe (LG Electronics) O4 - HKLM..\Run: [Zune Launcher] C:\Programme\Zune\ZuneLauncher.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2367859620-1397157102-713918328-1005..\Run: [Emusatupow] "C:\Dokumente und Einstellungen\Anja\Anwendungsdaten\Ikus\iruf.exe" File not found O4 - HKU\S-1-5-21-2367859620-1397157102-713918328-1005..\Run: [SRSTrayApp] C:\Programme\SRS Labs\WOWHD and TSXT Driver\SRSTrayApp.exe (SRS Labs, Inc.) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\WinZip Quick Pick.lnk = C:\Programme\WinZip\WZQKPICK32.EXE (WinZip Computing, S.L.) O4 - Startup: C:\Dokumente und Einstellungen\Default User\Startmenü\Programme\Autostart\Vodafone Videothek.url () O4 - Startup: C:\Dokumente und Einstellungen\Gast\Startmenü\Programme\Autostart\Vodafone Videothek.url () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-2367859620-1397157102-713918328-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Dokumente und Einstellungen\Anja\Anwendungsdaten\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Send MMS - C:\Programme\Vodafone\Messenger PC\Plugins\Vodafone SMS Toolbar\IE\SMSToolbar.dll (Vodafone) O8 - Extra context menu item: Send SMS - C:\Programme\Vodafone\Messenger PC\Plugins\Vodafone SMS Toolbar\IE\SMSToolbar.dll (Vodafone) O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O15 - HKU\S-1-5-21-2367859620-1397157102-713918328-1005\..Trusted Domains: fritz.box ([]* in Lokales Intranet) O15 - HKU\S-1-5-21-2367859620-1397157102-713918328-1005\..Trusted Ranges: Range1 ([*] in Lokales Intranet) O16 - DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} hxxp://picasaweb.google.com/s/v/62.08/uploader2.cab (UploadListView Class) O16 - DPF: {888078C6-70B2-4F88-8EE7-1F50DDEA6120} https://as.photoprintit.de/ips-opdata/activex/ImageUploader6.cab (CeWe Color AG & Co. OHG Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} hxxp://game.zylom.com/activex/zylomgamesplayer.cab (Zylom Games Player) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} hxxp://wettiner-ring.dyndns.org:82/activex/AMC.cab (AxisMediaControlEmb Class) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.20 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CDEAA99D-466A-4E7D-AA54-F4F6BF5D3451}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D49A5303-61C6-4225-BEF7-46CA84E0D2B5}: DhcpNameServer = 192.168.0.20 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D70F56C2-52B1-4320-BB59-7911D29BCBB3}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DF66E0D1-4805-4742-BE93-F22FBC27F43E}: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found O20 - AppInit_DLLs: (C:\DOKUME~1\ALLUSE~1\ANWEND~1\Wincert\WIN32C~1.DLL) - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Wincert\win32cert.dll () O20 - AppInit_DLLs: (C:\PROGRA~1\SEARCH~1\Datamngr\datamngr.dll) - File not found O20 - AppInit_DLLs: (C:\PROGRA~1\SEARCH~1\Datamngr\IEBHO.dll) - File not found O20 - HKLM Winlogon: Shell - (Explorer.exe) - File not found O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: UIHost - (logonui.exe) - File not found O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - File not found O20 - Winlogon\Notify\crypt32chain: DllName - (crypt32.dll) - File not found O20 - Winlogon\Notify\cryptnet: DllName - (cryptnet.dll) - File not found O20 - Winlogon\Notify\cscdll: DllName - (cscdll.dll) - File not found O20 - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - File not found O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - File not found O20 - Winlogon\Notify\Schedule: DllName - (wlnotify.dll) - File not found O20 - Winlogon\Notify\sclgntfy: DllName - (sclgntfy.dll) - File not found O20 - Winlogon\Notify\SensLogn: DllName - (WlNotify.dll) - File not found O20 - Winlogon\Notify\termsrv: DllName - (wlnotify.dll) - File not found O20 - Winlogon\Notify\wlballoon: DllName - (wlnotify.dll) - File not found O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Anja\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Anja\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O28 - HKLM ShellExecuteHooks: {26F5978F-6493-4ee3-B114-C0C3ACCF9D4D} - C:\WINDOWS\system32\bmpsap.dll () O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll File not found O29 - HKLM SecurityProviders - (msapsspc.dll) - File not found O29 - HKLM SecurityProviders - (schannel.dll) - File not found O29 - HKLM SecurityProviders - (digest.dll) - File not found O29 - HKLM SecurityProviders - (msnsspc.dll) - File not found O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.03.19 16:41:25 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013.04.03 17:09:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\Temp [2013.04.03 16:47:03 | 000,000,000 | ---D | C] -- C:\zoek [2013.04.03 13:15:03 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Anja\Desktop\OTL.exe [2013.04.03 10:29:33 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Wincert [2013.04.03 10:29:12 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Anja\Anwendungsdaten\jziptoolbargaw [2013.04.03 10:29:00 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Anja\Lokale Einstellungen\Anwendungsdaten\jZip [2013.04.03 10:28:20 | 000,000,000 | ---D | C] -- C:\Programme\jZip [2013.04.03 09:42:00 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Anja\Anwendungsdaten\Malwarebytes [2013.04.03 09:41:46 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware [2013.04.03 09:41:43 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2013.04.03 09:41:40 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2013.04.03 09:41:39 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2013.04.03 00:26:18 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\boost_interprocess [2013.04.03 00:26:17 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Norton Online Backup [2013.04.03 00:26:16 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Symantec [2013.04.03 00:09:17 | 000,134,304 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NST\7DD03000.01A\ccSetx86.sys [2013.04.03 00:08:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NST [2013.04.03 00:08:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NST\7DD03000.01A [2013.04.03 00:08:52 | 000,000,000 | ---D | C] -- C:\Programme\Norton Identity Safe [2013.04.03 00:08:52 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Norton Identity Safe [2013.04.03 00:08:38 | 000,142,496 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS [2013.04.03 00:08:38 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Symantec Shared [2013.04.03 00:08:38 | 000,000,000 | ---D | C] -- C:\Programme\Symantec [2013.04.03 00:08:15 | 000,934,488 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1403000.024\SymEFA.sys [2013.04.03 00:08:15 | 000,394,656 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1403000.024\symtdi.sys [2013.04.03 00:08:15 | 000,367,704 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1403000.024\SymDS.sys [2013.04.03 00:08:15 | 000,350,368 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1403000.024\symtdiv.sys [2013.04.03 00:08:15 | 000,338,592 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1403000.024\symnets.sys [2013.04.03 00:08:15 | 000,032,344 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1403000.024\srtspx.sys [2013.04.03 00:08:15 | 000,021,400 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1403000.024\SymELAM.sys [2013.04.03 00:08:14 | 000,602,712 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1403000.024\srtsp.sys [2013.04.03 00:08:14 | 000,175,264 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1403000.024\Ironx86.sys [2013.04.03 00:08:14 | 000,134,304 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1403000.024\ccSetx86.sys [2013.04.03 00:07:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NAV [2013.04.03 00:07:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NAV\1403000.024 [2013.04.03 00:07:05 | 000,000,000 | ---D | C] -- C:\Programme\Norton AntiVirus [2013.04.03 00:07:05 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Norton AntiVirus [2013.04.03 00:07:04 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton [2013.04.03 00:05:24 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Anja\Lokale Einstellungen\Anwendungsdaten\Avg2013 [2013.04.03 00:04:09 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2013.04.03 00:00:36 | 000,000,000 | ---D | C] -- C:\Programme\NortonInstaller [2013.04.03 00:00:36 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NortonInstaller [2013.04.02 21:56:32 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Anja\Anwendungsdaten\TuneUp Software [2013.04.02 21:55:20 | 000,000,000 | -H-D | C] -- C:\$AVG [2013.04.02 21:55:19 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVG2013 [2013.04.02 21:48:28 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Common Files [2013.04.02 21:48:28 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Anja\Lokale Einstellungen\Anwendungsdaten\MFAData [2013.04.02 21:48:28 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MFAData [2013.04.02 12:49:35 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Google Earth [2013.03.21 21:31:37 | 000,693,976 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe [2013.03.21 21:09:16 | 000,012,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usb8023x.sys [2013.03.11 14:24:17 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Firefox [2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.04.03 17:48:52 | 000,000,412 | ---- | M] () -- C:\Dokumente und Einstellungen\Anja\Eigene Dateien\spider.sav [2013.04.03 17:41:13 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2013.04.03 17:34:33 | 000,000,406 | -H-- | M] () -- C:\dvmexp.idx [2013.04.03 17:27:11 | 000,000,930 | ---- | M] () -- C:\WINDOWS\lgcenter.ini [2013.04.03 17:24:17 | 000,001,082 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2013.04.03 17:23:58 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2013.04.03 17:23:46 | 1063,374,848 | -HS- | M] () -- C:\hiberfil.sys [2013.04.03 17:18:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2013.04.03 16:29:36 | 000,024,064 | ---- | M] () -- C:\WINDOWS\zoek-delete.exe [2013.04.03 16:29:20 | 001,266,704 | ---- | M] () -- C:\Dokumente und Einstellungen\Anja\Desktop\zoek.exe [2013.04.03 13:15:03 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Anja\Desktop\OTL.exe [2013.04.03 10:29:21 | 000,000,634 | ---- | M] () -- C:\Dokumente und Einstellungen\Anja\Desktop\jZip.lnk [2013.04.03 09:41:50 | 000,000,756 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk [2013.04.03 09:22:49 | 095,023,320 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\8ot3of.pad [2013.04.03 00:26:17 | 000,001,715 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Norton Online Backup.lnk [2013.04.03 00:10:10 | 000,628,404 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1403000.024\Cat.DB [2013.04.03 00:08:38 | 000,142,496 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS [2013.04.03 00:08:38 | 000,007,446 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT [2013.04.03 00:08:38 | 000,000,806 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF [2013.04.03 00:08:24 | 000,001,849 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Norton AntiVirus.LNK [2013.04.02 23:02:21 | 000,000,416 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{6FF68B01-322F-4084-B9C7-864E5BF6CABB}.job [2013.04.02 12:49:36 | 000,001,887 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Google Earth.lnk [2013.04.01 20:46:35 | 000,000,794 | ---- | M] () -- C:\Dokumente und Einstellungen\Anja\Startmenü\Programme\Autostart\msconfig.lnk [2013.04.01 20:17:47 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2013.03.22 08:18:50 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe [2013.03.22 08:18:50 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl [2013.03.18 21:31:16 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf [2013.03.14 17:21:05 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.04.03 17:09:58 | 000,024,064 | ---- | C] () -- C:\WINDOWS\zoek-delete.exe [2013.04.03 16:29:19 | 001,266,704 | ---- | C] () -- C:\Dokumente und Einstellungen\Anja\Desktop\zoek.exe [2013.04.03 10:29:21 | 000,000,640 | ---- | C] () -- C:\Dokumente und Einstellungen\Anja\Startmenü\Programme\jZip.lnk [2013.04.03 10:29:20 | 000,000,634 | ---- | C] () -- C:\Dokumente und Einstellungen\Anja\Desktop\jZip.lnk [2013.04.03 09:41:50 | 000,000,756 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk [2013.04.03 00:26:17 | 000,001,715 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Norton Online Backup.lnk [2013.04.03 00:19:37 | 000,014,818 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1403000.024\VT20130115.021 [2013.04.03 00:09:25 | 000,628,404 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1403000.024\Cat.DB [2013.04.03 00:08:55 | 000,007,611 | R--- | C] () -- C:\WINDOWS\System32\drivers\NST\7DD03000.01A\ccsetx86.cat [2013.04.03 00:08:55 | 000,000,827 | R--- | C] () -- C:\WINDOWS\System32\drivers\NST\7DD03000.01A\ccSetx86.inf [2013.04.03 00:08:55 | 000,000,172 | ---- | C] () -- C:\WINDOWS\System32\drivers\NST\7DD03000.01A\isolate.ini [2013.04.03 00:08:38 | 000,007,446 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT [2013.04.03 00:08:38 | 000,000,806 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF [2013.04.03 00:08:24 | 000,001,849 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Norton AntiVirus.LNK [2013.04.03 00:07:44 | 000,003,434 | R--- | C] () -- C:\WINDOWS\System32\drivers\NAV\1403000.024\SymEFA.inf [2013.04.03 00:07:44 | 000,002,852 | R--- | C] () -- C:\WINDOWS\System32\drivers\NAV\1403000.024\SymDS.inf [2013.04.03 00:07:44 | 000,001,468 | R--- | C] () -- C:\WINDOWS\System32\drivers\NAV\1403000.024\SymNetV.inf [2013.04.03 00:07:44 | 000,001,440 | R--- | C] () -- C:\WINDOWS\System32\drivers\NAV\1403000.024\SymNet.inf [2013.04.03 00:07:44 | 000,001,389 | R--- | C] () -- C:\WINDOWS\System32\drivers\NAV\1403000.024\srtspx.inf [2013.04.03 00:07:44 | 000,001,389 | R--- | C] () -- C:\WINDOWS\System32\drivers\NAV\1403000.024\srtsp.inf [2013.04.03 00:07:44 | 000,000,996 | R--- | C] () -- C:\WINDOWS\System32\drivers\NAV\1403000.024\symELAM.inf [2013.04.03 00:07:44 | 000,000,827 | R--- | C] () -- C:\WINDOWS\System32\drivers\NAV\1403000.024\ccSetx86.inf [2013.04.03 00:07:44 | 000,000,737 | R--- | C] () -- C:\WINDOWS\System32\drivers\NAV\1403000.024\Iron.inf [2013.04.03 00:07:11 | 000,014,818 | R--- | C] () -- C:\WINDOWS\System32\drivers\NAV\1403000.024\SymVTcer.dat [2013.04.03 00:07:11 | 000,009,670 | R--- | C] () -- C:\WINDOWS\System32\drivers\NAV\1403000.024\SymELAM.cat [2013.04.03 00:07:11 | 000,007,877 | R--- | C] () -- C:\WINDOWS\System32\drivers\NAV\1403000.024\symnetv.cat [2013.04.03 00:07:11 | 000,007,611 | R--- | C] () -- C:\WINDOWS\System32\drivers\NAV\1403000.024\ccsetx86.cat [2013.04.03 00:07:11 | 000,007,601 | R--- | C] () -- C:\WINDOWS\System32\drivers\NAV\1403000.024\SymNet.cat [2013.04.03 00:07:11 | 000,007,593 | R--- | C] () -- C:\WINDOWS\System32\drivers\NAV\1403000.024\iron.cat [2013.04.03 00:07:11 | 000,007,583 | R--- | C] () -- C:\WINDOWS\System32\drivers\NAV\1403000.024\SymEFA.cat [2013.04.03 00:07:11 | 000,007,581 | R--- | C] () -- C:\WINDOWS\System32\drivers\NAV\1403000.024\srtspx.cat [2013.04.03 00:07:11 | 000,007,577 | R--- | C] () -- C:\WINDOWS\System32\drivers\NAV\1403000.024\SymDS.cat [2013.04.03 00:07:11 | 000,007,577 | R--- | C] () -- C:\WINDOWS\System32\drivers\NAV\1403000.024\srtsp.cat [2013.04.03 00:07:11 | 000,000,172 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1403000.024\isolate.ini [2013.04.02 12:49:36 | 000,001,887 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Google Earth.lnk [2013.04.01 20:46:35 | 000,000,794 | ---- | C] () -- C:\Dokumente und Einstellungen\Anja\Startmenü\Programme\Autostart\msconfig.lnk [2013.04.01 20:46:30 | 095,023,320 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\8ot3of.pad [2013.03.21 21:31:38 | 000,000,884 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2013.03.18 21:31:16 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf [2013.01.31 14:45:13 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2012.02.15 00:23:39 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2011.07.24 21:02:51 | 000,360,448 | ---- | C] () -- C:\WINDOWS\System32\Lan2108.dll [2011.07.24 21:02:51 | 000,132,608 | ---- | C] () -- C:\WINDOWS\System32\Lan2208.dll [2010.03.15 20:15:34 | 000,156,430 | R--- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DeviceManager.xml.rc4 [2009.11.03 16:29:15 | 000,025,600 | ---- | C] () -- C:\Dokumente und Einstellungen\Anja\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== ZeroAccess Check ========== [2009.03.20 12:56:05 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shdocvw.dll -- [2009.09.25 07:35:26 | 001,509,888 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009.02.09 12:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008.04.14 14:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both < End of report > Extras.Txt-Editor: Code:
ATTFilter OTL Extras logfile created on: 03.04.2013 17:29:07 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\Anja\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1014,04 Mb Total Physical Memory | 269,89 Mb Available Physical Memory | 26,61% Memory free
2,38 Gb Paging File | 1,48 Gb Available in Paging File | 62,07% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 50,00 Gb Total Space | 26,02 Gb Free Space | 52,04% Space Free | Partition Type: NTFS
Drive D: | 95,05 Gb Total Space | 77,60 Gb Free Space | 81,65% Space Free | Partition Type: NTFS
Computer Name: ANJANARVIK | User Name: Anja | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.reg [@ = regfile] -- regedit.exe "%1"
[HKEY_USERS\S-1-5-21-2367859620-1397157102-713918328-1005\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- winhlp32.exe %1
piffile [open] -- "%1" %*
regfile [open] -- regedit.exe "%1"
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Programme\ICQ7.5\ICQ.exe" = C:\Programme\ICQ7.5\ICQ.exe:*:Enabled:ICQ7.5 -- (ICQ, LLC.)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Programme\Messenger\msmsgs.exe" = C:\Programme\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)
"C:\Programme\ICQ6.5\ICQ.exe" = C:\Programme\ICQ6.5\ICQ.exe:*:Enabled:ICQ6
"C:\Programme\Skype\Plugin Manager\skypePM.exe" = C:\Programme\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager
"C:\Programme\Google\Google Earth\client\googleearth.exe" = C:\Programme\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- (Google)
"C:\WINDOWS\system32\Ettin\ETEngineU.exe" = C:\WINDOWS\system32\Ettin\ETEngineU.exe:*:Enabled:Smart Link Application
"C:\Programme\ICQ7.5\ICQ.exe" = C:\Programme\ICQ7.5\ICQ.exe:*:Enabled:ICQ7.5 -- (ICQ, LLC.)
"C:\Programme\Skype\Phone\Skype.exe" = C:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Disabled:Windows Explorer -- (Microsoft Corporation)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{07EEE598-5F21-4B57-B40B-46592625B3D9}" = Zune Language Pack (PTB)
"{0DD140D3-9563-481E-AA75-BA457CBDAEF2}" = PC Inspector File Recovery
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{17B2670B-DB33-4F5E-9273-0E5CDF39DA5F}" = Windows Phone Intro Video (DEU)
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20B1B020-DEAE-48D1-9960-D4C3185D758B}" = Phase 5 HTML-Editor
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2614583C-9235-49AE-BDFD-24E642FB63C0}" = Ericsson F3507g Wireless Module
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 24
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
"{28F39401-7ED4-43D7-AE2D-DBA4368BE3A8}" = WOW HD and TSXT Filter Driver
"{2A9DFFD8-4E09-4B91-B957-454805B0D7C4}" = Zune Language Pack (CHS)
"{2B3ADDDE-6841-4D5B-A655-CFB6C832430B}" = IP Operator
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3589A659-F732-4E65-A89A-5438C332E59D}" = Zune Language Pack (ELL)
"{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}" = Norton Online Backup
"{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51C839E1-2BE4-4E77-A1BA-CCEA5DAFA741}" = Zune Language Pack (KOR)
"{537575D6-3B96-474C-BD8F-DFF667363DBD}" = Naviextras Toolbox Prerequesities
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{57C51D56-B287-4C11-9192-EC3C46EF76A4}" = Zune Language Pack (RUS)
"{5C93E291-A1CC-4E51-85C6-E194209FCDB4}" = Zune Language Pack (PTG)
"{5DEFD397-4012-46C3-B6DA-E8013E660772}" = Zune Language Pack (NOR)
"{6740BCB0-5863-47F4-80F4-44F394DE4FE2}" = Zune Language Pack (NLD)
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6B33492E-FBBC-4EC3-8738-09E16E395A10}" = Zune Language Pack (ESP)
"{6EB931CD-A7DA-4A44-B74A-89C8EB50086F}" = Zune Language Pack (SVE)
"{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5
"{76BA306B-2AA0-47C0-AB6B-F313AB56C136}" = Zune Language Pack (MSL)
"{7EC19307-7C22-47A8-922B-3FA965291260}" = OpenOffice.org 3.0
"{7F7AE0A7-D2DF-44A0-BD20-33C53710FBAF}" = LG Magnifier
"{81717D01-32F6-449C-85E1-41AFD678E545}" = LG Intelligent Update
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8960A0A1-BB5A-479E-92CF-65AB9D684B43}" = Zune Language Pack (PLK)
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B112338-2B08-4851-AF84-E7CAD74CEB32}" = Zune Language Pack (DAN)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91252C0A-59F9-42F9-9181-B9CC74F592C0}" = Vodafone Mobile Connect
"{92ECE3F9-591E-4C12-8A62-B9FCE38BF646}" = Zune Language Pack (IND)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{953DC150-779B-4185-9018-C98A7C511999}" = Vodafone Music Manager
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B75648B-6C30-4A0D-9DE6-0D09D20AF5A5}" = Zune
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}" = MSXML 6.0 Parser
"{A5A53EA8-A11E-49F0-BDF5-AE536426A31A}" = Zune Language Pack (CHT)
"{A8F2E50B-86E2-4D96-9BD2-9758BCC6F9B3}" = Zune Language Pack (CSY)
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC73C2D7-D10C-40F5-AD67-3E957EE9B6BC}" = On Screen Display
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.3 - Deutsch
"{AD88355B-A4E0-4DA1-BAC3-EA4FEA930691}" = Ipswitch WS_FTP 12
"{ADE16A9D-FBDC-4ecc-B6BD-9C31E51D0332}" = FS13FF-183
"{B4870774-5F3A-46D9-9DFE-06FB5599E26B}" = Zune Language Pack (FIN)
"{BE236D9A-52EC-4A17-82DA-84B5EAD31E3E}" = Zune Language Pack (DEU)
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C5D37FFA-7483-410B-982B-91E93FD3B7DA}" = Zune Language Pack (ITA)
"{C68D33B1-0204-4EBE-BC45-A6E432B1D13A}" = Zune Language Pack (FRA)
"{C6BE19C6-B102-4038-B2A6-1C313872DBB4}" = Zune Language Pack (HUN)
"{C9A87D86-FDFD-418B-BF96-EF09320973B3}" = PC Inspector smart recovery
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CC4FA43B-BE54-48AF-8B62-D0C00E2D1D15}" = LG Smart Recovery
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240D2}" = WinZip 16.5
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D4EEC21C-04F0-4CF4-8078-82C11E38EF11}" = REALTEK RTL8187SE Wireless LAN Driver
"{D8A781C9-3892-4E2E-9320-480CF896CFBB}" = Zune Language Pack (JPN)
"{E55C8F84-160B-41FA-9D41-6210801C0C24}" = Battery Miser
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2CB8C3C-9C9E-4FAB-9067-655601C5F748}" = Windows Mobile Device Updater Component
"{FCF7655B-62C3-4C16-A12D-CC84B33493FB}" = LG Smart On
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AXIS Media Control Embedded" = AXIS Media Control Embedded
"BVSSOLDE_is1" = BVS Solitaire Sammlung version 6.2.1
"Elf_1.13 Toolbar" = Elf 1.13 Toolbar
"FileZilla Client" = FileZilla Client 3.3.5.1
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.815
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"ICQToolbar" = ICQ Toolbar
"ie8" = Windows Internet Explorer 8
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"IrfanView" = IrfanView (remove only)
"jziptoolbargaw" = Search-Results Toolbar
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 19.0.2 (x86 de)" = Mozilla Firefox 19.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NAV" = Norton AntiVirus
"Naviextras Toolbox" = Naviextras Toolbox
"NST" = Norton Identity Safe
"Picasa 3" = Picasa 3
"POIbase_is1" = POIbase 1.020
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Vodafone Messenger PC" = Vodafone Messenger PC
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"winusb0100" = Microsoft WinUsb 1.0
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01009" = Microsoft User-Mode Driver Framework Feature Pack 1.9
"Xilisoft MOV Converter" = Xilisoft MOV Converter
"Zune" = Zune
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-2367859620-1397157102-713918328-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"jZip" = jZip
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 02.04.2013 18:09:32 | Computer Name = ANJANARVIK | Source = crypt32 | ID = 131083
Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich
nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel
in der signierten Datei. .
Error - 03.04.2013 03:30:10 | Computer Name = ANJANARVIK | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung magnifyingglass.exe, Version 1.40.0.0, fehlgeschlagenes
Modul magnifyingglass.exe, Version 1.40.0.0, Fehleradresse 0x00005372.
Error - 03.04.2013 04:22:31 | Computer Name = ANJANARVIK | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung magnifyingglass.exe, Version 1.40.0.0, fehlgeschlagenes
Modul magnifyingglass.exe, Version 1.40.0.0, Fehleradresse 0x00005372.
Error - 03.04.2013 04:23:19 | Computer Name = ANJANARVIK | Source = Application Error | ID = 1001
Description = Fehlerhafter Speicherbereich 962362509.
Error - 03.04.2013 06:14:56 | Computer Name = ANJANARVIK | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung magnifyingglass.exe, Version 1.40.0.0, fehlgeschlagenes
Modul magnifyingglass.exe, Version 1.40.0.0, Fehleradresse 0x00005372.
Error - 03.04.2013 06:15:01 | Computer Name = ANJANARVIK | Source = Application Error | ID = 1001
Description = Fehlerhafter Speicherbereich 962362509.
Error - 03.04.2013 07:22:09 | Computer Name = ANJANARVIK | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung magnifyingglass.exe, Version 1.40.0.0, fehlgeschlagenes
Modul magnifyingglass.exe, Version 1.40.0.0, Fehleradresse 0x00005372.
Error - 03.04.2013 08:25:49 | Computer Name = ANJANARVIK | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung magnifyingglass.exe, Version 1.40.0.0, fehlgeschlagenes
Modul magnifyingglass.exe, Version 1.40.0.0, Fehleradresse 0x00005372.
Error - 03.04.2013 10:20:27 | Computer Name = ANJANARVIK | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung magnifyingglass.exe, Version 1.40.0.0, fehlgeschlagenes
Modul magnifyingglass.exe, Version 1.40.0.0, Fehleradresse 0x00005372.
Error - 03.04.2013 11:27:57 | Computer Name = ANJANARVIK | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung magnifyingglass.exe, Version 1.40.0.0, fehlgeschlagenes
Modul magnifyingglass.exe, Version 1.40.0.0, Fehleradresse 0x00005372.
[ System Events ]
Error - 03.04.2013 12:04:54 | Computer Name = ANJANARVIK | Source = DCOM | ID = 10010
Description = Der Server "{8BC3F05E-D86B-11D0-A075-00C04FB68820}" konnte innerhalb
des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Error - 03.04.2013 12:05:24 | Computer Name = ANJANARVIK | Source = DCOM | ID = 10010
Description = Der Server "{8BC3F05E-D86B-11D0-A075-00C04FB68820}" konnte innerhalb
des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Error - 03.04.2013 12:06:36 | Computer Name = ANJANARVIK | Source = DCOM | ID = 10010
Description = Der Server "{8BC3F05E-D86B-11D0-A075-00C04FB68820}" konnte innerhalb
des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Error - 03.04.2013 12:07:06 | Computer Name = ANJANARVIK | Source = DCOM | ID = 10010
Description = Der Server "{8BC3F05E-D86B-11D0-A075-00C04FB68820}" konnte innerhalb
des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Error - 03.04.2013 12:07:36 | Computer Name = ANJANARVIK | Source = DCOM | ID = 10010
Description = Der Server "{8BC3F05E-D86B-11D0-A075-00C04FB68820}" konnte innerhalb
des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Error - 03.04.2013 12:08:06 | Computer Name = ANJANARVIK | Source = DCOM | ID = 10010
Description = Der Server "{8BC3F05E-D86B-11D0-A075-00C04FB68820}" konnte innerhalb
des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Error - 03.04.2013 12:08:36 | Computer Name = ANJANARVIK | Source = DCOM | ID = 10010
Description = Der Server "{8BC3F05E-D86B-11D0-A075-00C04FB68820}" konnte innerhalb
des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Error - 03.04.2013 12:09:06 | Computer Name = ANJANARVIK | Source = DCOM | ID = 10010
Description = Der Server "{8BC3F05E-D86B-11D0-A075-00C04FB68820}" konnte innerhalb
des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Error - 03.04.2013 12:09:36 | Computer Name = ANJANARVIK | Source = DCOM | ID = 10010
Description = Der Server "{8BC3F05E-D86B-11D0-A075-00C04FB68820}" konnte innerhalb
des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Error - 03.04.2013 12:10:06 | Computer Name = ANJANARVIK | Source = DCOM | ID = 10010
Description = Der Server "{8BC3F05E-D86B-11D0-A075-00C04FB68820}" konnte innerhalb
des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
< End of report >
 Zitat:
 Schritt 2 aucvh erledigt. Mein Netbook ist nur extrem langsam (oder ich zu ungeduldig) |
|
03.04.2013, 17:53
| #12 |
| /// Malwareteam / Visitor | GVU-Trojaner und keine Ahnung...
Code:
ATTFilter :OTL
SRV - File not found [Auto | Stopped] -- C:\DOKUME~1\ALLUSE~1\ANWEND~1\fo3to8.dat -- (winmgmt)
IE - HKU\S-1-5-21-2367859620-1397157102-713918328-1005\..\URLSearchHook: - No CLSID value found
IE - HKU\S-1-5-21-2367859620-1397157102-713918328-1005\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
FF - prefs.js..browser.search.defaultenginename: "Search Results"
FF - prefs.js..browser.search.order.1: "Search Results"
FF - prefs.js..browser.search.selectedEngine: "Search Results"
FF - prefs.js..keyword.URL: "hxxp://dts.search-results.com/sr?src=ffb&gct=ds&appid=133&systemid=102&apn_dtid=BND102&apn_ptnrs=AG7&apn_uid=1025687346264913&o=APN10646&q="
HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
HKLM..\Run: [DATAMNGR] C:\PROGRA~1\SEARCH~1\Datamngr\DATAMN~1.EXE File not found
O4 - HKU\S-1-5-21-2367859620-1397157102-713918328-1005..\Run: [Emusatupow] "C:\Dokumente und Einstellungen\Anja\Anwendungsdaten\Ikus\iruf.exe" File not found
O20 - AppInit_DLLs: (C:\DOKUME~1\ALLUSE~1\ANWEND~1\Wincert\WIN32C~1.DLL) - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Wincert\win32cert.dll ()
O20 - AppInit_DLLs: (C:\PROGRA~1\SEARCH~1\Datamngr\datamngr.dll) - File not found
O20 - AppInit_DLLs: (C:\PROGRA~1\SEARCH~1\Datamngr\IEBHO.dll) - File not found
[2013.04.03 10:29:33 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Wincert
[2013.04.03 10:29:12 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Anja\Anwendungsdaten\jziptoolbargaw
[2013.04.03 00:26:18 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\boost_interprocess
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2013.04.03 09:22:49 | 095,023,320 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\8ot3of.pad
[2013.04.01 20:46:35 | 000,000,794 | ---- | M] () -- C:\Dokumente und Einstellungen\Anja\Startmenü\Programme\Autostart\msconfig.lnk
:Files
C:\Dokumente und Einstellungen\Anja\Anwendungsdaten\Ikus
:commands
[emptytemp]
Starte bitte die OTL.exe.
Bitte poste in deiner nächsten Antwort:
|
|
04.04.2013, 14:59
| #13 |
| | GVU-Trojaner und keine Ahnung... Hallo smeenk, ich wollte nur ein kurzes Lebenszeichen geben, nicht dass du denkst, ich habe es geschafft und bin einfach so weg. Nachdem ich gestern Abend das ganze versucht habe, musste ich dann doch in der Nacht mein Netbook ausschalten, weil ich schlafen wollte. Nun läuft das Teil seit heute morgen 7 Uhr, aber es passiert einfach nüscht. Ich kann mir nicht vorstellen, dass das sooo lange dauert. Der Quick Scan ging ja doch relativ fix. Falls es doch soooo lange dauern sollte, bitte mal kurz Bescheid geben, dann warte ich noch. Ansonsten würde ich alles abbrechen und das Spiel mit der Neuinstallation wieder beginnen. LG Anja |
|
04.04.2013, 15:28
| #14 |
| /// Malwareteam / Visitor | GVU-Trojaner und keine Ahnung... Breche den Scan mit OTL einfach ab, wir können es auch mit Zoek.exe versuchen Öffne nochmal ZOEK und kopiere untenstehende Code in das Textfeld: Code:
ATTFilter {6552C7DD-90A4-4387-B795-F8F96747DE19};c
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows];r
"AppInit_DLLs"=-;r
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run];r
"DATAMNGR"=-;r
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run];r
"Emusatupow"=-;r
Search Results;ff
search-results;ff
C:\WINDOWS\System32\*.tmp;f
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\8ot3of.pad;f
C:\Dokumente und Einstellungen\Anja\Startmenü\Programme\Autostart\msconfig.lnk;f
C:\Dokumente und Einstellungen\Anja\Anwendungsdaten\jziptoolbargaw;fs
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\boost_interprocess;fs
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Wincert;fs
C:\Dokumente und Einstellungen\Anja\Anwendungsdaten;m6d
C:\Dokumente und Einstellungen\Anja\Anwendungsdaten\Ikus;f
Poste mir das Logfile. |
|
04.04.2013, 18:09
| #15 |
| | GVU-Trojaner und keine Ahnung... Hab ich gemacht, aber wie immer ist nicht zu erkennen, ob das Programm überhaupt arbeitet. Wenn ich auf Run klicke, kommt wieder die Fehlermeldung, das im Script ein Fehler aufgetreten ist. Also erst mal abwarten und Tee trinken... Muss ich eigentlich unter Optionen wieder Haken machen??? |
|
| Themen zu GVU-Trojaner und keine Ahnung... |
| administrator, autostart, dateien, dll, ergebnis, explorer, foren, gelöscht, hartnäckig, löschen, malwarebytes, microsoft, problem, quarantäne, rundll, rundll32.exe, run|ctfmon.exe, service, service pack 3, software, speicher, startet, test, trojan.agent.ge, trojan.agent.nr, trojaner, version, wirklich |
Textbox.
Linear-Darstellung
