Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: GUV trojaner

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 21.05.2013, 16:28   #1
JohnMcMeef
 
GUV trojaner - Standard

GUV trojaner



Servus!
habe mir den guv trojaner eingehandelt, wenn der abgesicherte modus aktiviert wird fährt er gleich wieder runter. bei abges. modus mit eingabehilfe finde ich die in guides beschriebenen namen nicht. habe Otl drüberlaufen lassen, hier meine ergebnisse


Dateisystem auf K: wird überprüft.
Der Typ des Dateisystems ist FAT.


Einer der Datenträger muss auf Konsistenz überprüft werden.
Sie können die Datenträgerüberprüfung abbrechen, aber es
wird ausdrücklich empfohlen, den Vorgang fortzusetzen.
Die Datenträgerüberprüfung wird jetzt ausgeführt.
Volumeseriennummer : F4D1-0FA5
Das Dateisystem wurde überprüft. Es wurden keine Probleme festgestellt.

2041249792 Bytes Speicherplatz auf dem Datenträger insgesamt
32768 Bytes in 1 versteckten Datei(en)
294912 Bytes in 6 Ordner(n)
1683554304 Bytes in 1313 Datei(en)
357367808 Bytes auf dem Datenträger verfügbar

32768 Bytes in jeder Zuordnungseinheit
62294 Zuordnungseinheiten auf dem Datenträger insgesamt
10906 Zuordnungseinheiten auf dem Datenträger verfügbar




OTL Extras logfile created on: 21.05.2013 16:55:22 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = k:\
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,62 Gb Total Physical Memory | 3,22 Gb Available Physical Memory | 89,00% Memory free
7,51 Gb Paging File | 7,30 Gb Available in Paging File | 97,21% Paging File free
Paging file location(s): d:\pagefile.sys 4096 8192 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 913,09 Gb Total Space | 715,19 Gb Free Space | 78,33% Space Free | Partition Type: NTFS
Drive D: | 18,42 Gb Total Space | 14,34 Gb Free Space | 77,81% Space Free | Partition Type: NTFS
Drive K: | 1,90 Gb Total Space | 0,33 Gb Free Space | 17,48% Space Free | Partition Type: FAT

Computer Name: IZHAKSTERN-PC | User Name: Thomas Bayer | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-2901411799-3698017349-3773488547-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{019C9CAB-AD20-4753-AE63-E153EDF9DA66}" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe |
"{13674625-7E97-4EED-800F-E69289361617}" = dir=in | app=c:\users\thomas bayer\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"{21B28B33-26FB-4821-A443-065DE295F3A2}" = protocol=6 | dir=in | app=c:\users\thomas bayer\appdata\roaming\dropbox\bin\dropbox.exe |
"{30FDF8A7-37B7-4B75-9511-1C027CF5D2CC}" = protocol=17 | dir=in | app=c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe |
"{4B876847-910C-47F0-9F5A-25104BF14C5A}" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe |
"{4F3F9827-49D9-4311-B59F-0E36221AB98D}" = dir=in | app=c:\program files\ptc\pvx\i486_nt\obj\productview.exe |
"{5C01F557-B3FB-4819-B2B1-022E9C7B4300}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{6BEF6231-7CB8-412E-B2CF-B1F65638F423}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{7BCF76D1-14A7-4286-A8EB-6ABBEF649E08}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{7FA46351-7431-4C94-9180-133A7B7C28E2}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{804B5974-B910-4457-9142-8184D4D93C66}" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe |
"{8235C80E-3D48-462F-B79B-3774A9D8012D}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{8959220B-7D10-4BE6-8D08-EB50F2F4ADC3}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{8CCFE63A-6533-4028-8651-4E6EC1DC652F}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{902E72CA-E571-44EB-A959-321AE6426504}" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe |
"{ACD27A88-4FAE-4B48-8EC9-DEBF5904128F}" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe |
"{B13D28D9-24B0-43F0-8C7B-731CF2F2F674}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{C73A98DC-DCF6-42BE-8442-E47BE56F09A8}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C8703140-4111-417B-8541-2C7EA51B031E}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{CA567EF4-181B-40D3-892E-73D67AA83C5C}" = protocol=6 | dir=in | app=c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe |
"{D873DE38-3B5F-44DF-A0A8-D9C0922C2059}" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe |
"{E617DA21-BC3C-4824-ABCD-A9CFAD60A04A}" = protocol=17 | dir=in | app=c:\users\thomas bayer\appdata\roaming\dropbox\bin\dropbox.exe |
"{EE568B89-A9EC-4ED1-ABFD-EEB59D23D1E8}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{F85EA75A-1E1E-4EC7-A61B-72BF802A7180}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"TCP Query User{046A4D0A-3854-4FF8-A4CF-E1533472F2CA}C:\program files\ea sports\fifa 10\fifa10.exe" = protocol=6 | dir=in | app=c:\program files\ea sports\fifa 10\fifa10.exe |
"TCP Query User{06930550-B3A6-4EE8-8471-430DF2F25252}C:\program files\creo elements\pro schools edition\i486_nt\obj\pro_comm_msg.exe" = protocol=6 | dir=in | app=c:\program files\creo elements\pro schools edition\i486_nt\obj\pro_comm_msg.exe |
"TCP Query User{3E175919-0BA6-481A-876D-0164F5727490}C:\program files\activision\call of duty 2\cod2mp_s.exe" = protocol=6 | dir=in | app=c:\program files\activision\call of duty 2\cod2mp_s.exe |
"TCP Query User{69CAD5F7-C29D-42EC-B459-4F3EE0E6D929}C:\program files\activision\call of duty 2\cod2mp_s.exe" = protocol=6 | dir=in | app=c:\program files\activision\call of duty 2\cod2mp_s.exe |
"TCP Query User{96FAD775-285D-4981-948C-CE9280776726}C:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe" = protocol=6 | dir=in | app=c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe |
"TCP Query User{9E012A5A-E467-4822-9D21-4BAFBA7EF60F}C:\program files\ea games\battlefield heroes\bfheroes.exe" = protocol=6 | dir=in | app=c:\program files\ea games\battlefield heroes\bfheroes.exe |
"TCP Query User{ACB51F16-6885-40E9-908B-1F11085620EF}C:\program files\creo elements\pro schools edition\i486_nt\obj\xtop.exe" = protocol=6 | dir=in | app=c:\program files\creo elements\pro schools edition\i486_nt\obj\xtop.exe |
"TCP Query User{D91E75FE-403F-4DF4-BA81-8E73721E04EC}C:\program files\creo elements\pro schools edition\i486_nt\nms\nmsd.exe" = protocol=6 | dir=in | app=c:\program files\creo elements\pro schools edition\i486_nt\nms\nmsd.exe |
"UDP Query User{05871655-18B4-4BAA-B0AC-9AB8536D0058}C:\program files\creo elements\pro schools edition\i486_nt\obj\xtop.exe" = protocol=17 | dir=in | app=c:\program files\creo elements\pro schools edition\i486_nt\obj\xtop.exe |
"UDP Query User{4099D77F-07E9-417F-A183-8F2CF6BAACB9}C:\program files\ea games\battlefield heroes\bfheroes.exe" = protocol=17 | dir=in | app=c:\program files\ea games\battlefield heroes\bfheroes.exe |
"UDP Query User{4E20AA72-3EAC-4EEF-8085-0388D01E2A26}C:\program files\activision\call of duty 2\cod2mp_s.exe" = protocol=17 | dir=in | app=c:\program files\activision\call of duty 2\cod2mp_s.exe |
"UDP Query User{603174F0-C463-40F1-9D22-0CA49BC92963}C:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe" = protocol=17 | dir=in | app=c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe |
"UDP Query User{9B5E0CD4-C75F-4E98-B29A-7805B02CEC62}C:\program files\ea sports\fifa 10\fifa10.exe" = protocol=17 | dir=in | app=c:\program files\ea sports\fifa 10\fifa10.exe |
"UDP Query User{A9232AF3-5B63-45DA-B057-56F8E0E37810}C:\program files\creo elements\pro schools edition\i486_nt\obj\pro_comm_msg.exe" = protocol=17 | dir=in | app=c:\program files\creo elements\pro schools edition\i486_nt\obj\pro_comm_msg.exe |
"UDP Query User{B2AD60CA-D947-496B-8806-8BE88D695C11}C:\program files\activision\call of duty 2\cod2mp_s.exe" = protocol=17 | dir=in | app=c:\program files\activision\call of duty 2\cod2mp_s.exe |
"UDP Query User{CCD9AE0C-A099-41FD-BC9F-109094B3F605}C:\program files\creo elements\pro schools edition\i486_nt\nms\nmsd.exe" = protocol=17 | dir=in | app=c:\program files\creo elements\pro schools edition\i486_nt\nms\nmsd.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{11202615-E557-4ECF-9B86-F59C81E52909}" = FIFA 10
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{259C0ABB-A3B2-4D70-008F-BF7EE491B70B}" = Need for Speed™ Carbon
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 33
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7240A69A-AC53-46A1-9039-1281DDBBE452}" = Cisco AnyConnect VPN Client
"{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7B4A5C13-069F-4AFE-AE57-C497B4E33C7E}" = Call of Duty(R) 2 Patch 1.3
"{84DD9D8F-7D12-4771-B537-CDEAB9157A9C}" = Creo Thumbnail Viewer 1.0
"{8C61886F-D069-46EF-A58A-76B17415D0B0}" = Facebook Video Calling 1.0.0.7153
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.5
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.1.9.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty(R) 2
"{D829ECBD-F4C7-40B2-BF9A-9A7F0332D0A1}" = ProductView Express 9.1
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"{F3D9AC82-30F4-4BB9-B9AB-8697637568C1}" = Sound Blaster X-Fi MB
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"ASRock IES_is1" = ASRock IES v2.0.69
"ASRock InstantBoot_is1" = ASRock InstantBoot v1.24
"ASRock OC Tuner_is1" = ASRock OC Tuner v2.3.91
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AVMWLANCLI" = AVM FRITZ!WLAN
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Creo Elements/Pro Schools Edition Release 5.0 Datecode M080" = Creo Elements/Pro Schools Edition Release 5.0 Datecode M080
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager
"InstallShield_{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty(R) 2
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"Meine Dienste Software" = Meine Dienste Software
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 20.0.1 (x86 de)" = Mozilla Firefox 20.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MySSID_is1" = EXPERTool 7.13
"NVIDIA Drivers" = NVIDIA Drivers
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"PunkBusterSvc" = PunkBuster Services
"VLC media player" = VLC media player 1.1.11
"WinRAR archiver" = WinRAR 4.20 (32-Bit)

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2901411799-3698017349-3773488547-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{8DC910CD-8EE3-4ffc-A4EB-9B02701059C4}" = Battlefield Heroes
"Dropbox" = Dropbox
"TeamSpeak 3 Client" = TeamSpeak 3 Client

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 21.05.2013 09:32:04 | Computer Name = IzhakStern-PC | Source = WinMgmt | ID = 10
Description =

Error - 21.05.2013 09:55:37 | Computer Name = IzhakStern-PC | Source = WinMgmt | ID = 10
Description =

Error - 21.05.2013 10:10:29 | Computer Name = IzhakStern-PC | Source = WinMgmt | ID = 10
Description =

Error - 21.05.2013 10:15:34 | Computer Name = IzhakStern-PC | Source = WinMgmt | ID = 10
Description =

Error - 21.05.2013 10:26:24 | Computer Name = IzhakStern-PC | Source = WinMgmt | ID = 10
Description =

Error - 21.05.2013 10:29:36 | Computer Name = IzhakStern-PC | Source = System Restore | ID = 8209
Description =

Error - 21.05.2013 10:39:49 | Computer Name = IzhakStern-PC | Source = EventSystem | ID = 4609
Description =

Error - 21.05.2013 10:41:39 | Computer Name = IzhakStern-PC | Source = EventSystem | ID = 4609
Description =

Error - 21.05.2013 10:44:16 | Computer Name = IzhakStern-PC | Source = WinMgmt | ID = 10
Description =

Error - 21.05.2013 10:48:13 | Computer Name = IzhakStern-PC | Source = WinMgmt | ID = 10
Description =

[ Cisco AnyConnect VPN Client Events ]
Error - 21.05.2013 10:43:36 | Computer Name = IzhakStern-PC | Source = vpnagent | ID = 67108866
Description = Function: CNetEnvironment::testNetwork File: .\NetEnvironment.cpp Line:
855 Invoked Function: CNetEnvironment::IsSGAccessible Return Code: -28901363 (0xFE47000D)
Description:
NETENVIRONMENT_ERROR_PROBE_INCOMPLETE:Network Probe could not contact target

Error - 21.05.2013 10:43:36 | Computer Name = IzhakStern-PC | Source = vpnagent | ID = 67108866
Description = Function: CNetEnvironment::TestNetEnv File: .\NetEnvironment.cpp Line:
190 Invoked Function: CNetEnvironment::testNetwork Return Code: -28901363 (0xFE47000D)
Description:
NETENVIRONMENT_ERROR_PROBE_INCOMPLETE:Network Probe could not contact target

Error - 21.05.2013 10:43:56 | Computer Name = IzhakStern-PC | Source = vpnagent | ID = 67108866
Description = Function: URL::URL File: .\Utility\URL.cpp Line: 38 Invoked Function:
URL::setURL Return Code: -28508150 (0xFE4D000A) Description: URL_ERROR_BAD_URL parameter=

Error - 21.05.2013 10:44:04 | Computer Name = IzhakStern-PC | Source = vpnagent | ID = 67108866
Description = Function: CHttpSessionAsync::OnTransportInitiateComplete File: .\IP\HttpSessionAsync.cpp
Line:
1051 Invoked Function: ISocketTransportCB::OnTransportInitiateComplete Return Code:
-31522780 (0xFE1F0024) Description: SOCKETTRANSPORT_ERROR_CONNECT_TIMEOUT

Error - 21.05.2013 10:44:04 | Computer Name = IzhakStern-PC | Source = vpnagent | ID = 67108866
Description = Function: CHttpProbeAsync::OnOpenRequestComplete File: .\IP\HttpProbeAsync.cpp
Line:
254 Invoked Function: CHttpSessionAsync::OnOpenRequestComplete Return Code: -31522780
(0xFE1F0024) Description: SOCKETTRANSPORT_ERROR_CONNECT_TIMEOUT

Error - 21.05.2013 10:44:04 | Computer Name = IzhakStern-PC | Source = vpnagent | ID = 67108866
Description = Function: CSocketTransport::OnTimerExpired File: .\IPC\SocketTransport.cpp
Line:
1175 Invoked Function: CSocketTransport:ostConnectProcessing Return Code: -31522780
(0xFE1F0024) Description: SOCKETTRANSPORT_ERROR_CONNECT_TIMEOUT

Error - 21.05.2013 10:44:04 | Computer Name = IzhakStern-PC | Source = vpnagent | ID = 67108866
Description = Function: CNetEnvironment::TestAccessToSG File: .\NetEnvironment.cpp
Line:
1019 Invoked Function: CNetEnvironment::analyzeHttpResponse Return Code: -28901363
(0xFE47000D) Description: NETENVIRONMENT_ERROR_PROBE_INCOMPLETE:Network Probe could
not contact target

Error - 21.05.2013 10:44:04 | Computer Name = IzhakStern-PC | Source = vpnagent | ID = 67108866
Description = Function: CNetEnvironment::testNetwork File: .\NetEnvironment.cpp Line:
855 Invoked Function: CNetEnvironment::IsSGAccessible Return Code: -28901363 (0xFE47000D)
Description:
NETENVIRONMENT_ERROR_PROBE_INCOMPLETE:Network Probe could not contact target

Error - 21.05.2013 10:44:04 | Computer Name = IzhakStern-PC | Source = vpnagent | ID = 67108866
Description = Function: CNetEnvironment::TestNetEnv File: .\NetEnvironment.cpp Line:
190 Invoked Function: CNetEnvironment::testNetwork Return Code: -28901363 (0xFE47000D)
Description:
NETENVIRONMENT_ERROR_PROBE_INCOMPLETE:Network Probe could not contact target

Error - 21.05.2013 10:44:28 | Computer Name = IzhakStern-PC | Source = vpnagent | ID = 67110873
Description = Termination reason code 9: Client PC is shutting down.

[ System Events ]
Error - 21.05.2013 10:57:29 | Computer Name = IzhakStern-PC | Source = nvstor32 | ID = 262149
Description = Ein Paritätsfehler wurde auf \Device\RaidPort0 gefunden.

Error - 21.05.2013 10:57:29 | Computer Name = IzhakStern-PC | Source = disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.

Error - 21.05.2013 10:57:31 | Computer Name = IzhakStern-PC | Source = nvstor32 | ID = 262149
Description = Ein Paritätsfehler wurde auf \Device\RaidPort0 gefunden.

Error - 21.05.2013 10:57:31 | Computer Name = IzhakStern-PC | Source = disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.

Error - 21.05.2013 10:57:46 | Computer Name = IzhakStern-PC | Source = nvstor32 | ID = 262149
Description = Ein Paritätsfehler wurde auf \Device\RaidPort0 gefunden.

Error - 21.05.2013 10:57:46 | Computer Name = IzhakStern-PC | Source = disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.

Error - 21.05.2013 10:57:48 | Computer Name = IzhakStern-PC | Source = nvstor32 | ID = 262149
Description = Ein Paritätsfehler wurde auf \Device\RaidPort0 gefunden.

Error - 21.05.2013 10:57:48 | Computer Name = IzhakStern-PC | Source = disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.

Error - 21.05.2013 10:57:50 | Computer Name = IzhakStern-PC | Source = nvstor32 | ID = 262149
Description = Ein Paritätsfehler wurde auf \Device\RaidPort0 gefunden.

Error - 21.05.2013 10:57:50 | Computer Name = IzhakStern-PC | Source = disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.


< End of report >

Alt 21.05.2013, 16:30   #2
markusg
/// Malware-holic
 
GUV trojaner - Standard

GUV trojaner



hi
otl.txt fehlt
__________________

__________________

Alt 21.05.2013, 16:31   #3
JohnMcMeef
 
GUV trojaner - Standard

GUV trojaner



alles klar danke!
__________________

Alt 21.05.2013, 16:35   #4
markusg
/// Malware-holic
 
GUV trojaner - Standard

GUV trojaner



siehe edit, otl.txt fehlt
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 21.05.2013, 17:10   #5
JohnMcMeef
 
GUV trojaner - Standard

GUV trojaner



OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 21.05.2013 16:55:22 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = k:\
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,62 Gb Total Physical Memory | 3,22 Gb Available Physical Memory | 89,00% Memory free
7,51 Gb Paging File | 7,30 Gb Available in Paging File | 97,21% Paging File free
Paging file location(s): d:\pagefile.sys 4096 8192 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 913,09 Gb Total Space | 715,19 Gb Free Space | 78,33% Space Free | Partition Type: NTFS
Drive D: | 18,42 Gb Total Space | 14,34 Gb Free Space | 77,81% Space Free | Partition Type: NTFS
Drive K: | 1,90 Gb Total Space | 0,33 Gb Free Space | 17,48% Space Free | Partition Type: FAT
 
Computer Name: IZHAKSTERN-PC | User Name: Thomas Bayer | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.05.21 16:44:30 | 000,602,112 | ---- | M] (OldTimer Tools) -- k:\OTL.exe
PRC - [2008.01.21 04:23:50 | 000,318,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cmd.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Services (SafeList) ==========
 
SRV - [2013.05.15 19:58:13 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.04.14 20:56:22 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.02.28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.10.10 22:15:04 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012.10.02 13:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto | Stopped] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2011.09.22 20:43:28 | 000,645,048 | ---- | M] (Cisco Systems, Inc.) [Auto | Stopped] -- C:\Programme\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe -- (vpnagent)
SRV - [2011.06.29 10:49:35 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.05.02 15:45:25 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.02.03 16:10:20 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Programme\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
SRV - [2011.02.03 16:09:23 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Programme\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2011.02.03 16:08:34 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Programme\Common Files\Creative Labs Shared\Service\XMBLicensing.exe -- (Sound Blaster X-Fi MB Licensing Service)
SRV - [2010.09.24 11:54:20 | 000,372,736 | ---- | M] (AVM Berlin) [Auto | Stopped] -- C:\Programme\avmwlanstick\WLanNetService.exe -- (AVM WLAN Connection Service)
SRV - [2010.01.09 21:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2010.01.09 21:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
SRV - [2009.08.24 14:16:12 | 000,378,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2009.02.23 05:43:56 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Stopped] -- C:\Programme\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2013.02.26 00:22:06 | 008,939,296 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2011.09.22 12:29:20 | 000,019,192 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vpnva.sys -- (vpnva)
DRV - [2011.06.29 10:49:36 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.06.29 10:49:36 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010.10.20 08:09:03 | 000,123,496 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2010.07.20 03:00:00 | 000,925,600 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\fwlanusb4.sys -- (fwlanusb4)
DRV - [2010.07.20 03:00:00 | 000,004,352 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\avmeject.sys -- (avmeject)
DRV - [2010.06.17 15:27:02 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.11.25 15:02:46 | 001,108,480 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV - [2008.08.18 12:58:16 | 000,145,952 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvstor32.sys -- (nvstor32)
DRV - [2008.03.25 07:38:20 | 001,048,480 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2007.03.16 11:11:38 | 000,012,256 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TBPanel.sys -- (TBPanel)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-2901411799-3698017349-3773488547-1001\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2901411799-3698017349-3773488547-1001\..\SearchScopes,DefaultScope = {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}
IE - HKU\S-1-5-21-2901411799-3698017349-3773488547-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=ASRK
IE - HKU\S-1-5-21-2901411799-3698017349-3773488547-1001\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=19E091DE-7E8A-4EE7-BC2C-A69F0B14EEB6&apn_sauid=779F5B64-FAA5-4B0C-BDD0-9F2B14BF456F
IE - HKU\S-1-5-21-2901411799-3698017349-3773488547-1001\..\SearchScopes\{45B77104-7088-4a94-8723-8508242447DE}: "URL" = hxxp://www.google.com/custom?client=pub-3794288947762788&forid=1&channel=5480255188&ie=UTF-8&oe=UTF-8&safe=active&cof=GALT%3A%23008000%3BGL%3A1%3BDIV%3A%23336699%3BVLC%3A663399%3BAH%3Acenter%3BBGC%3AFFFFFF%3BLBGC%3A336699%3BALC%3A0000FF%3BLC%3A0000FF%3BT%3A000000%3BGFNT%3A0000FF%3BGIMP%3A0000FF%3BFORID%3A1&hl=de&q={searchTerms}
IE - HKU\S-1-5-21-2901411799-3698017349-3773488547-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Google"
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledAddons: battlefieldheroespatcher%40ea.com:5.0.203.0
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1
FF - prefs.js..extensions.enabledItems: battlefieldheroespatcher@ea.com:5.0.67.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@ptc.com/ProductViewLite: C:\Program Files\Common Files\PTC\np6_pvapplite9.dll (PTC)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Thomas Bayer\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.04.14 20:56:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.05.16 09:57:34 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.04.14 20:56:22 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.05.16 09:57:34 | 000,000,000 | ---D | M]
 
[2011.02.03 17:22:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Thomas Bayer\AppData\Roaming\mozilla\Extensions
[2013.05.15 22:50:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Thomas Bayer\AppData\Roaming\mozilla\Firefox\Profiles\ugzofqws.default\extensions
[2011.03.12 18:53:43 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Thomas Bayer\AppData\Roaming\mozilla\Firefox\Profiles\ugzofqws.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2013.05.15 22:50:36 | 000,000,000 | ---D | M] (Battlefield Heroes Updater) -- C:\Users\Thomas Bayer\AppData\Roaming\mozilla\Firefox\Profiles\ugzofqws.default\extensions\battlefieldheroespatcher@ea.com
[2013.04.14 20:56:18 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2013.04.14 20:56:18 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013.04.14 20:56:18 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2013.04.14 20:56:22 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.02.21 21:08:43 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.25 15:34:57 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.02.21 21:08:43 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.21 21:08:43 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.21 21:08:43 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.21 21:08:43 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKU\S-1-5-21-2901411799-3698017349-3773488547-1001\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [AVMWlanClient] C:\Programme\avmwlanstick\WLanGUI.exe (AVM Berlin)
O4 - HKLM..\Run: [CTSyncService] C:\Program Files\InstallShield Installation Information\{F3D9AC82-30F4-4BB9-B9AB-8697637568C1}\AMBSPISyncService.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [RunDLLEntry] C:\Windows\System32\AmbRunE.DLL (Creative Technology Ltd.)
O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [VIAAUD] C:\Program Files\VIA\VIAudioi\VDeck\VIAAUD.exe File not found
O4 - HKLM..\Run: [VolPanel] C:\Program Files\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-2901411799-3698017349-3773488547-1001..\Run: [ASRockIES]  File not found
O4 - HKU\S-1-5-21-2901411799-3698017349-3773488547-1001..\Run: [ASRockOCTuner]  File not found
O4 - HKU\S-1-5-21-2901411799-3698017349-3773488547-1001..\Run: [cadeaabcbesacfsfdsf] C:\ProgramData\cadeaabcbesacfsfdsf.exe ()
O4 - HKU\S-1-5-21-2901411799-3698017349-3773488547-1001..\Run: [Facebook Update] C:\Users\Thomas Bayer\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKU\S-1-5-21-2901411799-3698017349-3773488547-1001..\Run: [GAINWARD] C:\Program Files\EXPERTool\TBPanel.exe (Gainward Co.)
O4 - HKU\S-1-5-21-2901411799-3698017349-3773488547-1001..\Run: [Pando Media Booster] C:\Programme\Pando Networks\Media Booster\PMB.exe ()
O4 - HKU\S-1-5-21-2901411799-3698017349-3773488547-1001..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2901411799-3698017349-3773488547-1001..\Run: [zASRockInstantBoot]  File not found
O4 - Startup: C:\Users\Thomas Bayer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Meine Dienste.lnk = C:\Programme\Telekom\Meine Dienste\StartMeineDienste.exe (Deutsche Telekom AG)
O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{45A3DD7B-3A64-402E-9A83-205A4CDDD911}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6EABD010-55A3-47CA-8C05-C7CBA226DDA5}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-2901411799-3698017349-3773488547-1001 Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-2901411799-3698017349-3773488547-1001 Winlogon: Shell - (C:\Users\Thomas Bayer\AppData\Roaming\skype.dat) - C:\Users\Thomas Bayer\AppData\Roaming\skype.dat ()
O24 - Desktop WallPaper: C:\Users\Thomas Bayer\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Thomas Bayer\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O31 - SafeBoot: UseAlternatShell - 1
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{5a55ca1b-3b70-11e0-b72e-00252284809b}\Shell - "" = AutoRun
O33 - MountPoints2\{5a55ca1b-3b70-11e0-b72e-00252284809b}\Shell\AutoRun\command - "" = J:\pushinst.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.05.20 21:38:07 | 000,096,256 | ---- | C] (CleanMyPC Tools Software) -- C:\ProgramData\A133.exe
[2013.05.20 21:22:43 | 000,096,256 | ---- | C] (CleanMyPC Tools Software) -- C:\ProgramData\83DB.exe
[2013.05.16 09:57:27 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013.04.22 15:32:00 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.05.21 16:51:06 | 000,632,594 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.05.21 16:51:06 | 000,599,528 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.05.21 16:51:06 | 000,128,406 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.05.21 16:51:06 | 000,105,404 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.05.21 16:46:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.05.21 16:42:52 | 000,005,360 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013.05.21 16:42:52 | 000,005,360 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013.05.21 16:37:18 | 000,087,040 | ---- | M] () -- C:\ProgramData\cadeaabcbesacfsfdsf.exe
[2013.05.21 16:37:15 | 000,000,004 | ---- | M] () -- C:\Users\Thomas Bayer\AppData\Roaming\skype.ini
[2013.05.21 13:58:28 | 000,001,356 | ---- | M] () -- C:\Users\Thomas Bayer\AppData\Local\d3d9caps.dat
[2013.05.21 13:50:25 | 000,138,752 | ---- | M] () -- C:\ProgramData\999D.exe
[2013.05.21 11:15:34 | 000,000,136 | -H-- | M] () -- C:\Users\Thomas Bayer\Documents\.~lock.iteb.odt#
[2013.05.20 21:38:08 | 000,096,256 | ---- | M] (CleanMyPC Tools Software) -- C:\ProgramData\A133.exe
[2013.05.20 21:22:43 | 000,096,256 | ---- | M] (CleanMyPC Tools Software) -- C:\ProgramData\83DB.exe
[2013.05.20 19:47:11 | 000,069,632 | ---- | M] () -- C:\ProgramData\6B14.exe
[2013.05.16 09:57:34 | 000,001,893 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2013.05.15 23:22:11 | 000,282,296 | ---- | M] () -- C:\Windows\System32\PnkBstrB.xtr
[2013.05.15 22:55:41 | 000,139,648 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2013.05.15 22:55:34 | 000,282,296 | ---- | M] () -- C:\Windows\System32\PnkBstrB.ex0
[2013.05.15 19:58:13 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013.05.15 19:58:13 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013.05.02 02:06:08 | 000,238,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.05.21 13:55:45 | 000,000,004 | ---- | C] () -- C:\Users\Thomas Bayer\AppData\Roaming\skype.ini
[2013.05.21 13:50:24 | 000,138,752 | ---- | C] () -- C:\ProgramData\999D.exe
[2013.05.21 11:15:34 | 000,000,136 | -H-- | C] () -- C:\Users\Thomas Bayer\Documents\.~lock.iteb.odt#
[2013.05.20 19:47:10 | 000,069,632 | ---- | C] () -- C:\ProgramData\6B14.exe
[2013.05.20 19:47:08 | 000,087,040 | ---- | C] () -- C:\ProgramData\cadeaabcbesacfsfdsf.exe
[2011.10.10 17:48:32 | 000,000,058 | ---- | C] () -- C:\Windows\nfsc_patch.ini
[2011.03.10 14:14:11 | 000,067,072 | ---- | C] () -- C:\Users\Thomas Bayer\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.02.10 12:13:55 | 000,138,752 | ---- | C] () -- C:\Users\Thomas Bayer\AppData\Roaming\skype.dat
[2011.02.03 18:32:03 | 000,138,056 | ---- | C] () -- C:\Users\Thomas Bayer\AppData\Roaming\PnkBstrK.sys
[2011.02.03 16:17:44 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011.02.03 14:59:17 | 000,001,356 | ---- | C] () -- C:\Users\Thomas Bayer\AppData\Local\d3d9caps.dat
 
========== ZeroAccess Check ==========
 
[2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2011.01.21 17:46:32 | 011,582,464 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.03.03 06:36:24 | 000,615,424 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008.01.21 04:24:03 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >
         
--- --- ---


Alt 21.05.2013, 17:30   #6
markusg
/// Malware-holic
 
GUV trojaner - Standard

GUV trojaner



bHi,


otl fix

Fixen mit OTL

  • Starte bitte die OTL.exe.
  • Kopiere nun den Inhalt aus der Codebox in die Textbox.

Code:
ATTFilter
:OTL
O4 - HKU\S-1-5-21-2901411799-3698017349-3773488547-1001..\Run: [cadeaabcbesacfsfdsf] C:\ProgramData\cadeaabcbesacfsfdsf.exe ()
O20 - HKU\S-1-5-21-2901411799-3698017349-3773488547-1001 Winlogon: Shell - (C:\Users\Thomas Bayer\AppData\Roaming\skype.dat) - C:\Users\Thomas Bayer\AppData\Roaming\skype.dat
()
[2013.05.20 21:38:07 | 000,096,256 | ---- | C] (CleanMyPC Tools Software) -- C:\ProgramData\A133.exe
[2013.05.20 21:22:43 | 000,096,256 | ---- | C] (CleanMyPC Tools Software) -- C:\ProgramData\83DB.exe
[2013.05.21 16:37:15 | 000,000,004 | ---- | M] () -- C:\Users\Thomas Bayer\AppData\Roaming\skype.ini
[2013.05.20 19:47:11 | 000,069,632 | ---- | M] () -- C:\ProgramData\6B14.exe
[2013.05.21 13:50:24 | 000,138,752 | ---- | C] () -- C:\ProgramData\999D.exe
:files
:Commands
[emptytemp]
         
  • Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
  • Schließe bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread


falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden

Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang
in den Thread posten!




Drücke bitte die + E Taste.
  • Öffne dein Systemlaufwerk ( meistens C: )
  • Suche nun
    folgenden Ordner: _OTL und öffne diesen.
  • Mache einen Rechtsklick auf den Ordner Movedfiles --> Senden an --> Zip-Komprimierter Ordner

  • Dies wird eine Movedfiles.zip Datei in _OTL erstellen
  • Lade diese bitte in unseren Uploadchannel
    hoch. ( Durchsuchen --> C:\_OTL\Movedfiles.zip )
Teile mir mit ob der Upload problemlos geklappt hat. Danke im voraus
__________________
--> GUV trojaner

Alt 22.05.2013, 08:02   #7
JohnMcMeef
 
GUV trojaner - Standard

GUV trojaner



Wie kann ich den Inhalt der Codebox reinkopieren? sry aber bin nicht so fit in solchen sachen^^

Alt 22.05.2013, 11:17   #8
markusg
/// Malware-holic
 
GUV trojaner - Standard

GUV trojaner



abschreiben zb via textdatei speichern, die öffnen rechtsklick alles markieren und einfügen, der Möglichkeiten gibts viele :-)
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Antwort

Themen zu GUV trojaner
adobe, adobe flash player, avira, desktop, dll, error, excel, explorer, flash player, format, home, install.exe, logfile, mozilla, nvidia, registry, rundll, scan, security, software, speicherplatz, tcp, teamspeak, thomas, trojaner, udp, vista



Zum Thema GUV trojaner - Servus! habe mir den guv trojaner eingehandelt, wenn der abgesicherte modus aktiviert wird fährt er gleich wieder runter. bei abges. modus mit eingabehilfe finde ich die in guides beschriebenen namen - GUV trojaner...
Archiv
Du betrachtest: GUV trojaner auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.