| |
| |||||||
Log-Analyse und Auswertung: GVU Trojaner 2.07 - Win7 32 BIT Ultimate - Logfiles anbeiWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
16.07.2012, 15:09
| #1 |
| |  GVU Trojaner 2.07 - Win7 32 BIT Ultimate - Logfiles anbei Hallo Zusammen, ich habe mir heute den nervigen GVU Trojaner 2.07 eingefangen und brauche dringend Hilfe. Hab das Ding mit Anti-Malware entfernt. Log davon hier: Code:
ATTFilter Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.07.16.07 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 9.0.8112.16421 Martin :: WALLACE [Administrator] 16.07.2012 13:44:27 mbam-log-2012-07-16 (13-44-27).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 246301 Laufzeit: 5 Minute(n), 8 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 2 G:\Users\Martin\AppData\Local\Temp\fest0r_ot.exe (Spyware.Zbot.DG) -> Erfolgreich gelöscht und in Quarantäne gestellt. G:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk (Trojan.Ransom.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Code:
ATTFilter OTL logfile created on: 7/16/2012 3:27:58 PM - Run 1 OTL by OldTimer - Version 3.2.54.0 Folder = G:\Users\Tanja\Downloads Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy 3.25 Gb Total Physical Memory | 1.62 Gb Available Physical Memory | 49.73% Memory free 6.50 Gb Paging File | 4.68 Gb Available in Paging File | 72.08% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = G: | %SystemRoot% = G:\Windows | %ProgramFiles% = G:\Program Files Drive C: | 292.97 Gb Total Space | 62.97 Gb Free Space | 21.49% Space Free | Partition Type: NTFS Drive D: | 292.97 Gb Total Space | 67.97 Gb Free Space | 23.20% Space Free | Partition Type: NTFS Drive G: | 112.69 Gb Total Space | 5.86 Gb Free Space | 5.20% Space Free | Partition Type: NTFS Drive I: | 976.56 Gb Total Space | 10.59 Gb Free Space | 1.08% Space Free | Partition Type: NTFS Drive J: | 7.79 Gb Total Space | 7.72 Gb Free Space | 99.15% Space Free | Partition Type: NTFS Computer Name: WALLACE | User Name: Martin | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - G:\Users\Tanja\Downloads\OTL.exe (OldTimer Tools) PRC - G:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe (Adobe Systems, Inc.) PRC - G:\Program Files\AVG\AVG2012\avgidsagent.exe (AVG Technologies CZ, s.r.o.) PRC - G:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) PRC - G:\Program Files\AVG\AVG2012\avgrsx.exe (AVG Technologies CZ, s.r.o.) PRC - G:\Program Files\AVG\AVG2012\avgnsx.exe (AVG Technologies CZ, s.r.o.) PRC - G:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - G:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.) PRC - G:\Program Files\AVG\AVG2012\avgemcx.exe (AVG Technologies CZ, s.r.o.) PRC - G:\Program Files\Samsung\AllShare\AllShareDMS\AllShareDMS.exe (Samsung Electronics Co., Ltd.) PRC - G:\Program Files\Samsung\AllShare\AllShareAgent.exe (Samsung Electronics Co., Ltd.) PRC - G:\Program Files\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) PRC - G:\Program Files\AVG\AVG2012\avgcsrvx.exe (AVG Technologies CZ, s.r.o.) PRC - G:\Windows\explorer.exe (Microsoft Corporation) PRC - G:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited) PRC - G:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - G:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe (Adobe Systems Inc.) PRC - G:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.) PRC - G:\Windows\System32\atieclxx.exe (AMD) PRC - G:\Windows\System32\atiesrxx.exe (AMD) PRC - G:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG) PRC - G:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG) PRC - G:\Program Files\ATI\ATI.ACE\Core-Static\MOM.exe (Advanced Micro Devices Inc.) PRC - G:\Program Files\ATI\ATI.ACE\Core-Static\CCC.exe (ATI Technologies Inc.) ========== Modules (No Company Name) ========== MOD - G:\Windows\System32\Macromed\Flash\NPSWF32_11_3_300_265.dll () MOD - G:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\26e0457a9776a0e9f23e3986686d90a5\System.ServiceProcess.ni.dll () MOD - G:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\00a4922fbf869a79c043b665035516b6\System.Windows.Forms.ni.dll () MOD - G:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\a501b7960f6c6e2e39162b83f3303aaa\System.Web.ni.dll () MOD - G:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll () MOD - G:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll () MOD - G:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\b7de318e9fd1ef519ca6c1f3b5dba8e0\PresentationCore.ni.dll () MOD - G:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\a6e37a05b8d0cedbc5c3ea266ae3fc31\WindowsBase.ni.dll () MOD - G:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\4230ed1c7990e4ee8352baf67a2a85fa\System.Drawing.ni.dll () MOD - G:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll () MOD - G:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll () MOD - G:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll () MOD - G:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll () MOD - G:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll () MOD - G:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\63bc6e391de5014965039e100ce1e9d5\System.Runtime.Remoting.ni.dll () MOD - G:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\a84262e1224189f93e10cd3c403a9527\System.Configuration.ni.dll () MOD - G:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\9abe44a0f82070ead5f1256683a4d25a\System.Xml.ni.dll () MOD - G:\Windows\assembly\NativeImages_v4.0.30319_32\System\a6be120e49f895ef6b00e9918402395b\System.ni.dll () MOD - G:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\c1af4ec9a36f671617a8ecaec00373f4\mscorlib.ni.dll () MOD - G:\Program Files\Mozilla Firefox\mozjs.dll () MOD - G:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - G:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll () MOD - G:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - G:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll () MOD - G:\Program Files\Adobe\Acrobat 10.0\Acrobat\Locale\de_DE\AcroTray.DEU () MOD - G:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager2.Graphics.Wizard\2.0.3685.42422__90ba9c70f846762e\CLI.Aspect.DisplaysManager2.Graphics.Wizard.dll () MOD - G:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Wizard\2.0.3685.42339__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Wizard.dll () MOD - G:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3685.42379__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll () MOD - G:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3685.42249__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll () MOD - G:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Wizard\2.0.3685.42359__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Wizard.dll () MOD - G:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3685.42279__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll () MOD - G:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3685.42353__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll () MOD - G:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3685.42324__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll () MOD - G:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3685.42310__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll () MOD - G:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3685.42271__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll () MOD - G:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3685.42263__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll () MOD - G:\Windows\assembly\GAC_MSIL\CLI.Caste.HydraVision.Runtime\2.0.3685.42396__90ba9c70f846762e\CLI.Caste.HydraVision.Runtime.dll () MOD - G:\Windows\assembly\GAC_MSIL\CLI.Caste.HydraVision.Shared\2.0.3685.42395__90ba9c70f846762e\CLI.Caste.HydraVision.Shared.dll () MOD - G:\Windows\assembly\GAC_MSIL\CLI.Caste.HydraVision.Wizard\2.0.3685.42400__90ba9c70f846762e\CLI.Caste.HydraVision.Wizard.dll () MOD - G:\Windows\assembly\GAC_MSIL\CLI.Caste.HydraVision.Dashboard\2.0.3685.42396__90ba9c70f846762e\CLI.Caste.HydraVision.Dashboard.dll () MOD - G:\Windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Dashboard\2.0.3685.42394__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Dashboard.dll () MOD - G:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3685.42331__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll () MOD - G:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3685.42332__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll () MOD - G:\Windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Runtime\2.0.3685.42394__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Runtime.dll () MOD - G:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3685.42261__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll () MOD - G:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3685.42380__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll () MOD - G:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3685.42330__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll () MOD - G:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Runtime\2.0.3685.42422__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Runtime.dll () MOD - G:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager2.Graphics.Dashboard\2.0.3685.42418__90ba9c70f846762e\CLI.Aspect.DisplaysManager2.Graphics.Dashboard.dll () MOD - G:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3685.42313__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll () MOD - G:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Dashboard\2.0.3685.42354__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Dashboard.dll () MOD - G:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Dashboard\2.0.3685.42326__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Dashboard.dll () MOD - G:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3685.42280__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll () MOD - G:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3685.42344__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll () MOD - G:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3685.42311__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll () MOD - G:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3685.42305__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll () MOD - G:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll () MOD - G:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3685.42279__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll () MOD - G:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3685.42312__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll () MOD - G:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3685.42320__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll () MOD - G:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3685.42310__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll () MOD - G:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3685.42312__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll () MOD - G:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3685.42319__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll () MOD - G:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3685.42284__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll () MOD - G:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3685.42321__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll () MOD - G:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.3685.42237__90ba9c70f846762e\CLI.Foundation.dll () MOD - G:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll () MOD - G:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.3685.42235__90ba9c70f846762e\LOG.Foundation.dll () MOD - G:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3685.42371__90ba9c70f846762e\CLI.Foundation.XManifest.dll () MOD - G:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0703\2.0.2651.18802__90ba9c70f846762e\DEM.Graphics.I0703.dll () MOD - G:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll () MOD - G:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll () MOD - G:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3685.42236__90ba9c70f846762e\NEWAEM.Foundation.dll () MOD - G:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3685.42241__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll () MOD - G:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll () MOD - G:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3685.42236__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll () MOD - G:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.3685.42247__90ba9c70f846762e\DEM.Graphics.dll () MOD - G:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3685.42377__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll () MOD - G:\Windows\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3685.42244__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll () MOD - G:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.3685.42240__90ba9c70f846762e\MOM.Foundation.dll () MOD - G:\Windows\assembly\GAC_MSIL\AEM.Plugin.REG.Shared\2.0.3685.42387__90ba9c70f846762e\AEM.Plugin.REG.Shared.dll () MOD - G:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3685.42248__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll () MOD - G:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3685.42244__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll () MOD - G:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3685.42239__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll () MOD - G:\Windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Shared\2.0.3685.42393__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Shared.dll () MOD - G:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3685.42330__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll () MOD - G:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3685.42378__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll () MOD - G:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3685.42238__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll () MOD - G:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3685.42238__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll () MOD - G:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3685.42270__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll () MOD - G:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3685.42261__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll () MOD - G:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Shared\2.0.3685.42379__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Shared.dll () MOD - G:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3685.42238__90ba9c70f846762e\CLI.Component.Client.Shared.dll () MOD - G:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3685.42243__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll () MOD - G:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3685.42352__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll () MOD - G:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3685.42300__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll () MOD - G:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3685.42276__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll () MOD - G:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3685.42310__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll () MOD - G:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3685.42261__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll () MOD - G:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3685.42323__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll () MOD - G:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3685.42262__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll () MOD - G:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3685.42262__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll () MOD - G:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3685.42275__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll () MOD - G:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3685.42319__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll () MOD - G:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3685.42248__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll () MOD - G:\Windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Implementation\2.0.3685.42415__90ba9c70f846762e\ResourceManagement.Foundation.Implementation.dll () MOD - G:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3685.42364__90ba9c70f846762e\CLI.Component.Systemtray.dll () MOD - G:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3685.42270__90ba9c70f846762e\CLI.Component.Wizard.dll () MOD - G:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3685.42372__90ba9c70f846762e\MOM.Implementation.dll () MOD - G:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3685.42369__90ba9c70f846762e\LOG.Foundation.Implementation.dll () MOD - G:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3685.42246__90ba9c70f846762e\CLI.Component.Runtime.dll () MOD - G:\Windows\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3685.42247__90ba9c70f846762e\CLI.Component.SkinFactory.dll () MOD - G:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3685.42245__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll () MOD - G:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3685.42387__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll () MOD - G:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3685.42241__90ba9c70f846762e\CLI.Foundation.Private.dll () MOD - G:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3685.42239__90ba9c70f846762e\LOG.Foundation.Private.dll () MOD - G:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3685.42240__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll () MOD - G:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.3685.42237__90ba9c70f846762e\APM.Foundation.dll () MOD - G:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3685.42269__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll () MOD - G:\Windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Private\2.0.3685.42246__90ba9c70f846762e\ResourceManagement.Foundation.Private.dll () MOD - G:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3685.42245__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll () MOD - G:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3685.42243__90ba9c70f846762e\AEM.Server.Shared.dll () MOD - G:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3685.42256__90ba9c70f846762e\CLI.Component.Dashboard.dll () MOD - G:\Windows\assembly\GAC_MSIL\APM.Server\2.0.3685.42242__90ba9c70f846762e\APM.Server.dll () MOD - G:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.3685.42244__90ba9c70f846762e\AEM.Server.dll () MOD - G:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3685.42254__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll () MOD - G:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll () MOD - G:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3685.42371__90ba9c70f846762e\CCC.Implementation.dll () MOD - G:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3685.42255__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll () MOD - G:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3685.42277__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll () MOD - G:\Program Files\ATI\ATI.ACE\Branding\Branding.dll () MOD - G:\Program Files\Common Files\LightScribe\QtGui4.dll () MOD - G:\Program Files\Common Files\LightScribe\QtCore4.dll () MOD - G:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll () ========== Win32 Services (SafeList) ========== SRV - (AdobeFlashPlayerUpdateSvc) -- G:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (AVGIDSAgent) -- G:\Program Files\AVG\AVG2012\avgidsagent.exe (AVG Technologies CZ, s.r.o.) SRV - (Steam Client Service) -- G:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (SkypeUpdate) -- G:\Program Files\Skype\Updater\Updater.exe (Skype Technologies) SRV - (MozillaMaintenance) -- G:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (SamsungAllShareV2.0) -- G:\Program Files\Samsung\AllShare\AllShareDMS\AllShareDMS.exe (Samsung Electronics Co., Ltd.) SRV - (SimpleSlideShowServer) -- G:\Program Files\Samsung\AllShare\AllShareSlideShowService.exe (Samsung Electronics Co., Ltd.) SRV - (avgwd) -- G:\Program Files\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) SRV - (AMD External Events Utility) -- G:\Windows\System32\atiesrxx.exe (AMD) SRV - (Fabs) -- G:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG) SRV - (SensrSvc) -- G:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (PeerDistSvc) -- G:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation) SRV - (WinDefend) -- G:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (Nero BackItUp Scheduler 4.0) -- G:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG) SRV - (FirebirdServerMAGIXInstance) -- G:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe (MAGIX®) SRV - (WcesComm) -- G:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation) SRV - (RapiMgr) -- G:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (VGPU) -- System32\drivers\rdvgkmd.sys File not found DRV - (tsusbhub) -- system32\drivers\tsusbhub.sys File not found DRV - (Synth3dVsc) -- System32\drivers\synth3dvsc.sys File not found DRV - (StarOpen) -- File not found DRV - (jgjklf) -- G:\Windows\System32\drivers\yrjqvosb.sys () DRV - (MBAMSwissArmy) -- G:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation) DRV - (AVGIDSHX) -- G:\Windows\System32\drivers\avgidshx.sys (AVG Technologies CZ, s.r.o. ) DRV - (Avgtdix) -- G:\Windows\System32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.) DRV - (Avgldx86) -- G:\Windows\System32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.) DRV - (Avgrkx86) -- G:\Windows\System32\drivers\avgrkx86.sys (AVG Technologies CZ, s.r.o.) DRV - (Avgmfx86) -- G:\Windows\System32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.) DRV - (AVGIDSShim) -- G:\Windows\System32\drivers\avgidsshimx.sys (AVG Technologies CZ, s.r.o. ) DRV - (AVGIDSFilter) -- G:\Windows\System32\drivers\avgidsfilterx.sys (AVG Technologies CZ, s.r.o. ) DRV - (AVGIDSDriver) -- G:\Windows\System32\drivers\avgidsdriverx.sys (AVG Technologies CZ, s.r.o. ) DRV - (vpcvmm) -- G:\Windows\System32\drivers\vpcvmm.sys (Microsoft Corporation) DRV - (vpcbus) -- G:\Windows\System32\drivers\vpchbus.sys (Microsoft Corporation) DRV - (vmbus) -- G:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation) DRV - (storflt) -- G:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation) DRV - (storvsc) -- G:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation) DRV - (vpcusb) -- G:\Windows\System32\drivers\vpcusb.sys (Microsoft Corporation) DRV - (vpcnfltr) -- G:\Windows\System32\drivers\vpcnfltr.sys (Microsoft Corporation) DRV - (TsUsbFlt) -- G:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV - (RdpVideoMiniport) -- G:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation) DRV - (WinUsb) -- G:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (VMBusHID) -- G:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation) DRV - (s3cap) -- G:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation) DRV - (AnyDVD) -- G:\Windows\System32\drivers\AnyDVD.sys (SlySoft, Inc.) DRV - (tbhsd) -- G:\Windows\System32\drivers\tbhsd.sys (RapidSolution Software AG) DRV - (RRNetCapMP) -- G:\Windows\System32\drivers\rrnetcap.sys (RapidSolution Software AG) DRV - (RRNetCap) -- G:\Windows\System32\drivers\rrnetcap.sys (RapidSolution Software AG) DRV - (SCDEmu) -- G:\Windows\System32\drivers\scdemu.sys (PowerISO Computing, Inc.) DRV - (SKYNET) -- G:\Windows\System32\drivers\SkyNET.sys (TechniSat Digital, S.A.) DRV - (atikmdag) -- G:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (amdkmdag) -- G:\Windows\System32\drivers\atipmdag.sys (ATI Technologies Inc.) DRV - (amdkmdap) -- G:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV - (AtiHdmiService) -- G:\Windows\System32\drivers\AtiHdmi.sys (ATI Technologies, Inc.) DRV - (L1E) NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller(NDIS6.20) -- G:\Windows\System32\drivers\L1E62x86.sys (Atheros Communications, Inc.) DRV - (mcdbus) -- G:\Windows\System32\drivers\mcdbus.sys (MagicISO, Inc.) DRV - (ovt530) -- G:\Windows\System32\drivers\ov530vid.sys (OmniVision Technologies, Inc.) DRV - (MTsensor) -- G:\Windows\System32\drivers\ASACPI.sys () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 90 2F 62 CD 59 4E CD 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{D4261820-1F3A-47B3-8570-B857B6CB1DC6}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=302398&p={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: G:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_265.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: G:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: G:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: G:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: G:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@logitech.com/HarmonyRemote,version=1.0.0: G:\Program Files\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll (Logitech Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: G:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: G:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: G:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@rim.com/npappworld: G:\Program Files\Research In Motion Limited\BlackBerry App World Browser Plugin\npappworld.dll () FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: G:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll () FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: G:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: G:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: G:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: G:\Programme\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: G:\Users\Martin\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: G:\Users\Martin\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: G:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2011/11/01 17:23:29 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: G:\Program Files\AVG\AVG2012\Firefox\DoNotTrack\ [2012/07/03 17:27:29 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: G:\Program Files\Mozilla Firefox\components [2012/06/01 22:05:14 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: G:\Program Files\Mozilla Firefox\plugins [2012/06/01 22:05:14 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: G:\Programme\Mozilla Firefox\components [2012/06/01 22:05:14 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: G:\Programme\Mozilla Firefox\plugins [2012/06/01 22:05:14 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.2pre\extensions\\Components: G:\Programme\Mozilla Firefox\components [2012/06/01 22:05:14 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.2pre\extensions\\Plugins: G:\Programme\Mozilla Firefox\plugins [2012/06/01 22:05:14 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Components: G:\Program Files\Mozilla Thunderbird\components [2012/06/19 11:51:43 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Plugins: G:\Program Files\Mozilla Thunderbird\plugins [2012/06/01 22:05:14 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\avgthb@avg.com: G:\Program Files\AVG\AVG2012\Thunderbird\ [2012/01/29 21:07:45 | 000,000,000 | ---D | M] [2011/06/30 23:27:53 | 000,000,000 | ---D | M] (No name found) -- G:\Users\Martin\AppData\Roaming\mozilla\Extensions [2010/03/13 14:33:41 | 000,000,000 | ---D | M] (No name found) -- G:\Users\Martin\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2011/06/30 23:27:53 | 000,000,000 | ---D | M] (No name found) -- G:\Users\Martin\AppData\Roaming\mozilla\Extensions\ideskbrowser@haufe.de [2012/07/06 18:08:21 | 000,000,000 | ---D | M] (No name found) -- G:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\2bb36brz.default\extensions [2012/05/23 23:09:56 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- G:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\2bb36brz.default\extensions\ich@maltegoetz.de [2012/03/24 23:36:53 | 000,000,000 | ---D | M] (No name found) -- G:\Program Files\Mozilla Firefox\extensions [2012/04/20 23:20:50 | 000,000,000 | ---D | M] (Skype Click to Call) -- G:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012/05/12 19:21:17 | 000,097,208 | ---- | M] (Mozilla Foundation) -- G:\Program Files\mozilla firefox\components\browsercomps.dll [2012/03/17 12:39:38 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- G:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2012/03/24 23:36:48 | 000,001,392 | ---- | M] () -- G:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012/03/24 23:36:48 | 000,002,252 | ---- | M] () -- G:\Program Files\mozilla firefox\searchplugins\bing.xml [2012/03/24 23:36:48 | 000,001,153 | ---- | M] () -- G:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012/03/24 23:36:48 | 000,006,805 | ---- | M] () -- G:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012/03/24 23:36:48 | 000,001,178 | ---- | M] () -- G:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012/03/24 23:36:48 | 000,001,105 | ---- | M] () -- G:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - homepage: hxxp://www.google.com/ CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}, CHR - homepage: hxxp://www.google.com/ CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = G:\Users\Martin\AppData\Local\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = G:\Users\Martin\AppData\Local\Google\Chrome\Application\20.0.1132.57\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = G:\Users\Martin\AppData\Local\Google\Chrome\Application\20.0.1132.57\gcswf32.dll CHR - plugin: Shockwave Flash (Disabled) = G:\Users\Martin\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = G:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll CHR - plugin: Skype Toolbars (Enabled) = G:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = G:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = G:\Program Files\Java\jre6\bin\plugin2\npjp2.dll CHR - plugin: Microsoft Office 2003 (Enabled) = G:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL CHR - plugin: Adobe Acrobat (Enabled) = G:\Program Files\Mozilla Firefox\plugins\nppdf32.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = G:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = G:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = G:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = G:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = G:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = G:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = G:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll CHR - plugin: DivX Player Netscape Plugin (Enabled) = G:\Programme\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll CHR - plugin: Orbit Downloader (Enabled) = G:\Users\Martin\AppData\Local\Google\Chrome\Application\plugins\nporbit.dll CHR - plugin: RIM Handheld Application Loader (Enabled) = G:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll CHR - plugin: Google Earth Plugin (Enabled) = G:\Program Files\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Update (Enabled) = G:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Harmony Firefox Plugin (Enabled) = G:\Program Files\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll CHR - plugin: Silverlight Plug-In (Enabled) = G:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll CHR - plugin: BlackBerry AppWorld (Enabled) = G:\Program Files\Research In Motion Limited\BlackBerry App World Browser Plugin\npappworld.dll CHR - plugin: VLC Web Plugin (Enabled) = G:\Program Files\VideoLAN\VLC\npvlc.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = G:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: iTunes Application Detector (Enabled) = G:\Program Files\iTunes\Mozilla Plugins\npitunes.dll CHR - Extension: YouTube = G:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Adblock Plus (Beta) = G:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.2_0\ CHR - Extension: Google-Suche = G:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: Die Siedler Online = G:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijmhcglhfdnepmdeelgjfdjckclajkha\1.0.1_0\ CHR - Extension: Skype Click to Call = G:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\ CHR - Extension: Google Maps = G:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh\5.2.4_0\ CHR - Extension: AVG Do Not Track = G:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.0.0.2166_0\ CHR - Extension: Google Mail = G:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2011/11/01 17:15:38 | 000,000,854 | ---- | M]) - G:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 activate.adobe.com O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - G:\Program Files\Orbitdownloader\orbitcth.dll (Orbitdownloader.com) O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - G:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - G:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - G:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - G:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - G:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - G:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - G:\Program Files\Orbitdownloader\GrabPro.dll () O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - G:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKCU\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - G:\Program Files\Orbitdownloader\GrabPro.dll () O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Acrobat Assistant 8.0] G:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.) O4 - HKLM..\Run: [AllShareAgent] G:\Program Files\Samsung\AllShare\AllShareAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKLM..\Run: [APSDaemon] G:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [AVG_TRAY] G:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [LexwareInfoService] G:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Haufe-Lexware GmbH & Co. KG) O4 - HKLM..\Run: [PWRISOVM.EXE] G:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.) O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] G:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited) O4 - HKLM..\Run: [StartCCC] G:\Program Files\ATI\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [TrayServer] G:\Program Files\MAGIX\Video_deluxe_17_Premium_Download-Version\Trayserver.exe (MAGIX AG) O4 - HKCU..\Run: [AnyDVD] G:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe (SlySoft, Inc.) O4 - HKCU..\Run: [PureSync] G:\Program Files\PureSync\PureSyncTray.exe (Jumping Bytes) O4 - HKCU..\Run: [Steam] "J:\Steam\Steam.exe" -silent File not found O4 - HKCU..\Run: [Xvid] G:\Program Files\Xvid\CheckUpdate.exe () O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] G:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware (cleanup)] G:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll (Malwarebytes Corporation) O4 - Startup: G:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Server4PC.lnk = G:\Program Files\TechniSat DVB\bin\Server4PC.exe (TechniSat Digital, S.A.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0 O8 - Extra context menu item: &Download by Orbit - G:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: &Grab video by Orbit - G:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - G:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Do&wnload selected by Orbit - G:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: Down&load all by Orbit - G:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: In Adobe PDF konvertieren - G:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - G:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - G:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O9 - Extra Button: @G:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - G:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @G:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - G:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - G:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - G:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - G:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - G:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 0.0.0.0 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{32D1B32D-1E3D-4E60-9EB4-35A17E650A21}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D862476E-33DA-4984-AB9F-E51E31F5632E}: DhcpNameServer = 0.0.0.0 O18 - Protocol\Handler\haufereader - No CLSID value found O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - G:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - G:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - G:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20 - AppInit_DLLs: (AnyDiscHelp.dll) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - G:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (G:\Windows\system32\userinit.exe) - G:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - G:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008/12/07 22:31:39 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - G:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{07212baf-96ca-11e1-8b04-002354083de4}\Shell - "" = AutoRun O33 - MountPoints2\{07212baf-96ca-11e1-8b04-002354083de4}\Shell\AutoRun\command - "" = J:\pushinst.exe O33 - MountPoints2\{1c5f7181-7d40-11df-a3f5-002354083de4}\Shell - "" = AutoRun O33 - MountPoints2\{1c5f7181-7d40-11df-a3f5-002354083de4}\Shell\AutoRun\command - "" = P:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (G:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012/07/16 13:43:50 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- G:\Windows\System32\drivers\mbamswissarmy.sys [2012/07/16 13:43:50 | 000,000,000 | ---D | C] -- G:\Users\Martin\AppData\Roaming\Malwarebytes [2012/07/16 13:43:40 | 000,000,000 | ---D | C] -- G:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012/07/16 13:43:40 | 000,000,000 | ---D | C] -- G:\ProgramData\Malwarebytes [2012/07/16 13:43:39 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- G:\Windows\System32\drivers\mbam.sys [2012/07/16 13:43:39 | 000,000,000 | ---D | C] -- G:\Program Files\Malwarebytes' Anti-Malware [2012/07/13 13:40:48 | 002,382,848 | ---- | C] (Microsoft Corporation) -- G:\Windows\System32\mshtml.tlb [2012/07/13 13:40:47 | 001,800,192 | ---- | C] (Microsoft Corporation) -- G:\Windows\System32\jscript9.dll [2012/07/13 13:40:47 | 000,176,640 | ---- | C] (Microsoft Corporation) -- G:\Windows\System32\ieui.dll [2012/07/13 13:40:47 | 000,142,848 | ---- | C] (Microsoft Corporation) -- G:\Windows\System32\ieUnatt.exe [2012/07/13 13:40:47 | 000,065,024 | ---- | C] (Microsoft Corporation) -- G:\Windows\System32\jsproxy.dll [2012/07/13 13:40:46 | 001,427,968 | ---- | C] (Microsoft Corporation) -- G:\Windows\System32\inetcpl.cpl [2012/07/13 13:40:46 | 000,231,936 | ---- | C] (Microsoft Corporation) -- G:\Windows\System32\url.dll [2012/07/13 13:38:36 | 002,345,984 | ---- | C] (Microsoft Corporation) -- G:\Windows\System32\win32k.sys [2012/07/13 13:38:02 | 000,805,376 | ---- | C] (Microsoft Corporation) -- G:\Windows\System32\cdosys.dll [2012/07/13 13:37:58 | 000,002,048 | ---- | C] (Microsoft Corporation) -- G:\Windows\System32\msxml3r.dll [2012/07/13 13:37:57 | 000,219,136 | ---- | C] (Microsoft Corporation) -- G:\Windows\System32\ncrypt.dll [2012/07/12 22:50:49 | 000,000,000 | ---D | C] -- G:\Users\Martin\Documents\ArmA 2 Other Profiles [2012/07/08 14:00:24 | 000,000,000 | ---D | C] -- G:\Users\Martin\AppData\Roaming\TS3Client [2012/07/08 13:59:45 | 000,000,000 | ---D | C] -- G:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client [2012/07/06 20:31:04 | 000,000,000 | ---D | C] -- G:\Users\Martin\AppData\Local\ArmA 2 OA [2012/07/06 18:08:16 | 000,000,000 | ---D | C] -- G:\ProgramData\Microsoft\Windows\Start Menu\Programs\Orbit [2012/07/06 11:10:31 | 000,000,000 | ---D | C] -- G:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG [2012/06/30 14:57:14 | 000,000,000 | ---D | C] -- G:\ProgramData\Microsoft\Windows\Start Menu\Programs\PureSync [2012/06/30 14:37:28 | 002,422,272 | ---- | C] (Microsoft Corporation) -- G:\Windows\System32\wucltux.dll [2012/06/30 14:37:28 | 000,045,080 | ---- | C] (Microsoft Corporation) -- G:\Windows\System32\wups2.dll [2012/06/30 14:37:22 | 000,577,048 | ---- | C] (Microsoft Corporation) -- G:\Windows\System32\wuapi.dll [2012/06/30 14:37:22 | 000,088,576 | ---- | C] (Microsoft Corporation) -- G:\Windows\System32\wudriver.dll [2012/06/30 14:37:22 | 000,035,864 | ---- | C] (Microsoft Corporation) -- G:\Windows\System32\wups.dll [2012/06/30 14:37:14 | 000,171,904 | ---- | C] (Microsoft Corporation) -- G:\Windows\System32\wuwebv.dll [2012/06/30 14:37:14 | 000,033,792 | ---- | C] (Microsoft Corporation) -- G:\Windows\System32\wuapp.exe [2012/06/23 16:05:35 | 000,000,000 | ---D | C] -- G:\Users\Martin\AppData\Local\Macromedia ========== Files - Modified Within 30 Days ========== [2012/07/16 15:09:05 | 000,054,016 | ---- | M] () -- G:\Windows\System32\drivers\yrjqvosb.sys [2012/07/16 15:00:00 | 000,001,124 | ---- | M] () -- G:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4004331714-992687181-2945927093-1001UA.job [2012/07/16 14:56:00 | 000,001,098 | ---- | M] () -- G:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012/07/16 14:55:00 | 000,000,884 | ---- | M] () -- G:\Windows\tasks\Adobe Flash Player Updater.job [2012/07/16 13:44:04 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- G:\Windows\System32\drivers\mbamswissarmy.sys [2012/07/16 13:43:40 | 000,001,036 | ---- | M] () -- G:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012/07/16 13:42:56 | 004,503,728 | ---- | M] () -- G:\ProgramData\to_r0tsef.pad [2012/07/16 13:37:05 | 000,001,094 | ---- | M] () -- G:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012/07/16 10:41:34 | 000,016,944 | -H-- | M] () -- G:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/07/16 10:41:34 | 000,016,944 | -H-- | M] () -- G:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/07/16 10:37:03 | 101,553,324 | ---- | M] () -- G:\Windows\System32\drivers\AVG\incavi.avm [2012/07/16 10:33:36 | 000,067,584 | --S- | M] () -- G:\Windows\bootstat.dat [2012/07/16 10:33:34 | 2616,496,128 | -HS- | M] () -- G:\hiberfil.sys [2012/07/14 17:57:15 | 000,720,996 | ---- | M] () -- G:\Windows\System32\perfh007.dat [2012/07/14 17:57:15 | 000,661,704 | ---- | M] () -- G:\Windows\System32\perfh009.dat [2012/07/14 17:57:15 | 000,158,094 | ---- | M] () -- G:\Windows\System32\perfc007.dat [2012/07/14 17:57:15 | 000,130,408 | ---- | M] () -- G:\Windows\System32\perfc009.dat [2012/07/13 20:00:00 | 000,001,072 | ---- | M] () -- G:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4004331714-992687181-2945927093-1001Core.job [2012/07/13 17:36:02 | 000,431,568 | ---- | M] () -- G:\Windows\System32\FNTCACHE.DAT [2012/07/12 20:55:13 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- G:\Windows\System32\FlashPlayerApp.exe [2012/07/12 20:55:13 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- G:\Windows\System32\FlashPlayerCPLApp.cpl [2012/07/12 20:02:10 | 000,002,409 | ---- | M] () -- G:\Users\Martin\Desktop\Google Chrome.lnk [2012/07/08 13:59:45 | 000,000,764 | ---- | M] () -- G:\Users\Public\Desktop\TeamSpeak 3 Client.lnk [2012/07/06 18:08:16 | 000,000,978 | ---- | M] () -- G:\Users\Martin\Desktop\Orbit.lnk [2012/07/06 11:10:31 | 000,000,920 | ---- | M] () -- G:\Users\Public\Desktop\AVG 2012.lnk [2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- G:\Windows\System32\drivers\mbam.sys [2012/06/30 14:57:14 | 000,000,864 | ---- | M] () -- G:\Users\Public\Desktop\PureSync.lnk [2012/06/29 00:39:37 | 000,178,357 | ---- | M] () -- G:\Windows\System32\drivers\AVG\iavichjg.avm ========== Files Created - No Company Name ========== [2012/07/16 15:09:05 | 000,054,016 | ---- | C] () -- G:\Windows\System32\drivers\yrjqvosb.sys [2012/07/16 13:43:40 | 000,001,036 | ---- | C] () -- G:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012/07/16 11:31:04 | 004,503,728 | ---- | C] () -- G:\ProgramData\to_r0tsef.pad [2012/07/08 13:59:45 | 000,000,764 | ---- | C] () -- G:\Users\Public\Desktop\TeamSpeak 3 Client.lnk [2012/07/06 11:34:05 | 000,000,884 | ---- | C] () -- G:\Windows\tasks\Adobe Flash Player Updater.job [2011/06/14 21:23:56 | 000,645,632 | ---- | C] () -- G:\Windows\System32\xvidcore.dll [2011/06/14 21:23:56 | 000,240,640 | ---- | C] () -- G:\Windows\System32\xvidvfw.dll [2011/03/05 15:52:23 | 000,080,896 | ---- | C] () -- G:\Windows\System32\RDVGHelper.exe [2011/03/05 15:51:48 | 000,066,048 | ---- | C] () -- G:\Windows\System32\PrintBrmUi.exe [2011/01/03 23:19:00 | 000,022,328 | ---- | C] () -- G:\Windows\System32\drivers\PnkBstrK.sys [2011/01/03 23:18:45 | 000,022,328 | ---- | C] () -- G:\Users\Martin\AppData\Roaming\PnkBstrK.sys [2011/01/03 23:18:16 | 000,103,736 | ---- | C] () -- G:\Windows\System32\PnkBstrB.exe [2011/01/03 23:18:15 | 000,669,184 | ---- | C] () -- G:\Windows\System32\pbsvc.exe [2011/01/03 23:18:15 | 000,066,872 | ---- | C] () -- G:\Windows\System32\PnkBstrA.exe [2010/11/07 01:02:02 | 000,015,873 | ---- | C] () -- G:\Windows\System32\Inetde.dll [2010/10/14 02:36:44 | 000,179,263 | ---- | C] () -- G:\Windows\System32\xlive.dll.cat [2010/08/29 21:32:08 | 000,000,056 | -H-- | C] () -- G:\ProgramData\ezsidmv.dat [2010/08/25 21:41:10 | 000,001,436 | ---- | C] () -- G:\Users\Martin\.recently-used.xbel [2010/08/10 18:07:02 | 000,000,142 | ---- | C] () -- G:\Users\Martin\AppData\Roaming\default.rss [2010/07/23 21:41:30 | 000,000,032 | ---- | C] () -- G:\Windows\CD_Start.INI [2010/07/21 22:06:54 | 000,116,224 | ---- | C] () -- G:\Windows\System32\pdfcmnnt.dll [2010/07/04 20:53:54 | 000,006,266 | -HS- | C] () -- G:\ProgramData\KGyGaAvL.sys [2010/07/04 20:53:54 | 000,000,008 | RHS- | C] () -- G:\ProgramData\D0F605A352.sys [2010/04/29 17:20:36 | 000,000,040 | -HS- | C] () -- G:\ProgramData\.zreglib [2010/04/09 15:16:05 | 000,030,208 | ---- | C] () -- G:\Users\Martin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010/04/06 13:38:34 | 000,007,597 | ---- | C] () -- G:\Users\Martin\AppData\Local\Resmon.ResmonCfg [2010/03/15 15:53:13 | 000,032,768 | ---- | C] () -- G:\Program Files\FritzReNew.exe [2010/03/13 15:14:30 | 000,001,385 | ---- | C] () -- G:\Users\Martin\AppData\Roaming\mdbu.bin < End of report > Für schnelle Hilfe vorab vielen Dank. Snoopy (alias Martin) |
| Themen zu GVU Trojaner 2.07 - Win7 32 BIT Ultimate - Logfiles anbei |
| .dll, 32 bit, adblock, adobe, avg, bho, bonjour, branding, browser, ccc.exe, ctfmon.lnk, defender, desktop, downloader, dringend, explorer, firefox, flash player, format, google earth, helper, heuristiks/extra, heuristiks/shuriken, homepage, hängen, langs, logfile, microsoft office 2003, mom.exe, mozilla, plug-in, poweriso, registry, searchscopes, software, staropen, taskhost.exe, teamspeak, temp, trojaner, usb, win7 32 bit |
Baum-Darstellung