|
Plagegeister aller Art und deren Bekämpfung: GUV trojanerWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
21.05.2013, 16:28 | #1 |
| GUV trojaner Servus! habe mir den guv trojaner eingehandelt, wenn der abgesicherte modus aktiviert wird fährt er gleich wieder runter. bei abges. modus mit eingabehilfe finde ich die in guides beschriebenen namen nicht. habe Otl drüberlaufen lassen, hier meine ergebnisse Dateisystem auf K: wird überprüft. Der Typ des Dateisystems ist FAT. Einer der Datenträger muss auf Konsistenz überprüft werden. Sie können die Datenträgerüberprüfung abbrechen, aber es wird ausdrücklich empfohlen, den Vorgang fortzusetzen. Die Datenträgerüberprüfung wird jetzt ausgeführt. Volumeseriennummer : F4D1-0FA5 Das Dateisystem wurde überprüft. Es wurden keine Probleme festgestellt. 2041249792 Bytes Speicherplatz auf dem Datenträger insgesamt 32768 Bytes in 1 versteckten Datei(en) 294912 Bytes in 6 Ordner(n) 1683554304 Bytes in 1313 Datei(en) 357367808 Bytes auf dem Datenträger verfügbar 32768 Bytes in jeder Zuordnungseinheit 62294 Zuordnungseinheiten auf dem Datenträger insgesamt 10906 Zuordnungseinheiten auf dem Datenträger verfügbar OTL Extras logfile created on: 21.05.2013 16:55:22 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = k:\ Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 7.0.6001.18000) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,62 Gb Total Physical Memory | 3,22 Gb Available Physical Memory | 89,00% Memory free 7,51 Gb Paging File | 7,30 Gb Available in Paging File | 97,21% Paging File free Paging file location(s): d:\pagefile.sys 4096 8192 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 913,09 Gb Total Space | 715,19 Gb Free Space | 78,33% Space Free | Partition Type: NTFS Drive D: | 18,42 Gb Total Space | 14,34 Gb Free Space | 77,81% Space Free | Partition Type: NTFS Drive K: | 1,90 Gb Total Space | 0,33 Gb Free Space | 17,48% Space Free | Partition Type: FAT Computer Name: IZHAKSTERN-PC | User Name: Thomas Bayer | Logged in as Administrator. Boot Mode: SafeMode | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l [HKEY_USERS\S-1-5-21-2901411799-3698017349-3773488547-1001\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{019C9CAB-AD20-4753-AE63-E153EDF9DA66}" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe | "{13674625-7E97-4EED-800F-E69289361617}" = dir=in | app=c:\users\thomas bayer\appdata\local\facebook\video\skype\facebookvideocalling.exe | "{21B28B33-26FB-4821-A443-065DE295F3A2}" = protocol=6 | dir=in | app=c:\users\thomas bayer\appdata\roaming\dropbox\bin\dropbox.exe | "{30FDF8A7-37B7-4B75-9511-1C027CF5D2CC}" = protocol=17 | dir=in | app=c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe | "{4B876847-910C-47F0-9F5A-25104BF14C5A}" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe | "{4F3F9827-49D9-4311-B59F-0E36221AB98D}" = dir=in | app=c:\program files\ptc\pvx\i486_nt\obj\productview.exe | "{5C01F557-B3FB-4819-B2B1-022E9C7B4300}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe | "{6BEF6231-7CB8-412E-B2CF-B1F65638F423}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe | "{7BCF76D1-14A7-4286-A8EB-6ABBEF649E08}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | "{7FA46351-7431-4C94-9180-133A7B7C28E2}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe | "{804B5974-B910-4457-9142-8184D4D93C66}" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe | "{8235C80E-3D48-462F-B79B-3774A9D8012D}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | "{8959220B-7D10-4BE6-8D08-EB50F2F4ADC3}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | "{8CCFE63A-6533-4028-8651-4E6EC1DC652F}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | "{902E72CA-E571-44EB-A959-321AE6426504}" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe | "{ACD27A88-4FAE-4B48-8EC9-DEBF5904128F}" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe | "{B13D28D9-24B0-43F0-8C7B-731CF2F2F674}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | "{C73A98DC-DCF6-42BE-8442-E47BE56F09A8}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{C8703140-4111-417B-8541-2C7EA51B031E}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe | "{CA567EF4-181B-40D3-892E-73D67AA83C5C}" = protocol=6 | dir=in | app=c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe | "{D873DE38-3B5F-44DF-A0A8-D9C0922C2059}" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe | "{E617DA21-BC3C-4824-ABCD-A9CFAD60A04A}" = protocol=17 | dir=in | app=c:\users\thomas bayer\appdata\roaming\dropbox\bin\dropbox.exe | "{EE568B89-A9EC-4ED1-ABFD-EEB59D23D1E8}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe | "{F85EA75A-1E1E-4EC7-A61B-72BF802A7180}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | "TCP Query User{046A4D0A-3854-4FF8-A4CF-E1533472F2CA}C:\program files\ea sports\fifa 10\fifa10.exe" = protocol=6 | dir=in | app=c:\program files\ea sports\fifa 10\fifa10.exe | "TCP Query User{06930550-B3A6-4EE8-8471-430DF2F25252}C:\program files\creo elements\pro schools edition\i486_nt\obj\pro_comm_msg.exe" = protocol=6 | dir=in | app=c:\program files\creo elements\pro schools edition\i486_nt\obj\pro_comm_msg.exe | "TCP Query User{3E175919-0BA6-481A-876D-0164F5727490}C:\program files\activision\call of duty 2\cod2mp_s.exe" = protocol=6 | dir=in | app=c:\program files\activision\call of duty 2\cod2mp_s.exe | "TCP Query User{69CAD5F7-C29D-42EC-B459-4F3EE0E6D929}C:\program files\activision\call of duty 2\cod2mp_s.exe" = protocol=6 | dir=in | app=c:\program files\activision\call of duty 2\cod2mp_s.exe | "TCP Query User{96FAD775-285D-4981-948C-CE9280776726}C:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe" = protocol=6 | dir=in | app=c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe | "TCP Query User{9E012A5A-E467-4822-9D21-4BAFBA7EF60F}C:\program files\ea games\battlefield heroes\bfheroes.exe" = protocol=6 | dir=in | app=c:\program files\ea games\battlefield heroes\bfheroes.exe | "TCP Query User{ACB51F16-6885-40E9-908B-1F11085620EF}C:\program files\creo elements\pro schools edition\i486_nt\obj\xtop.exe" = protocol=6 | dir=in | app=c:\program files\creo elements\pro schools edition\i486_nt\obj\xtop.exe | "TCP Query User{D91E75FE-403F-4DF4-BA81-8E73721E04EC}C:\program files\creo elements\pro schools edition\i486_nt\nms\nmsd.exe" = protocol=6 | dir=in | app=c:\program files\creo elements\pro schools edition\i486_nt\nms\nmsd.exe | "UDP Query User{05871655-18B4-4BAA-B0AC-9AB8536D0058}C:\program files\creo elements\pro schools edition\i486_nt\obj\xtop.exe" = protocol=17 | dir=in | app=c:\program files\creo elements\pro schools edition\i486_nt\obj\xtop.exe | "UDP Query User{4099D77F-07E9-417F-A183-8F2CF6BAACB9}C:\program files\ea games\battlefield heroes\bfheroes.exe" = protocol=17 | dir=in | app=c:\program files\ea games\battlefield heroes\bfheroes.exe | "UDP Query User{4E20AA72-3EAC-4EEF-8085-0388D01E2A26}C:\program files\activision\call of duty 2\cod2mp_s.exe" = protocol=17 | dir=in | app=c:\program files\activision\call of duty 2\cod2mp_s.exe | "UDP Query User{603174F0-C463-40F1-9D22-0CA49BC92963}C:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe" = protocol=17 | dir=in | app=c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe | "UDP Query User{9B5E0CD4-C75F-4E98-B29A-7805B02CEC62}C:\program files\ea sports\fifa 10\fifa10.exe" = protocol=17 | dir=in | app=c:\program files\ea sports\fifa 10\fifa10.exe | "UDP Query User{A9232AF3-5B63-45DA-B057-56F8E0E37810}C:\program files\creo elements\pro schools edition\i486_nt\obj\pro_comm_msg.exe" = protocol=17 | dir=in | app=c:\program files\creo elements\pro schools edition\i486_nt\obj\pro_comm_msg.exe | "UDP Query User{B2AD60CA-D947-496B-8806-8BE88D695C11}C:\program files\activision\call of duty 2\cod2mp_s.exe" = protocol=17 | dir=in | app=c:\program files\activision\call of duty 2\cod2mp_s.exe | "UDP Query User{CCD9AE0C-A099-41FD-BC9F-109094B3F605}C:\program files\creo elements\pro schools edition\i486_nt\nms\nmsd.exe" = protocol=17 | dir=in | app=c:\program files\creo elements\pro schools edition\i486_nt\nms\nmsd.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{11202615-E557-4ECF-9B86-F59C81E52909}" = FIFA 10 "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform "{259C0ABB-A3B2-4D70-008F-BF7EE491B70B}" = Need for Speed™ Carbon "{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 33 "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3 "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3 "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7240A69A-AC53-46A1-9039-1281DDBBE452}" = Cisco AnyConnect VPN Client "{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5 "{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com "{7B4A5C13-069F-4AFE-AE57-C497B4E33C7E}" = Call of Duty(R) 2 Patch 1.3 "{84DD9D8F-7D12-4771-B537-CDEAB9157A9C}" = Creo Thumbnail Viewer 1.0 "{8C61886F-D069-46EF-A58A-76B17415D0B0}" = Facebook Video Calling 1.0.0.7153 "{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010 "{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010 "{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010 "{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010 "{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010 "{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010 "{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010 "{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 "{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010 "{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010 "{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010 "{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010 "{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010 "{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.5 "{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9 "{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 306.97 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 306.97 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.10.0514 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.1.9.0 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call "{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287 "{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty(R) 2 "{D829ECBD-F4C7-40B2-BF9A-9A7F0332D0A1}" = ProductView Express 9.1 "{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime "{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM) "{F3D9AC82-30F4-4BB9-B9AB-8697637568C1}" = Sound Blaster X-Fi MB "{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "ASRock IES_is1" = ASRock IES v2.0.69 "ASRock InstantBoot_is1" = ASRock InstantBoot v1.24 "ASRock OC Tuner_is1" = ASRock OC Tuner v2.3.91 "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "AVMWLANCLI" = AVM FRITZ!WLAN "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com "Creo Elements/Pro Schools Edition Release 5.0 Datecode M080" = Creo Elements/Pro Schools Edition Release 5.0 Datecode M080 "InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager "InstallShield_{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty(R) 2 "InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM) "Meine Dienste Software" = Meine Dienste Software "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Mozilla Firefox 20.0.1 (x86 de)" = Mozilla Firefox 20.0.1 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "MySSID_is1" = EXPERTool 7.13 "NVIDIA Drivers" = NVIDIA Drivers "Office14.SingleImage" = Microsoft Office Home and Student 2010 "PunkBusterSvc" = PunkBuster Services "VLC media player" = VLC media player 1.1.11 "WinRAR archiver" = WinRAR 4.20 (32-Bit) ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-2901411799-3698017349-3773488547-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{8DC910CD-8EE3-4ffc-A4EB-9B02701059C4}" = Battlefield Heroes "Dropbox" = Dropbox "TeamSpeak 3 Client" = TeamSpeak 3 Client ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 21.05.2013 09:32:04 | Computer Name = IzhakStern-PC | Source = WinMgmt | ID = 10 Description = Error - 21.05.2013 09:55:37 | Computer Name = IzhakStern-PC | Source = WinMgmt | ID = 10 Description = Error - 21.05.2013 10:10:29 | Computer Name = IzhakStern-PC | Source = WinMgmt | ID = 10 Description = Error - 21.05.2013 10:15:34 | Computer Name = IzhakStern-PC | Source = WinMgmt | ID = 10 Description = Error - 21.05.2013 10:26:24 | Computer Name = IzhakStern-PC | Source = WinMgmt | ID = 10 Description = Error - 21.05.2013 10:29:36 | Computer Name = IzhakStern-PC | Source = System Restore | ID = 8209 Description = Error - 21.05.2013 10:39:49 | Computer Name = IzhakStern-PC | Source = EventSystem | ID = 4609 Description = Error - 21.05.2013 10:41:39 | Computer Name = IzhakStern-PC | Source = EventSystem | ID = 4609 Description = Error - 21.05.2013 10:44:16 | Computer Name = IzhakStern-PC | Source = WinMgmt | ID = 10 Description = Error - 21.05.2013 10:48:13 | Computer Name = IzhakStern-PC | Source = WinMgmt | ID = 10 Description = [ Cisco AnyConnect VPN Client Events ] Error - 21.05.2013 10:43:36 | Computer Name = IzhakStern-PC | Source = vpnagent | ID = 67108866 Description = Function: CNetEnvironment::testNetwork File: .\NetEnvironment.cpp Line: 855 Invoked Function: CNetEnvironment::IsSGAccessible Return Code: -28901363 (0xFE47000D) Description: NETENVIRONMENT_ERROR_PROBE_INCOMPLETE:Network Probe could not contact target Error - 21.05.2013 10:43:36 | Computer Name = IzhakStern-PC | Source = vpnagent | ID = 67108866 Description = Function: CNetEnvironment::TestNetEnv File: .\NetEnvironment.cpp Line: 190 Invoked Function: CNetEnvironment::testNetwork Return Code: -28901363 (0xFE47000D) Description: NETENVIRONMENT_ERROR_PROBE_INCOMPLETE:Network Probe could not contact target Error - 21.05.2013 10:43:56 | Computer Name = IzhakStern-PC | Source = vpnagent | ID = 67108866 Description = Function: URL::URL File: .\Utility\URL.cpp Line: 38 Invoked Function: URL::setURL Return Code: -28508150 (0xFE4D000A) Description: URL_ERROR_BAD_URL parameter= Error - 21.05.2013 10:44:04 | Computer Name = IzhakStern-PC | Source = vpnagent | ID = 67108866 Description = Function: CHttpSessionAsync::OnTransportInitiateComplete File: .\IP\HttpSessionAsync.cpp Line: 1051 Invoked Function: ISocketTransportCB::OnTransportInitiateComplete Return Code: -31522780 (0xFE1F0024) Description: SOCKETTRANSPORT_ERROR_CONNECT_TIMEOUT Error - 21.05.2013 10:44:04 | Computer Name = IzhakStern-PC | Source = vpnagent | ID = 67108866 Description = Function: CHttpProbeAsync::OnOpenRequestComplete File: .\IP\HttpProbeAsync.cpp Line: 254 Invoked Function: CHttpSessionAsync::OnOpenRequestComplete Return Code: -31522780 (0xFE1F0024) Description: SOCKETTRANSPORT_ERROR_CONNECT_TIMEOUT Error - 21.05.2013 10:44:04 | Computer Name = IzhakStern-PC | Source = vpnagent | ID = 67108866 Description = Function: CSocketTransport::OnTimerExpired File: .\IPC\SocketTransport.cpp Line: 1175 Invoked Function: CSocketTransport:ostConnectProcessing Return Code: -31522780 (0xFE1F0024) Description: SOCKETTRANSPORT_ERROR_CONNECT_TIMEOUT Error - 21.05.2013 10:44:04 | Computer Name = IzhakStern-PC | Source = vpnagent | ID = 67108866 Description = Function: CNetEnvironment::TestAccessToSG File: .\NetEnvironment.cpp Line: 1019 Invoked Function: CNetEnvironment::analyzeHttpResponse Return Code: -28901363 (0xFE47000D) Description: NETENVIRONMENT_ERROR_PROBE_INCOMPLETE:Network Probe could not contact target Error - 21.05.2013 10:44:04 | Computer Name = IzhakStern-PC | Source = vpnagent | ID = 67108866 Description = Function: CNetEnvironment::testNetwork File: .\NetEnvironment.cpp Line: 855 Invoked Function: CNetEnvironment::IsSGAccessible Return Code: -28901363 (0xFE47000D) Description: NETENVIRONMENT_ERROR_PROBE_INCOMPLETE:Network Probe could not contact target Error - 21.05.2013 10:44:04 | Computer Name = IzhakStern-PC | Source = vpnagent | ID = 67108866 Description = Function: CNetEnvironment::TestNetEnv File: .\NetEnvironment.cpp Line: 190 Invoked Function: CNetEnvironment::testNetwork Return Code: -28901363 (0xFE47000D) Description: NETENVIRONMENT_ERROR_PROBE_INCOMPLETE:Network Probe could not contact target Error - 21.05.2013 10:44:28 | Computer Name = IzhakStern-PC | Source = vpnagent | ID = 67110873 Description = Termination reason code 9: Client PC is shutting down. [ System Events ] Error - 21.05.2013 10:57:29 | Computer Name = IzhakStern-PC | Source = nvstor32 | ID = 262149 Description = Ein Paritätsfehler wurde auf \Device\RaidPort0 gefunden. Error - 21.05.2013 10:57:29 | Computer Name = IzhakStern-PC | Source = disk | ID = 262151 Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0. Error - 21.05.2013 10:57:31 | Computer Name = IzhakStern-PC | Source = nvstor32 | ID = 262149 Description = Ein Paritätsfehler wurde auf \Device\RaidPort0 gefunden. Error - 21.05.2013 10:57:31 | Computer Name = IzhakStern-PC | Source = disk | ID = 262151 Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0. Error - 21.05.2013 10:57:46 | Computer Name = IzhakStern-PC | Source = nvstor32 | ID = 262149 Description = Ein Paritätsfehler wurde auf \Device\RaidPort0 gefunden. Error - 21.05.2013 10:57:46 | Computer Name = IzhakStern-PC | Source = disk | ID = 262151 Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0. Error - 21.05.2013 10:57:48 | Computer Name = IzhakStern-PC | Source = nvstor32 | ID = 262149 Description = Ein Paritätsfehler wurde auf \Device\RaidPort0 gefunden. Error - 21.05.2013 10:57:48 | Computer Name = IzhakStern-PC | Source = disk | ID = 262151 Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0. Error - 21.05.2013 10:57:50 | Computer Name = IzhakStern-PC | Source = nvstor32 | ID = 262149 Description = Ein Paritätsfehler wurde auf \Device\RaidPort0 gefunden. Error - 21.05.2013 10:57:50 | Computer Name = IzhakStern-PC | Source = disk | ID = 262151 Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0. < End of report > |
21.05.2013, 16:30 | #2 |
/// Malware-holic | GUV trojaner hi
__________________otl.txt fehlt
__________________ |
21.05.2013, 16:31 | #3 |
| GUV trojaner alles klar danke!
__________________ |
21.05.2013, 16:35 | #4 |
/// Malware-holic | GUV trojaner siehe edit, otl.txt fehlt
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
21.05.2013, 17:10 | #5 |
| GUV trojaner OTL Logfile: Code:
ATTFilter OTL logfile created on: 21.05.2013 16:55:22 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = k:\ Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 7.0.6001.18000) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,62 Gb Total Physical Memory | 3,22 Gb Available Physical Memory | 89,00% Memory free 7,51 Gb Paging File | 7,30 Gb Available in Paging File | 97,21% Paging File free Paging file location(s): d:\pagefile.sys 4096 8192 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 913,09 Gb Total Space | 715,19 Gb Free Space | 78,33% Space Free | Partition Type: NTFS Drive D: | 18,42 Gb Total Space | 14,34 Gb Free Space | 77,81% Space Free | Partition Type: NTFS Drive K: | 1,90 Gb Total Space | 0,33 Gb Free Space | 17,48% Space Free | Partition Type: FAT Computer Name: IZHAKSTERN-PC | User Name: Thomas Bayer | Logged in as Administrator. Boot Mode: SafeMode | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.05.21 16:44:30 | 000,602,112 | ---- | M] (OldTimer Tools) -- k:\OTL.exe PRC - [2008.01.21 04:23:50 | 000,318,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cmd.exe ========== Modules (No Company Name) ========== ========== Services (SafeList) ========== SRV - [2013.05.15 19:58:13 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.04.14 20:56:22 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.02.28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.10.10 22:15:04 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2012.10.02 13:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto | Stopped] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service) SRV - [2011.09.22 20:43:28 | 000,645,048 | ---- | M] (Cisco Systems, Inc.) [Auto | Stopped] -- C:\Programme\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe -- (vpnagent) SRV - [2011.06.29 10:49:35 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.05.02 15:45:25 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2011.02.03 16:10:20 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Programme\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service) SRV - [2011.02.03 16:09:23 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Programme\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service) SRV - [2011.02.03 16:08:34 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Programme\Common Files\Creative Labs Shared\Service\XMBLicensing.exe -- (Sound Blaster X-Fi MB Licensing Service) SRV - [2010.09.24 11:54:20 | 000,372,736 | ---- | M] (AVM Berlin) [Auto | Stopped] -- C:\Programme\avmwlanstick\WLanNetService.exe -- (AVM WLAN Connection Service) SRV - [2010.01.09 21:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2010.01.09 21:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) SRV - [2009.08.24 14:16:12 | 000,378,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- winhttp.dll -- (WinHttpAutoProxySvc) SRV - [2009.02.23 05:43:56 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Stopped] -- C:\Programme\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService) SRV - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - [2013.02.26 00:22:06 | 008,939,296 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2011.09.22 12:29:20 | 000,019,192 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vpnva.sys -- (vpnva) DRV - [2011.06.29 10:49:36 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2011.06.29 10:49:36 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2010.10.20 08:09:03 | 000,123,496 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA) DRV - [2010.07.20 03:00:00 | 000,925,600 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\fwlanusb4.sys -- (fwlanusb4) DRV - [2010.07.20 03:00:00 | 000,004,352 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\avmeject.sys -- (avmeject) DRV - [2010.06.17 15:27:02 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.11.25 15:02:46 | 001,108,480 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\viahduaa.sys -- (VIAHdAudAddService) DRV - [2008.08.18 12:58:16 | 000,145,952 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvstor32.sys -- (nvstor32) DRV - [2008.03.25 07:38:20 | 001,048,480 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD) DRV - [2007.03.16 11:11:38 | 000,012,256 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TBPanel.sys -- (TBPanel) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2901411799-3698017349-3773488547-1001\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-2901411799-3698017349-3773488547-1001\..\SearchScopes,DefaultScope = {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} IE - HKU\S-1-5-21-2901411799-3698017349-3773488547-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=ASRK IE - HKU\S-1-5-21-2901411799-3698017349-3773488547-1001\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=19E091DE-7E8A-4EE7-BC2C-A69F0B14EEB6&apn_sauid=779F5B64-FAA5-4B0C-BDD0-9F2B14BF456F IE - HKU\S-1-5-21-2901411799-3698017349-3773488547-1001\..\SearchScopes\{45B77104-7088-4a94-8723-8508242447DE}: "URL" = hxxp://www.google.com/custom?client=pub-3794288947762788&forid=1&channel=5480255188&ie=UTF-8&oe=UTF-8&safe=active&cof=GALT%3A%23008000%3BGL%3A1%3BDIV%3A%23336699%3BVLC%3A663399%3BAH%3Acenter%3BBGC%3AFFFFFF%3BLBGC%3A336699%3BALC%3A0000FF%3BLC%3A0000FF%3BT%3A000000%3BGFNT%3A0000FF%3BGIMP%3A0000FF%3BFORID%3A1&hl=de&q={searchTerms} IE - HKU\S-1-5-21-2901411799-3698017349-3773488547-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Google" FF - prefs.js..browser.search.defaultenginename: "Google" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.selectedEngine: "Ask.com" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledAddons: battlefieldheroespatcher%40ea.com:5.0.203.0 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1 FF - prefs.js..extensions.enabledItems: battlefieldheroespatcher@ea.com:5.0.67.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@ptc.com/ProductViewLite: C:\Program Files\Common Files\PTC\np6_pvapplite9.dll (PTC) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Thomas Bayer\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.04.14 20:56:22 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.05.16 09:57:34 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.04.14 20:56:22 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.05.16 09:57:34 | 000,000,000 | ---D | M] [2011.02.03 17:22:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Thomas Bayer\AppData\Roaming\mozilla\Extensions [2013.05.15 22:50:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Thomas Bayer\AppData\Roaming\mozilla\Firefox\Profiles\ugzofqws.default\extensions [2011.03.12 18:53:43 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Thomas Bayer\AppData\Roaming\mozilla\Firefox\Profiles\ugzofqws.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2013.05.15 22:50:36 | 000,000,000 | ---D | M] (Battlefield Heroes Updater) -- C:\Users\Thomas Bayer\AppData\Roaming\mozilla\Firefox\Profiles\ugzofqws.default\extensions\battlefieldheroespatcher@ea.com [2013.04.14 20:56:18 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2013.04.14 20:56:18 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013.04.14 20:56:18 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2013.04.14 20:56:22 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.02.21 21:08:43 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.09.25 15:34:57 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.02.21 21:08:43 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.02.21 21:08:43 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.02.21 21:08:43 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.02.21 21:08:43 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O3 - HKU\S-1-5-21-2901411799-3698017349-3773488547-1001\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [AVMWlanClient] C:\Programme\avmwlanstick\WLanGUI.exe (AVM Berlin) O4 - HKLM..\Run: [CTSyncService] C:\Program Files\InstallShield Installation Information\{F3D9AC82-30F4-4BB9-B9AB-8697637568C1}\AMBSPISyncService.exe (Creative Technology Ltd) O4 - HKLM..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe (VIA) O4 - HKLM..\Run: [RunDLLEntry] C:\Windows\System32\AmbRunE.DLL (Creative Technology Ltd.) O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.) O4 - HKLM..\Run: [VIAAUD] C:\Program Files\VIA\VIAudioi\VDeck\VIAAUD.exe File not found O4 - HKLM..\Run: [VolPanel] C:\Program Files\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe (Creative Technology Ltd) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-21-2901411799-3698017349-3773488547-1001..\Run: [ASRockIES] File not found O4 - HKU\S-1-5-21-2901411799-3698017349-3773488547-1001..\Run: [ASRockOCTuner] File not found O4 - HKU\S-1-5-21-2901411799-3698017349-3773488547-1001..\Run: [cadeaabcbesacfsfdsf] C:\ProgramData\cadeaabcbesacfsfdsf.exe () O4 - HKU\S-1-5-21-2901411799-3698017349-3773488547-1001..\Run: [Facebook Update] C:\Users\Thomas Bayer\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.) O4 - HKU\S-1-5-21-2901411799-3698017349-3773488547-1001..\Run: [GAINWARD] C:\Program Files\EXPERTool\TBPanel.exe (Gainward Co.) O4 - HKU\S-1-5-21-2901411799-3698017349-3773488547-1001..\Run: [Pando Media Booster] C:\Programme\Pando Networks\Media Booster\PMB.exe () O4 - HKU\S-1-5-21-2901411799-3698017349-3773488547-1001..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2901411799-3698017349-3773488547-1001..\Run: [zASRockInstantBoot] File not found O4 - Startup: C:\Users\Thomas Bayer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Meine Dienste.lnk = C:\Programme\Telekom\Meine Dienste\StartMeineDienste.exe (Deutsche Telekom AG) O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33) O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{45A3DD7B-3A64-402E-9A83-205A4CDDD911}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6EABD010-55A3-47CA-8C05-C7CBA226DDA5}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKU\S-1-5-21-2901411799-3698017349-3773488547-1001 Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKU\S-1-5-21-2901411799-3698017349-3773488547-1001 Winlogon: Shell - (C:\Users\Thomas Bayer\AppData\Roaming\skype.dat) - C:\Users\Thomas Bayer\AppData\Roaming\skype.dat () O24 - Desktop WallPaper: C:\Users\Thomas Bayer\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Thomas Bayer\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation) O31 - SafeBoot: UseAlternatShell - 1 O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{5a55ca1b-3b70-11e0-b72e-00252284809b}\Shell - "" = AutoRun O33 - MountPoints2\{5a55ca1b-3b70-11e0-b72e-00252284809b}\Shell\AutoRun\command - "" = J:\pushinst.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013.05.20 21:38:07 | 000,096,256 | ---- | C] (CleanMyPC Tools Software) -- C:\ProgramData\A133.exe [2013.05.20 21:22:43 | 000,096,256 | ---- | C] (CleanMyPC Tools Software) -- C:\ProgramData\83DB.exe [2013.05.16 09:57:27 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2013.04.22 15:32:00 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype [2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.05.21 16:51:06 | 000,632,594 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.05.21 16:51:06 | 000,599,528 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.05.21 16:51:06 | 000,128,406 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.05.21 16:51:06 | 000,105,404 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013.05.21 16:46:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.05.21 16:42:52 | 000,005,360 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2013.05.21 16:42:52 | 000,005,360 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2013.05.21 16:37:18 | 000,087,040 | ---- | M] () -- C:\ProgramData\cadeaabcbesacfsfdsf.exe [2013.05.21 16:37:15 | 000,000,004 | ---- | M] () -- C:\Users\Thomas Bayer\AppData\Roaming\skype.ini [2013.05.21 13:58:28 | 000,001,356 | ---- | M] () -- C:\Users\Thomas Bayer\AppData\Local\d3d9caps.dat [2013.05.21 13:50:25 | 000,138,752 | ---- | M] () -- C:\ProgramData\999D.exe [2013.05.21 11:15:34 | 000,000,136 | -H-- | M] () -- C:\Users\Thomas Bayer\Documents\.~lock.iteb.odt# [2013.05.20 21:38:08 | 000,096,256 | ---- | M] (CleanMyPC Tools Software) -- C:\ProgramData\A133.exe [2013.05.20 21:22:43 | 000,096,256 | ---- | M] (CleanMyPC Tools Software) -- C:\ProgramData\83DB.exe [2013.05.20 19:47:11 | 000,069,632 | ---- | M] () -- C:\ProgramData\6B14.exe [2013.05.16 09:57:34 | 000,001,893 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2013.05.15 23:22:11 | 000,282,296 | ---- | M] () -- C:\Windows\System32\PnkBstrB.xtr [2013.05.15 22:55:41 | 000,139,648 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2013.05.15 22:55:34 | 000,282,296 | ---- | M] () -- C:\Windows\System32\PnkBstrB.ex0 [2013.05.15 19:58:13 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2013.05.15 19:58:13 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2013.05.02 02:06:08 | 000,238,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe [2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.05.21 13:55:45 | 000,000,004 | ---- | C] () -- C:\Users\Thomas Bayer\AppData\Roaming\skype.ini [2013.05.21 13:50:24 | 000,138,752 | ---- | C] () -- C:\ProgramData\999D.exe [2013.05.21 11:15:34 | 000,000,136 | -H-- | C] () -- C:\Users\Thomas Bayer\Documents\.~lock.iteb.odt# [2013.05.20 19:47:10 | 000,069,632 | ---- | C] () -- C:\ProgramData\6B14.exe [2013.05.20 19:47:08 | 000,087,040 | ---- | C] () -- C:\ProgramData\cadeaabcbesacfsfdsf.exe [2011.10.10 17:48:32 | 000,000,058 | ---- | C] () -- C:\Windows\nfsc_patch.ini [2011.03.10 14:14:11 | 000,067,072 | ---- | C] () -- C:\Users\Thomas Bayer\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.02.10 12:13:55 | 000,138,752 | ---- | C] () -- C:\Users\Thomas Bayer\AppData\Roaming\skype.dat [2011.02.03 18:32:03 | 000,138,056 | ---- | C] () -- C:\Users\Thomas Bayer\AppData\Roaming\PnkBstrK.sys [2011.02.03 16:17:44 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2011.02.03 14:59:17 | 000,001,356 | ---- | C] () -- C:\Users\Thomas Bayer\AppData\Local\d3d9caps.dat ========== ZeroAccess Check ========== [2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2011.01.21 17:46:32 | 011,582,464 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.03.03 06:36:24 | 000,615,424 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2008.01.21 04:24:03 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both < End of report > |
21.05.2013, 17:30 | #6 |
/// Malware-holic | GUV trojaner bHi, otl fix Fixen mit OTL
Code:
ATTFilter :OTL O4 - HKU\S-1-5-21-2901411799-3698017349-3773488547-1001..\Run: [cadeaabcbesacfsfdsf] C:\ProgramData\cadeaabcbesacfsfdsf.exe () O20 - HKU\S-1-5-21-2901411799-3698017349-3773488547-1001 Winlogon: Shell - (C:\Users\Thomas Bayer\AppData\Roaming\skype.dat) - C:\Users\Thomas Bayer\AppData\Roaming\skype.dat () [2013.05.20 21:38:07 | 000,096,256 | ---- | C] (CleanMyPC Tools Software) -- C:\ProgramData\A133.exe [2013.05.20 21:22:43 | 000,096,256 | ---- | C] (CleanMyPC Tools Software) -- C:\ProgramData\83DB.exe [2013.05.21 16:37:15 | 000,000,004 | ---- | M] () -- C:\Users\Thomas Bayer\AppData\Roaming\skype.ini [2013.05.20 19:47:11 | 000,069,632 | ---- | M] () -- C:\ProgramData\6B14.exe [2013.05.21 13:50:24 | 000,138,752 | ---- | C] () -- C:\ProgramData\999D.exe :files :Commands [emptytemp]
falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang in den Thread posten! Drücke bitte die + E Taste.
__________________ --> GUV trojaner |
22.05.2013, 08:02 | #7 |
| GUV trojaner Wie kann ich den Inhalt der Codebox reinkopieren? sry aber bin nicht so fit in solchen sachen^^ |
22.05.2013, 11:17 | #8 |
/// Malware-holic | GUV trojaner abschreiben zb via textdatei speichern, die öffnen rechtsklick alles markieren und einfügen, der Möglichkeiten gibts viele :-)
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
Themen zu GUV trojaner |
adobe, adobe flash player, avira, desktop, dll, error, excel, explorer, flash player, format, home, install.exe, logfile, mozilla, nvidia, registry, rundll, scan, security, software, speicherplatz, tcp, teamspeak, thomas, trojaner, udp, vista |