| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: GVU-Trojaner - Ihr Computer wurde gesperrtWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
20.12.2012, 00:36
| #1 |
| |  GVU-Trojaner - Ihr Computer wurde gesperrt Hallo zusammen, ich hatte gestern das Vergüngen und mir den GVU-Trojaner eingefangen. Hinweis auf "Ihr Computer wurde gesperrt" inkl. aktiver Webcam. Nun habe ich im abgesicherten Modus Malwarebytes Anit-Maleware durchgeführt. Hier wurden 4 Objekte gefunden, diese habe ich entfernt. Anschließend habe ich mit OTL einen Scan durchgeführt, wie schon in einigen Threads beschrieben. Ich bitte um Hilfe, um die Schädlinge von meinem Rechner zu verbannen! Besten Dank im Voraus und noch eine angenehme Nacht. Daniel Anbei die drei Logfiles: Code:
ATTFilter Malwarebytes Anti-Malware 1.65.1.1000 www.malwarebytes.org Datenbank Version: v2012.12.19.13 Windows 7 Service Pack 1 x64 NTFS (Abgesichertenmodus/Netzwerkfähig) Internet Explorer 9.0.8112.16421 Daniel :: DANIEL-PC [Administrator] 20.12.2012 00:01:02 mbam-log-2012-12-20 (00-01-02).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 386952 Laufzeit: 8 Minute(n), 11 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 4 C:\Users\Daniel\wgsdgsdgdsgsd.exe (Trojan.FakeMS) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Daniel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36\2b4ec324-790a3228 (Trojan.FakeMS) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\dsgsdgdsgdsgw.pad (Exploit.Drop.GSA) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk (Trojan.Ransom.SUGen) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Code:
ATTFilter OTL Extras logfile created on: 20.12.2012 00:15:00 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Daniel\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,91 Gb Total Physical Memory | 2,94 Gb Available Physical Memory | 75,23% Memory free
7,81 Gb Paging File | 6,91 Gb Available in Paging File | 88,42% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 238,37 Gb Total Space | 80,49 Gb Free Space | 33,77% Space Free | Partition Type: NTFS
Computer Name: DANIEL-PC | User Name: Daniel | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-2883864649-2606499381-2666932441-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [Browse with FastStone] -- "C:\Program Files (x86)\FastStone Image Viewer\FSViewer.exe" "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [MediaMonkey.1Play] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" "%1" (Ventis Media Inc.)
Directory [MediaMonkey.2PlayNext] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" /NEXT "%1" (Ventis Media Inc.)
Directory [MediaMonkey.3Enqueue] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" /ADD "%1" (Ventis Media Inc.)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [Browse with FastStone] -- "C:\Program Files (x86)\FastStone Image Viewer\FSViewer.exe" "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [MediaMonkey.1Play] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" "%1" (Ventis Media Inc.)
Directory [MediaMonkey.2PlayNext] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" /NEXT "%1" (Ventis Media Inc.)
Directory [MediaMonkey.3Enqueue] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" /ADD "%1" (Ventis Media Inc.)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{AA0F8851-DB47-4CC7-B313-85C34730D0C5}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"TCP Query User{705F5829-F303-44A6-A1B7-9693A38E039E}C:\users\daniel\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\daniel\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{F5B82FC0-539D-48DD-9087-D343307C3DD9}C:\users\daniel\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\daniel\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{6E13B606-E37D-4E45-835B-29397B1D6F24}C:\users\daniel\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\daniel\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{9E9BAFBD-69DB-4219-A204-959B705C5339}C:\users\daniel\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\daniel\appdata\roaming\dropbox\bin\dropbox.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{13F4A7F3-EABC-4261-AF6B-1317777F0755}" = Fast Boot
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{26A24AE4-039D-4CA4-87B4-2F86417007FF}" = Java 7 Update 7 (64-bit)
"{28EF7372-9087-4AC3-9B9F-D9751FCDF830}" = Intel(R) Wireless Display
"{33B98264-A889-4913-A0CA-C364A75032B3}" = ASUS Power4Gear Hybrid
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{48C0866E-57EB-444C-8371-8E4321066BC3}" = Network64
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{7791308C-85FB-43B9-93F2-7DE9CB7D5C4A}" = HP Officejet 6000 E609 Series
"{7AB6F8D7-7804-4662-BE8C-1AFCCD602D9F}" = Microsoft-Maus- und Tastatur-Center
"{7CE8BE79-ABC3-4B2C-9543-28ED2B0A9EA8}" = Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}" = Überwachungstool für die Intel® Turbo-Boost-Technik 2.0
"{BE930E38-7BB3-45B6-85B2-5251F374F844}" = 64 Bit HP CIO Components Installer
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{CED739E0-FCE3-46A9-9F0E-C641D8A842C0}" = Fresco Logic USB3.0 Host Controller
"{ECC7F2EE-ECE6-4082-8588-50415A40AB0F}" = AuthenTec TrueSuite
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"HP Imaging Device Functions" = HP Imaging Device Functions 14.0
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0
"HPExtendedCapabilities" = HP Customer Participation Program 14.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Mouse and Keyboard Center" = Microsoft-Maus- und Tastatur-Center
"Opera 12.50.1497" = Opera Next 12.50 internal build 1497
"Shop for HP Supplies" = Shop for HP Supplies
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinRAR archiver" = WinRAR 4.20 (64-Bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0DD706AF-B542-438C-999E-B30C7F625C8D}" = Intel(R) WiDi
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery
"{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 9
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{3EC62F67-DDFA-434C-9610-1FDF71B8F1D4}" = BPDSoftware_Ini
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5172E572-C175-4F80-A6D5-5CB45826AD61}" = SceneSwitch
"{5230AAA6-C417-47CA-8028-EF8133B984A6}" = 6000E609a
"{5B025634-7D5B-4B8D-BE2A-7943C1CF2D5D}" = Status
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{71CEED82-6D60-4DB7-A351-3564A87F7C96}" = 6000E609_eDocs
"{74DC0593-6BC6-4001-AD5F-D810AFB68D86}" = HP Update
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{8150221C-8F7E-4997-AD4E-AFDEE7F4B410}" = Wireless Console 3
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{878CADF7-5BD6-4A29-A6F4-AC51C0CE8068}" = Alcor Micro USB Card Reader
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.SingleImage_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D393A06-B96D-473A-0001-5A4713FCA3A6}" = android converter
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}" = ATK Package
"{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}" = HPSSupply
"{AC76BA86-1033-F400-7760-000000000005}" = Adobe Acrobat X Pro - English, Français, Deutsch
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{AECA3622-E634-4A55-A696-70A511CBE06E}" = ASUS USB Charger Plus
"{B93DCF58-AA57-41EC-8D69-B05C66C6312D}_is1" = SUPER © v2012.build.51 (April 7, 2012) Version v2012.build.51
"{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2
"{BC5DD87B-0143-4D14-AAE6-97109614DC6B}" = SolutionCenter
"{BC86554D-C2D3-4F4C-BA73-C3889250104C}" = Snap.Do
"{c5b74464-3a04-417c-9eee-d0dc7d6af196}" = TubeBox
"{C809442E-31F0-418C-A929-74453B741A7B}" = ProductContext
"{CBE7EB3D-FBD9-4c74-8156-082D055C0354}" = BPDSoftware
"{CCF298AF-9CE1-4B26-B251-486E98A34789}" = Windows 7 USB/DVD Download Tool
"{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch
"{D6C3C9E7-D334-4918-BD57-5B1EF14C207D}" = Bing Bar
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{DF0EBC9C-E2AC-4319-9C69-DC473BBDA319}" = DxO Optics Pro 6
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{DFE645FA-57F3-4EE8-8DD4-7521660D9C30}_is1" = MediaMonkey Remote Server version 1.4.176A
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F45BEC1B-DE2A-4F47-81E7-042D0C29CD09}" = TubeBox
"{F4BD608A-8296-43DA-A400-1E8432AB1304}" = 6000E609_Help
"{F8A10A25-D8DD-4661-9A1E-7F6DBAAA3C5E}" = inSSIDer
"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"Avira AntiVir Desktop" = Avira Free Antivirus
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"FastStone Image Viewer" = FastStone Image Viewer 4.6
"FastStone Photo Resizer" = FastStone Photo Resizer 3.1
"Free YouTube Download_is1" = Free YouTube Download version 3.1.30.627
"Greenshot_is1" = Greenshot
"InstallShield_{878CADF7-5BD6-4A29-A6F4-AC51C0CE8068}" = Alcor Micro USB Card Reader
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"MediaMonkey_is1" = MediaMonkey 4.0
"MozBackup" = MozBackup 1.5.1
"Mozilla Firefox 18.0 (x86 de)" = Mozilla Firefox 18.0 (x86 de)
"Mozilla Thunderbird 17.0 (x86 de)" = Mozilla Thunderbird 17.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MPE" = MyPhoneExplorer
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"PanoramaStudio" = PanoramaStudio 1.2 (deinstallieren)
"Picasa 3" = Picasa 3
"uTorrent" = µTorrent
"VLC media player" = VLC media player 2.0.2
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-2883864649-2606499381-2666932441-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Avira SearchFree Toolbar plus Web Protection Updater
"Dropbox" = Dropbox
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 15.12.2012 05:31:52 | Computer Name = Daniel-PC | Source = WinMgmt | ID = 10
Description =
Error - 15.12.2012 05:43:12 | Computer Name = Daniel-PC | Source = WinMgmt | ID = 10
Description =
Error - 15.12.2012 10:46:37 | Computer Name = Daniel-PC | Source = WinMgmt | ID = 10
Description =
Error - 16.12.2012 06:15:18 | Computer Name = Daniel-PC | Source = WinMgmt | ID = 10
Description =
Error - 16.12.2012 14:53:06 | Computer Name = Daniel-PC | Source = WinMgmt | ID = 10
Description =
Error - 17.12.2012 14:34:44 | Computer Name = Daniel-PC | Source = WinMgmt | ID = 10
Description =
Error - 18.12.2012 17:56:40 | Computer Name = Daniel-PC | Source = WinMgmt | ID = 10
Description =
Error - 18.12.2012 19:09:05 | Computer Name = Daniel-PC | Source = WinMgmt | ID = 10
Description =
Error - 18.12.2012 19:13:18 | Computer Name = Daniel-PC | Source = WinMgmt | ID = 10
Description =
Error - 19.12.2012 19:01:43 | Computer Name = Daniel-PC | Source = WinMgmt | ID = 10
Description =
[ System Events ]
Error - 15.12.2012 05:43:03 | Computer Name = Daniel-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "HP CUE DeviceDiscovery Service" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1053
Error - 15.12.2012 07:50:49 | Computer Name = Daniel-PC | Source = BTHUSB | ID = 327697
Description = Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen
und wird nicht verwendet. Der Treiber wurde entladen.
Error - 15.12.2012 10:45:51 | Computer Name = Daniel-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
HP CUE DeviceDiscovery Service erreicht.
Error - 15.12.2012 10:45:51 | Computer Name = Daniel-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "HP CUE DeviceDiscovery Service" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1053
Error - 16.12.2012 06:13:31 | Computer Name = Daniel-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
HP CUE DeviceDiscovery Service erreicht.
Error - 16.12.2012 06:13:31 | Computer Name = Daniel-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "HP CUE DeviceDiscovery Service" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1053
Error - 16.12.2012 14:52:47 | Computer Name = Daniel-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
HP CUE DeviceDiscovery Service erreicht.
Error - 16.12.2012 14:52:47 | Computer Name = Daniel-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "HP CUE DeviceDiscovery Service" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1053
Error - 17.12.2012 14:32:57 | Computer Name = Daniel-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
HP CUE DeviceDiscovery Service erreicht.
Error - 17.12.2012 14:32:57 | Computer Name = Daniel-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "HP CUE DeviceDiscovery Service" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1053
< End of report >
 |
| Themen zu GVU-Trojaner - Ihr Computer wurde gesperrt |
| administrator, adobe, avira, avira searchfree toolbar, computer, dsgsdgdsgdsgw.pad, error, excel, exploit.drop.gsa, explorer, flash player, format, gesperrt, home, install.exe, mozilla, nvidia, nvidia update, officejet, opera, photoshop, picasa, realtek, registry, runctf.lnk, rundll, scan, security, server, software, super, udp, usb, wgsdgsdgdsgsd.exe |
Baum-Darstellung