GVU Trojaner Windows Vista
Hallo,
ich habe mir Heute den GVU Trojaner eingefangen.
IM abgesicherten Modus kann ich arbeiten.
Ich habe schon mal mein Logfile via OTL erstellt.
Ich hoffe ihr könnt mir helfen.
Mein Betriebsystem: Windows Vista
Fehler: Seit Montag 22.07.2013
Ich bitte um Hilfe Code:
OTL logfile created on: 22.07.2013 19:39:32 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = G:\
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
502,66 Mb Total Physical Memory | 175,94 Mb Available Physical Memory | 35,00% Memory free
1,48 Gb Paging File | 1,27 Gb Available in Paging File | 85,85% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 67,36 Gb Total Space | 10,72 Gb Free Space | 15,92% Space Free | Partition Type: NTFS
Drive E: | 1,55 Gb Total Space | 1,32 Gb Free Space | 84,90% Space Free | Partition Type: NTFS
Drive F: | 5,62 Gb Total Space | 0,77 Gb Free Space | 13,75% Space Free | Partition Type: NTFS
Drive G: | 7,45 Gb Total Space | 4,06 Gb Free Space | 54,55% Space Free | Partition Type: FAT32
Computer Name: CHRISTIAN | User Name: User | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - G:\OTL.exe (OldTimer Tools)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
========== Modules (No Company Name) ==========
========== Services (SafeList) ==========
SRV - (Winmgmt) -- C:\PROGRA~2\b34btbztdb0vavaw.exe File not found
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (Com4Qlb) -- C:\Programme\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe (Hewlett-Packard Development Company, L.P.)
SRV - (IviRegMgr) -- C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
========== Driver Services (SafeList) ==========
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV - (ssudmdm) -- C:\Windows\System32\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV - (dg_ssudbus) -- C:\Windows\System32\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (ggsemc) -- C:\Windows\System32\drivers\ggsemc.sys (Sony Ericsson Mobile Communications)
DRV - (ggflt) -- C:\Windows\System32\drivers\ggflt.sys (Sony Ericsson Mobile Communications)
DRV - (CnxtHdAudService) -- C:\Windows\System32\drivers\CHDRT32.sys (Conexant Systems Inc.)
DRV - (seehcri) -- C:\Windows\System32\drivers\seehcri.sys (Sony Ericsson Mobile Communications)
DRV - (s3017unic) -- C:\Windows\System32\drivers\s3017unic.sys (MCCI Corporation)
DRV - (s3017obex) -- C:\Windows\System32\drivers\s3017obex.sys (MCCI Corporation)
DRV - (s3017mgmt) -- C:\Windows\System32\drivers\s3017mgmt.sys (MCCI Corporation)
DRV - (s3017nd5) -- C:\Windows\System32\drivers\s3017nd5.sys (MCCI Corporation)
DRV - (s3017mdm) -- C:\Windows\System32\drivers\s3017mdm.sys (MCCI Corporation)
DRV - (s3017mdfl) -- C:\Windows\System32\drivers\s3017mdfl.sys (MCCI Corporation)
DRV - (s3017bus) -- C:\Windows\System32\drivers\s3017bus.sys (MCCI Corporation)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (NETw4v32) -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation)
DRV - (HdAudAddService) -- C:\Windows\System32\drivers\CHDART.sys (Conexant Systems Inc.)
DRV - (eabfiltr) -- C:\Windows\System32\drivers\eabfiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (TPM) -- C:\Windows\System32\drivers\tpm.sys (Microsoft Corporation)
DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (NETw3v32) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel® Corporation)
DRV - (WimFltr) -- C:\Windows\System32\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (HBtnKey) -- C:\Windows\System32\drivers\CPQBttn.sys (Hewlett-Packard Development Company, L.P.)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2854803383-1051980501-2443458234-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=a428d7b9-f953-47fd-b8bb-7c34ca1af13f&searchtype=ds&q={searchTerms}
IE - HKU\S-1-5-21-2854803383-1051980501-2443458234-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=a428d7b9-f953-47fd-b8bb-7c34ca1af13f&searchtype=ds&q={searchTerms}
IE - HKU\S-1-5-21-2854803383-1051980501-2443458234-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.facebook.com/
IE - HKU\S-1-5-21-2854803383-1051980501-2443458234-1003\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2854803383-1051980501-2443458234-1003\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=a428d7b9-f953-47fd-b8bb-7c34ca1af13f&searchtype=ds&q={searchTerms}
IE - HKU\S-1-5-21-2854803383-1051980501-2443458234-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=a428d7b9-f953-47fd-b8bb-7c34ca1af13f&searchtype=ds&q={searchTerms}
IE - HKU\S-1-5-21-2854803383-1051980501-2443458234-1003\..\URLSearchHook: - No CLSID value found
IE - HKU\S-1-5-21-2854803383-1051980501-2443458234-1003\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-2854803383-1051980501-2443458234-1003\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-2854803383-1051980501-2443458234-1003\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=a428d7b9-f953-47fd-b8bb-7c34ca1af13f&searchtype=ds&q={searchTerms}
IE - HKU\S-1-5-21-2854803383-1051980501-2443458234-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2854803383-1051980501-2443458234-1003\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10261&src=kw&q={searchTerms}&locale=&apn_ptnrs=^AGS&apn_dtid=^YYYYYY^YY^DE&apn_uid=0093c6a7-837c-4a87-9879-3b4d8ba8092c&apn_sauid=4F353709-987B-4FF3-9834-F42F5EF20555
IE - HKU\S-1-5-21-2854803383-1051980501-2443458234-1003\..\SearchScopes\{41427F18-E891-4297-BD8C-4BB0E8EAF99F}: "URL" = hxxp://resultsmaster.com/SmartOffers/SmartOffers.aspx?HBHintSVC=resultsmaster&HBHintSearchTermFields=qu&qu={searchTerms}&opener=iesearchbox
IE - HKU\S-1-5-21-2854803383-1051980501-2443458234-1003\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKU\S-1-5-21-2854803383-1051980501-2443458234-1003\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.de/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLL_de
IE - HKU\S-1-5-21-2854803383-1051980501-2443458234-1003\..\SearchScopes\{BE9654C9-9D79-42ec-B55A-3CAEB12DBF58}: "URL" = hxxp://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKU\S-1-5-21-2854803383-1051980501-2443458234-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\npctrl.1.0.30109.0.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\User\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\Hotbar@Hotbar.com: C:\Program Files\Hotbar\bin\10.2.217.0\firefox\extensions
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (XTTBPos00 Class) - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\Programme\ICQToolbar\toolbaru.dll (IE Toolbar)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (DVDVideoSoft Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
O2 - BHO: (no name) - {ee1babcf-cbe2-4c07-8e18-dfe6fc08c30a} - No CLSID value found.
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (DVDVideoSoft Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-2854803383-1051980501-2443458234-1003\..\Toolbar\WebBrowser: (no name) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - No CLSID value found.
O3 - HKU\S-1-5-21-2854803383-1051980501-2443458234-1003\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Programme\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-2854803383-1051980501-2443458234-1003\..\Toolbar\WebBrowser: (DVDVideoSoft Toolbar) - {E9911EC6-1BCC-40B0-9993-E0EEA7F6953F} - C:\Programme\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [DivX Download Manager] "C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe" start File not found
O4 - HKLM..\Run: [HP Health Check Scheduler] C:\Programme\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Programme\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-2854803383-1051980501-2443458234-1003..\Run: [] C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung)
O4 - HKU\S-1-5-21-2854803383-1051980501-2443458234-1003..\Run: [ICQ] "C:\Program Files\ICQ6\ICQ.exe" silent File not found
O4 - HKU\S-1-5-21-2854803383-1051980501-2443458234-1003..\Run: [KiesAirMessage] C:\Program Files\Samsung\Kies\KiesAirMessage.exe (Samsung Electronics)
O4 - HKU\S-1-5-21-2854803383-1051980501-2443458234-1003..\Run: [KiesPreload] C:\Program Files\Samsung\Kies\Kies.exe (Samsung)
O8 - Extra context menu item: Free YouTube Download - C:\Users\User\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\User\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O13 - gopher Prefix: missing
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://a1540.g.akamai.net/7/1540/52/20070711/qtinstall.info.apple.com/qtactivex/qtplugin.cab (Reg Error: Key error.)
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} hxxp://static.pe.meinvz.net/photouploader/ImageUploader5.cab?nocache=1221166441 (Image Uploader Control)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab (Reg Error: Key error.)
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} hxxp://static.pe.studivz.net/photouploader/ImageUploader4.cab?nocache=20080128-1 (Image Uploader Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {BA162249-F2C5-4851-8ADC-FC58CB424243} hxxp://static.pe.studivz.net/photouploader/ImageUploader5.cab?nocache=1205079285 (Image Uploader Control)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 10.9.2)
O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} hxxp://www.lokalisten.de/iup/ImageUploader4.cab (Image Uploader Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C584E71F-5037-444F-A87A-B4B188A288AA}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C7E5DEC3-BA43-4DA5-8E41-9F3E7B8DD490}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programme\Common Files\microsoft shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\User\Pictures\Bilder\sieger_dorfpokal_20090731.jpg
O24 - Desktop BackupWallPaper: C:\Users\User\Pictures\Bilder\sieger_dorfpokal_20090731.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004.04.30 16:01:00 | 000,000,053 | -HS- | M] () - F:\Autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2010.04.14 22:54:30 | 000,000,166 | ---- | M] () - G:\autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{3aab307b-efa1-11e1-95f8-0016d4f39433}\Shell - "" = AutoRun
O33 - MountPoints2\{3aab307b-efa1-11e1-95f8-0016d4f39433}\Shell\AutoRun\command - "" = G:\Startme.exe
O33 - MountPoints2\{647c146a-5324-11e0-adff-0016d4f39433}\Shell - "" = AutoRun
O33 - MountPoints2\{647c146a-5324-11e0-adff-0016d4f39433}\Shell\AutoRun\command - "" = H:\Startme.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2013.07.22 19:40:11 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
[2013.07.12 17:35:28 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013.07.12 17:35:27 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013.07.12 17:35:26 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013.07.12 17:35:26 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013.07.12 17:35:26 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013.07.12 17:35:24 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013.07.12 17:35:24 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013.07.12 17:35:21 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013.07.12 15:52:40 | 002,049,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013.07.12 15:31:52 | 000,505,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qedit.dll
[2013.07.12 15:31:38 | 001,069,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2013.07.12 15:31:36 | 000,486,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2013.07.12 15:31:36 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll
[2013.07.12 15:31:35 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2013.07.12 15:31:33 | 001,029,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll
[2013.07.12 15:31:31 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2013.07.12 15:31:31 | 000,683,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2013.07.12 15:31:31 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2013.07.12 15:30:56 | 001,548,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVDECOD.DLL
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2013.07.22 19:38:56 | 000,029,184 | ---- | M] () -- C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013.07.22 19:36:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
[2013.07.22 19:25:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.07.22 19:22:08 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.07.22 19:15:08 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013.07.22 19:15:08 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013.07.22 19:06:16 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.07.22 18:28:37 | 000,000,928 | ---- | M] () -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\regmonstd.lnk
[2013.07.19 14:57:15 | 000,001,080 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore1ce847f7e2ca090.job
[2013.07.19 14:55:02 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2013.07.19 13:52:02 | 000,298,424 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.07.12 18:01:48 | 000,638,998 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.07.12 18:01:48 | 000,604,574 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.07.12 18:01:48 | 000,130,918 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.07.12 18:01:48 | 000,108,010 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files Created - No Company Name ==========
[2013.07.22 19:37:43 | 000,602,112 | ---- | C] () -- \OTL.exe
[2013.07.22 18:28:36 | 000,000,928 | ---- | C] () -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\regmonstd.lnk
[2013.07.19 14:57:15 | 000,001,080 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore1ce847f7e2ca090.job
[2013.03.22 19:04:34 | 368,095,722 | ---- | C] () -- \American Horror Story - S02E01 - Willkommen in Briarcliff - by Videomann.avi
[2013.03.22 19:03:52 | 471,753,390 | ---- | C] () -- \American Horror Story - S01E08 - Episode 8 - by Videomann.avi
[2013.03.22 19:02:24 | 367,329,530 | ---- | C] () -- \American Horror Story - S01E07 - Tag der offenen Tür - by Videomann.avi
[2013.03.22 19:01:26 | 460,073,202 | ---- | C] () -- \American Horror Story - S01E06 - Schweinchen, Schweinchen - by Videomann.avi
[2013.03.22 19:00:07 | 639,095,202 | ---- | C] () -- \itg-americanhorrorstory-s01e12.avi
[2013.03.22 18:59:20 | 383,259,218 | ---- | C] () -- \American Horror Story - S01E11 - Geburt - by Videomann.avi
[2013.03.22 18:58:26 | 428,467,928 | ---- | C] () -- \American Horror Story - S01E10 - Episode 10 - by Videomann.avi
[2013.03.22 18:57:35 | 412,318,928 | ---- | C] () -- \American Horror Story - S01E09 - Spooky Little Girl - by Videomann.avi
[2012.11.28 15:17:24 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2012.09.26 20:57:14 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2012.09.26 20:57:14 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2012.09.26 20:57:14 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2012.09.26 20:57:14 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2012.03.07 23:19:57 | 000,004,744 | ---- | C] () -- C:\Users\User\ESt2011_Vortmeyer_Christian.elfo
[2011.10.13 06:27:42 | 001,934,624 | ---- | C] () -- \urDrive.exe
[2011.10.13 06:27:42 | 000,361,248 | ---- | C] () -- \unInstaller.exe
[2011.10.13 06:27:42 | 000,000,166 | ---- | C] () -- \autorun.inf
[2007.12.07 18:46:16 | 000,000,092 | ---- | C] () -- C:\Users\User\AppData\Local\fusioncache.dat
[2007.11.18 14:33:35 | 000,000,680 | ---- | C] () -- C:\Users\User\AppData\Local\d3d9caps.dat
[2007.07.24 22:16:51 | 000,000,305 | ---- | C] () -- C:\ProgramData\addr_file.html
[2007.07.23 20:34:12 | 000,029,184 | ---- | C] () -- C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
========== ZeroAccess Check ==========
[2006.11.02 14:51:16 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 08:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
[2008.08.20 17:37:54 | 000,000,000 | ---D | M] -- C:\Users\All Users\2ACA5CC3-0F83-453D-A079-1076FE1A8B65
[2006.11.09 18:46:51 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Anwendungsdaten
[2006.11.02 14:59:44 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Application Data
[2012.12.03 23:28:46 | 000,000,000 | ---D | M] -- C:\Users\All Users\Ask
[2008.11.13 23:54:17 | 000,000,000 | ---D | M] -- C:\Users\All Users\BVRP Software
[2012.10.14 18:33:30 | 000,000,000 | -H-D | M] -- C:\Users\All Users\Common Files
[2006.11.02 14:59:44 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Desktop
[2006.11.02 14:59:44 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Documents
[2006.11.09 18:46:51 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Dokumente
[2006.11.09 18:46:51 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Favoriten
[2006.11.02 14:59:44 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Favorites
[2008.08.20 17:43:15 | 000,000,000 | ---D | M] -- C:\Users\All Users\HotbarSA
[2009.03.13 14:47:50 | 000,000,000 | ---D | M] -- C:\Users\All Users\ICQ
[2012.12.24 00:43:31 | 000,000,000 | ---D | M] -- C:\Users\All Users\Samsung
[2012.12.12 00:10:04 | 000,000,000 | ---D | M] -- C:\Users\All Users\Sony
[2006.11.02 14:59:44 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Start Menu
[2006.11.09 18:46:51 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Startmenü
[2007.12.07 18:45:23 | 000,000,000 | ---D | M] -- C:\Users\All Users\T-Online
[2006.11.02 14:59:44 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Templates
[2012.10.14 18:38:43 | 000,000,000 | ---D | M] -- C:\Users\All Users\TuneUp Software
[2006.11.09 18:46:51 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Vorlagen
[2009.02.04 21:08:44 | 000,000,000 | ---D | M] -- C:\Users\All Users\WindowsSearch
[2012.10.14 18:33:41 | 000,000,000 | -HSD | M] -- C:\Users\All Users\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
[2006.11.09 18:46:51 | 000,000,000 | -HSD | M] -- C:\Users\Default\Anwendungsdaten
[2006.11.02 13:18:34 | 000,000,000 | -H-D | M] -- C:\Users\Default\AppData
[2006.11.02 14:59:44 | 000,000,000 | -HSD | M] -- C:\Users\Default\Application Data
[2006.11.02 14:59:44 | 000,000,000 | -HSD | M] -- C:\Users\Default\Cookies
[2006.11.02 12:23:35 | 000,000,000 | R--D | M] -- C:\Users\Default\Desktop
[2006.11.09 18:46:51 | 000,000,000 | R--D | M] -- C:\Users\Default\Documents
[2006.11.02 12:23:35 | 000,000,000 | R--D | M] -- C:\Users\Default\Downloads
[2006.11.09 18:46:51 | 000,000,000 | -HSD | M] -- C:\Users\Default\Druckumgebung
[2006.11.09 18:46:51 | 000,000,000 | -HSD | M] -- C:\Users\Default\Eigene Dateien
[2006.11.02 12:23:35 | 000,000,000 | R--D | M] -- C:\Users\Default\Favorites
[2006.11.02 12:23:35 | 000,000,000 | R--D | M] -- C:\Users\Default\Links
[2006.11.02 14:59:44 | 000,000,000 | -HSD | M] -- C:\Users\Default\Local Settings
[2006.11.09 18:46:51 | 000,000,000 | -HSD | M] -- C:\Users\Default\Lokale Einstellungen
[2006.11.02 12:23:35 | 000,000,000 | R--D | M] -- C:\Users\Default\Music
[2006.11.02 14:59:44 | 000,000,000 | -HSD | M] -- C:\Users\Default\My Documents
[2006.11.02 14:59:44 | 000,000,000 | -HSD | M] -- C:\Users\Default\NetHood
[2006.11.09 18:46:51 | 000,000,000 | -HSD | M] -- C:\Users\Default\Netzwerkumgebung
[2006.11.02 12:23:35 | 000,000,000 | R--D | M] -- C:\Users\Default\Pictures
[2006.11.02 14:59:44 | 000,000,000 | -HSD | M] -- C:\Users\Default\PrintHood
[2006.11.02 14:59:44 | 000,000,000 | -HSD | M] -- C:\Users\Default\Recent
[2006.11.02 12:23:35 | 000,000,000 | ---D | M] -- C:\Users\Default\Saved Games
[2006.11.02 14:59:44 | 000,000,000 | -HSD | M] -- C:\Users\Default\SendTo
[2006.11.02 14:59:44 | 000,000,000 | -HSD | M] -- C:\Users\Default\Start Menu
[2006.11.09 18:46:51 | 000,000,000 | -HSD | M] -- C:\Users\Default\Startmenü
[2006.11.02 14:59:44 | 000,000,000 | -HSD | M] -- C:\Users\Default\Templates
[2006.11.02 12:23:35 | 000,000,000 | R--D | M] -- C:\Users\Default\Videos
[2006.11.09 18:46:51 | 000,000,000 | -HSD | M] -- C:\Users\Default\Vorlagen
[2012.12.24 01:01:34 | 000,000,000 | RH-D | M] -- C:\Users\Public\Desktop
[2012.12.27 02:21:31 | 000,000,000 | R--D | M] -- C:\Users\Public\Documents
[2006.11.02 14:48:00 | 000,000,000 | R--D | M] -- C:\Users\Public\Downloads
[2006.11.02 12:23:35 | 000,000,000 | RH-D | M] -- C:\Users\Public\Favorites
[2008.12.08 23:07:27 | 000,000,000 | R--D | M] -- C:\Users\Public\Music
[2007.12.07 20:25:01 | 000,000,000 | ---D | M] -- C:\Users\Public\Musicload
[2013.03.23 02:20:47 | 000,000,000 | R--D | M] -- C:\Users\Public\Pictures
[2008.12.08 23:07:40 | 000,000,000 | R--D | M] -- C:\Users\Public\Videos
[2007.07.23 11:42:21 | 000,000,000 | -HSD | M] -- C:\Users\User\Anwendungsdaten
[2007.07.23 11:46:53 | 000,000,000 | -H-D | M] -- C:\Users\User\AppData
[2012.01.27 01:26:41 | 000,000,000 | R--D | M] -- C:\Users\User\Contacts
[2007.07.23 11:42:21 | 000,000,000 | -HSD | M] -- C:\Users\User\Cookies
[2013.07.22 19:40:11 | 000,000,000 | R--D | M] -- C:\Users\User\Desktop
[2012.10.12 23:49:28 | 000,000,000 | R--D | M] -- C:\Users\User\Documents
[2013.04.29 21:04:45 | 000,000,000 | R--D | M] -- C:\Users\User\Downloads
[2007.07.23 11:42:21 | 000,000,000 | -HSD | M] -- C:\Users\User\Druckumgebung
[2007.07.23 11:42:21 | 000,000,000 | -HSD | M] -- C:\Users\User\Eigene Dateien
[2013.05.30 11:07:14 | 000,000,000 | R--D | M] -- C:\Users\User\Favorites
[2008.03.17 20:20:30 | 000,000,000 | R--D | M] -- C:\Users\User\Links
[2007.07.23 11:42:21 | 000,000,000 | -HSD | M] -- C:\Users\User\Lokale Einstellungen
[2012.12.12 00:47:36 | 000,000,000 | R--D | M] -- C:\Users\User\Music
[2007.07.23 11:42:21 | 000,000,000 | -HSD | M] -- C:\Users\User\Netzwerkumgebung
[2011.07.18 22:45:15 | 000,000,000 | R--D | M] -- C:\Users\User\Pictures
[2007.07.23 11:42:21 | 000,000,000 | -HSD | M] -- C:\Users\User\Recent
[2008.04.25 15:36:03 | 000,000,000 | R--D | M] -- C:\Users\User\Saved Games
[2007.08.30 15:02:51 | 000,000,000 | R--D | M] -- C:\Users\User\Searches
[2007.07.23 11:42:21 | 000,000,000 | -HSD | M] -- C:\Users\User\SendTo
[2007.07.23 11:42:21 | 000,000,000 | -HSD | M] -- C:\Users\User\Startmenü
[2012.10.15 20:09:06 | 000,000,000 | R--D | M] -- C:\Users\User\Videos
[2007.07.23 11:42:21 | 000,000,000 | -HSD | M] -- C:\Users\User\Vorlagen
========== Purity Check ==========
< End of report >
|
