Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
GVU Trojaner Windows7 32bit

GVU Trojaner Windows7 32bit


Log-Analyse und Auswertung: GVU Trojaner Windows7 32bit

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 01.08.2012, 09:13   #1
Hompen
 
GVU Trojaner Windows7 32bit - Standard

GVU Trojaner Windows7 32bit


Hallo, der PC meiner Eltern hat sich eine GVU Trojaner eingefangen und nun versuche ich mit meinem - zugegebenermaßen - Halbwissen diesen zu flicken.

Habe versucht ihn mit Kaspersky Windows Unlocker zu entsperren um anschliessend die wichtigsten Daten zu sichern befor ich das System neu aufsetzen werde (müssen) - Dies leider ohne Erfolg.

Daher hier mein diversen txt files:
OTL:
Code:
ATTFilter
OTL logfile created on: 31.07.2012 20:21:52 - Run 1
OTL by OldTimer - Version 3.2.55.0     Folder = C:\Users\****\Desktop
 Professional  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,61 Gb Available Physical Memory | 86,90% Memory free
6,00 Gb Paging File | 5,63 Gb Available in Paging File | 93,97% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 454,29 Gb Total Space | 349,05 Gb Free Space | 76,84% Space Free | Partition Type: NTFS
 
Computer Name: *****-PC | User Name: **** | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.07.31 20:14:41 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\****\Desktop\OTL.exe
PRC - [2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2009.01.15 13:45:34 | 000,181,248 | ---- | M] () -- C:\Windows\System32\txmlutil.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012.07.27 11:39:40 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.12.02 05:11:59 | 000,136,784 | ---- | M] (Samsung Electronics) [On_Demand | Stopped] -- C:\Windows\System32\SUPDSvc2.exe -- (Samsung UPD Service2)
SRV - [2011.05.21 06:01:00 | 002,214,504 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011.02.09 15:15:41 | 002,480,048 | ---- | M] (Acronis) [Auto | Stopped] -- C:\Programme\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv)
SRV - [2010.12.10 19:30:50 | 000,086,880 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2010.12.10 19:29:30 | 029,293,408 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- c:\Programme\SQL2005EXP\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$DWINSTANCE01)
SRV - [2010.12.10 19:29:30 | 000,238,944 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- c:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2010.12.10 19:29:30 | 000,044,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Programme\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)
SRV - [2010.09.21 15:03:14 | 001,710,464 | ---- | M] (Microsoft Corp.) [Auto | Stopped] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010.07.29 18:57:34 | 000,248,936 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010.02.01 02:01:02 | 000,661,176 | ---- | M] (Acronis) [Auto | Stopped] -- C:\Programme\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2010.01.20 15:27:24 | 001,622,320 | ---- | M] (Acronis Inc.) [Auto | Stopped] -- C:\Program Files\Acronis Backup and Security\Acronis Backup and Security 2010\vsserv.exe -- (VSSERV)
SRV - [2009.12.10 18:02:32 | 000,331,616 | ---- | M] (Acronis Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Acronis Backup and Security\Acronis Backup and Security Update Service\livesrv.exe -- (LIVESRV)
SRV - [2009.12.10 18:01:56 | 000,181,600 | ---- | M] (Acronis Inc. hxxp://www.acronis.com/homecomputing/products/antivirus) [On_Demand | Stopped] -- C:\Programme\Common Files\Acronis Backup and Security\Acronis Backup and Security Arrakis Server\bin\arrakis3.exe -- (Arrakis3)
SRV - [2009.11.19 15:00:04 | 000,311,296 | ---- | M] (Acronis Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Acronis Backup and Security\Acronis Backup and Security Threat Scanner\scan.dll -- (scan)
SRV - [2009.10.24 03:18:54 | 000,360,224 | ---- | M] (Sony Corporation) [Auto | Stopped] -- C:\Programme\Sony\Kamera\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2009.07.14 03:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.07.14 03:14:47 | 001,121,280 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2003.07.28 12:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\ADMINI~1\AppData\Local\Temp\cpuz134\cpuz134_x32.sys -- (cpuz134)
DRV - [2011.05.21 06:01:00 | 010,589,800 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2011.02.09 15:15:42 | 000,160,288 | ---- | M] (Acronis) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\afcdp.sys -- (afcdp)
DRV - [2011.02.09 15:15:39 | 000,911,680 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\tdrpm258.sys -- (tdrpman258)
DRV - [2011.02.09 15:15:35 | 000,581,984 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\timntr.sys -- (timounter)
DRV - [2011.02.09 15:15:27 | 000,163,904 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\snapman.sys -- (snapman)
DRV - [2010.06.22 00:07:37 | 000,105,576 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2010.01.04 19:41:24 | 000,079,368 | ---- | M] (BitDefender LLC) [Kernel | System | Stopped] -- C:\Programme\Common Files\Acronis Backup and Security\Acronis Backup and Security Firewall\bdfwfpf.sys -- (bdfwfpf)
DRV - [2009.12.31 11:22:09 | 000,295,936 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\vpcvmm.sys -- (vpcvmm)
DRV - [2009.11.10 18:04:14 | 000,152,456 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\bdfm.sys -- (BDFM)
DRV - [2009.11.10 17:14:22 | 000,054,912 | ---- | M] (BitDefender) [Kernel | On_Demand | Stopped] -- C:\Programme\Acronis Backup and Security\Acronis Backup and Security 2010\bdselfpr.sys -- (BDSelfPr)
DRV - [2009.10.19 17:04:00 | 000,072,200 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- C:\Windows\System32\drivers\BdfNdisf6.sys -- (bdfndisf)
DRV - [2009.09.23 03:19:31 | 000,055,040 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV - [2009.09.23 03:18:08 | 000,078,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vpcusb.sys -- (vpcusb)
DRV - [2009.09.23 03:18:07 | 000,165,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpchbus.sys -- (vpcbus)
DRV - [2009.09.22 09:22:06 | 000,083,208 | ---- | M] (BitDefender) [Kernel | Auto | Stopped] -- C:\Programme\Acronis Backup and Security\Acronis Backup and Security 2010\bdvedisk.sys -- (BDVEDISK)
DRV - [2009.08.27 17:28:44 | 000,014,720 | ---- | M] (BitDefender S.R.L.) [Kernel | On_Demand | Stopped] -- C:\Programme\Common Files\Acronis Backup and Security\Acronis Backup and Security Threat Scanner\profos.sys -- (Profos)
DRV - [2009.07.24 12:26:08 | 000,285,704 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) [File_System | Boot | Stopped] -- C:\Windows\System32\drivers\bdfsfltr.sys -- (bdfsfltr)
DRV - [2009.07.14 03:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2009.07.14 03:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2009.07.14 03:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2009.07.14 01:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009.07.14 01:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2009.07.10 06:44:52 | 000,122,880 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService)
DRV - [2009.05.07 04:22:06 | 000,039,808 | ---- | M] (BitDefender S.R.L.) [Kernel | On_Demand | Stopped] -- C:\Programme\Common Files\Acronis Backup and Security\Acronis Backup and Security Threat Scanner\trufos.sys -- (Trufos)
DRV - [2006.09.18 14:05:30 | 000,041,984 | ---- | M] (Samsung Electronics Co., Ltd.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\DGIVECP.SYS -- (DgiVecp)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\URLSearchHook: {03fee850-0101-4e9e-b6d4-6fc74d3db360} - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{8355CFDD-F1A7-4CAC-B746-F868516AF8C6}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=MNMTDF&pc=MANM&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2412158
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.google.de/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\..\URLSearchHook: {03fee850-0101-4e9e-b6d4-6fc74d3db360} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {349523AC-38F8-4042-A116-1E06A154CDDC}
IE - HKCU\..\SearchScopes\{349523AC-38F8-4042-A116-1E06A154CDDC}: "URL" = hxxp://www.google.de/search?q={searchTerms}&rlz=1I7ADSA_de
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2412158
IE - HKCU\..\SearchScopes\{EFA598D4-61A9-484A-9747-AB70A41929A0}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=F63C4AE1-B6AE-434A-B16A-A508926D0372&apn_sauid=13F5BE0F-7566-434C-9BEB-DDE7BB6DDE37
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.2.72: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.2.72: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.2.72: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.2.72: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.2.72: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.02.14 21:40:17 | 000,000,000 | ---D | M]
 
 
========== Chrome  ==========
 
CHR - homepage: hxxp://www.google.com
 
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (no name) - {03fee850-0101-4e9e-b6d4-6fc74d3db360} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Acronis Toolbar) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Programme\Acronis Backup and Security\Acronis Backup and Security 2010\ietoolbar.dll (BitDefender S.R.L.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ACAgent] C:\Program Files\Acronis Backup and Security\Acronis Backup and Security 2010\bdagent.exe (Acronis Inc.)
O4 - HKLM..\Run: [Acronis Antiphishing Helper] C:\Program Files\Acronis Backup and Security\Acronis Backup and Security 2010\IEShow.exe (Acronis Inc.)
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [PDFPrint] C:\Programme\PDF24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Programme\Sony\Kamera\PMBVolumeWatcher.exe (Sony Corporation)
O4 - HKLM..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe ()
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O13 - gopher Prefix: missing
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{01654E26-BAD1-44BB-A12B-2EC86CB3D40C}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F0EBE922-E952-45B2-B7F1-C74D50C638C9}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.07.31 20:14:22 | 000,597,504 | ---- | C] (OldTimer Tools) -- C:\Users\****\Desktop\OTL.exe
[2012.07.31 17:13:27 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0
[2012.07.27 09:20:32 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{2D517E97-0BAA-4E07-A5C8-CA68F107E8CD}
[2012.07.27 09:19:50 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{B94C5DD1-6937-4D24-8860-5AEE46887F47}
[2012.07.19 09:14:49 | 000,000,000 | ---D | C] -- C:\windows\System32\SPReview
[2012.07.13 09:59:12 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\CrashDumps
[2012.07.12 19:37:30 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{959D19E7-9540-4074-A41D-7F59EDF7DEF0}
[2012.07.05 19:28:26 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{AA6D5B7B-315C-4148-AC86-F102BA8B9212}
 
========== Files - Modified Within 30 Days ==========
 
[2012.07.31 20:17:42 | 000,000,000 | ---- | M] () -- C:\Users\****\defogger_reenable
[2012.07.31 20:15:31 | 000,302,592 | ---- | M] () -- C:\Users\****\Desktop\trjppjhq.exe
[2012.07.31 20:14:41 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\****\Desktop\OTL.exe
[2012.07.31 20:14:00 | 000,050,477 | ---- | M] () -- C:\Users\****\Desktop\Defogger.exe
[2012.07.31 20:08:26 | 000,065,536 | ---- | M] () -- C:\windows\System32\Ikeext.etl
[2012.07.31 20:08:24 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012.07.31 20:08:18 | 2414,678,016 | -HS- | M] () -- C:\hiberfil.sys
[2012.07.31 20:07:35 | 000,000,132 | ---- | M] () -- C:\windows\System32\rezumatenoi.dat
[2012.07.31 20:07:25 | 000,001,098 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.07.31 20:06:59 | 000,001,094 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.07.31 18:59:23 | 000,016,768 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.31 18:59:23 | 000,016,768 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.31 18:58:35 | 004,503,728 | ---- | M] () -- C:\ProgramData\ras_0oed.pad
[2012.07.31 13:37:10 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2012.07.31 09:42:21 | 000,001,883 | ---- | M] () -- C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
[2012.07.13 16:02:52 | 008,958,710 | ---- | M] () -- C:\windows\System32\perfh007.dat
[2012.07.13 16:02:52 | 003,083,004 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2012.07.13 16:02:52 | 002,749,610 | ---- | M] () -- C:\windows\System32\perfc007.dat
[2012.07.13 16:02:52 | 002,447,796 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2012.07.13 08:39:22 | 000,289,008 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
 
========== Files Created - No Company Name ==========
 
[2012.07.31 20:17:42 | 000,000,000 | ---- | C] () -- C:\Users\****\defogger_reenable
[2012.07.31 20:15:31 | 000,302,592 | ---- | C] () -- C:\Users\****\Desktop\trjppjhq.exe
[2012.07.31 20:14:00 | 000,050,477 | ---- | C] () -- C:\Users\****\Desktop\Defogger.exe
[2012.07.31 09:42:20 | 004,503,728 | ---- | C] () -- C:\ProgramData\ras_0oed.pad
[2012.07.31 09:42:20 | 000,001,883 | ---- | C] () -- C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
[2012.04.20 11:33:02 | 000,349,264 | ---- | C] () -- C:\windows\System32\UPDIO2.dll
[2012.04.20 11:33:01 | 000,261,712 | ---- | C] () -- C:\windows\SUPDRun.exe
[2012.04.20 11:33:01 | 000,151,552 | ---- | C] () -- C:\windows\System32\spd__ci.exe
[2012.04.20 11:33:01 | 000,024,064 | ---- | C] () -- C:\windows\System32\spd__l.dll
[2011.07.18 08:57:39 | 000,000,400 | ---- | C] () -- C:\windows\ODBC.INI
[2011.05.08 08:59:18 | 000,000,000 | ---- | C] () -- C:\Users\****\AppData\Local\{A7C87768-1FE0-480F-A0BA-EEF75FE0E5B6}
[2011.02.17 16:02:48 | 000,462,848 | ---- | C] () -- C:\windows\ssndii.exe
[2011.02.16 14:51:37 | 000,000,000 | ---- | C] () -- C:\windows\System32\wsbl.dat
[2011.02.16 14:51:37 | 000,000,000 | ---- | C] () -- C:\windows\System32\ph_white.dat
[2011.02.16 14:51:37 | 000,000,000 | ---- | C] () -- C:\windows\System32\ph_summ.dat
[2011.02.16 14:51:37 | 000,000,000 | ---- | C] () -- C:\windows\System32\ph_black.dat
[2011.02.16 14:51:37 | 000,000,000 | ---- | C] () -- C:\windows\System32\pcwords2.dat
[2011.02.16 14:51:37 | 000,000,000 | ---- | C] () -- C:\windows\System32\pcwords.dat
[2011.02.16 14:15:23 | 000,000,132 | ---- | C] () -- C:\windows\System32\rezumatenoi.dat
[2011.02.09 15:25:45 | 000,000,016 | ---- | C] () -- C:\windows\System32\asdict.dat
[2011.02.09 15:25:45 | 000,000,004 | ---- | C] () -- C:\windows\System32\aspdict-en.dat
[2011.01.24 09:56:47 | 000,140,288 | ---- | C] () -- C:\windows\System32\igfxtvcx.dll
[2011.01.24 09:36:23 | 000,080,416 | ---- | C] () -- C:\windows\System32\RtNicProp32.dll
 
========== LOP Check ==========
 
[2011.02.09 15:45:33 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Acronis
[2011.02.09 15:13:50 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Acronis Backup and Security
[2012.02.14 21:59:26 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\RPPrivate
[2011.07.18 08:50:26 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\SoftGrid Client
[2011.07.09 09:47:45 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\TeamViewer
[2011.02.09 12:59:16 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\TP
[2011.06.03 16:13:43 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Windows Live Writer
[2011.09.14 21:07:01 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\WordToPDF
[2012.07.27 08:59:03 | 000,032,632 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
Extra.txt:
Code:
ATTFilter
OTL Extras logfile created on: 31.07.2012 20:21:52 - Run 1
OTL by OldTimer - Version 3.2.55.0     Folder = C:\Users\****\Desktop
 Professional  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,61 Gb Available Physical Memory | 86,90% Memory free
6,00 Gb Paging File | 5,63 Gb Available in Paging File | 93,97% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 454,29 Gb Total Space | 349,05 Gb Free Space | 76,84% Space Free | Partition Type: NTFS
 
Computer Name: *****-PC | User Name: **** | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0759201C-4BD0-4F9E-BE3D-B167D4F3EA67}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{10EA10E3-2A95-49B2-ABAE-B399E21AC849}" = rport=138 | protocol=17 | dir=out | app=system | 
"{17661162-3CB2-4E66-83BC-45F52EEE99E7}" = rport=445 | protocol=6 | dir=out | app=system | 
"{3B07B2BE-5859-4897-BC8F-6B1994FA663D}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{42CE550B-1B42-4678-8CE4-5CCF0F0188B6}" = lport=137 | protocol=17 | dir=in | app=system | 
"{4A0D575B-978F-487D-B6F0-818FC78F005B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{4D3FC748-03DF-45A1-A141-195050354FB3}" = lport=445 | protocol=6 | dir=in | app=system | 
"{686D484C-3DD2-41C9-8AAC-3568E97FF8AF}" = rport=137 | protocol=17 | dir=out | app=system | 
"{75A26AB2-498D-4459-8C2E-E3D1E02C29B2}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{8F80435B-3DA7-49FC-A282-7356FFC81049}" = lport=138 | protocol=17 | dir=in | app=system | 
"{963C5484-0B25-480E-ADFB-BD7585982939}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{A58F8B41-6387-43BB-A6C6-4107263D1179}" = rport=139 | protocol=6 | dir=out | app=system | 
"{C6717BE3-E7EC-4A92-9612-0AD8A5F31E8C}" = lport=139 | protocol=6 | dir=in | app=system | 
"{E201BCB3-289B-48E2-9706-90EAE0D61434}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0BE82F52-B34E-4B67-AF04-B91F68B89113}" = protocol=6 | dir=in | app=c:\windows\system32\supdsvc2.exe | 
"{1DD1C213-DDDE-4FE3-B277-D9616DBC3083}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{59B10ED6-255D-4B81-900E-BA1A98978647}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | 
"{78B6A2FD-803B-4904-BF16-8C9E1C8133DF}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{AEF73F75-0E1D-42B0-BB2E-18842A159AE6}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{CA2C6505-F81E-4BE6-9D78-85499190257A}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{E264D6A2-AF3C-419E-A2F5-E49A15DC9F1F}" = protocol=17 | dir=in | app=c:\windows\system32\supdsvc2.exe | 
"TCP Query User{066185A9-0B0C-43A5-98C5-47D1582E470C}C:\program files\dtm2009\dwrun.exe" = protocol=6 | dir=in | app=c:\program files\dtm2009\dwrun.exe | 
"TCP Query User{10DB78BB-8210-4FCE-9329-F1188768C343}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{3EC305AE-C231-4F8F-B8BC-BCA0D94C35B2}C:\program files\dtm2009\dw.exe" = protocol=6 | dir=in | app=c:\program files\dtm2009\dw.exe | 
"UDP Query User{1546EAC9-4CE0-4CFA-82EE-1964B0AD7C69}C:\program files\dtm2009\dwrun.exe" = protocol=17 | dir=in | app=c:\program files\dtm2009\dwrun.exe | 
"UDP Query User{25928F8F-4E66-475F-8DA8-E5EEBEC4D1D3}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{29D3EDCF-1134-42B2-A23F-939079761C77}C:\program files\dtm2009\dw.exe" = protocol=17 | dir=in | app=c:\program files\dtm2009\dw.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (DWINSTANCE01)
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}" = Microsoft SQL Server Native Client
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{7ED39639-9464-43A6-94DA-535F4EF2A940}" = Acronis Backup and Security 2010
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 3.5.3
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.3.5
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}" = PMB
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C7FDDBC6-6BAA-4B9B-B560-A43BBC802411}_is1" = DTM2009 4.0.1252.2
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E7084B89-69E0-46B3-A118-8F99D06988CD}" = Microsoft SQL Server VSS Writer
"{EF1F8765-BEBF-47A0-BA04-DE99E0E392F2}" = Acronis*True*Image*Home
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"2DC0AA065FA83047D7ECD51C7000C1620D79A4C5" = Windows-Treiberpaket - FTDI CDM Driver Package (02/17/2009 2.04.16)
"51A4D522DD31538335EF5736F0E7F588C70BCB12" = Windows-Treiberpaket - FTDI CDM Driver Package (02/17/2009 2.04.16)
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Google Chrome" = Google Chrome
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Profi cash" = Profi cash
"RealoreStudios Toolbar" = RealoreStudios Toolbar
"RealPlayer 15.0" = RealPlayer
"Roads of Rome 2_is1" = Roads of Rome 2
"Samsung SCX-4200 Series" = Samsung SCX-4200 Series
"Samsung Universal Print Driver" = Samsung Universal Print Driver
"TVWiz" = Intel(R) TV Wizard
"WinLiveSuite" = Windows Live Essentials
"WordToPDF_is1" = WordToPDF 2.4
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 31.07.2012 07:38:35 | Computer Name = ****-PC | Source = MSSQL$DWINSTANCE01 | ID = 8313
Description = Error in mapping SQL Server performance object/counter indexes to 
object/counter names. SQL Server performance counters are disabled.
 
Error - 31.07.2012 07:38:35 | Computer Name = ****-PC | Source = MSSQL$DWINSTANCE01 | ID = 3409
Description = Performance counter shared memory setup failed with error -1. Reinstall
 sqlctr.ini for this instance, and ensure that the instance login account has correct
 registry permissions.
 
Error - 31.07.2012 12:56:59 | Computer Name = ****-PC | Source = MSSQL$DWINSTANCE01 | ID = 8313
Description = Error in mapping SQL Server performance object/counter indexes to 
object/counter names. SQL Server performance counters are disabled.
 
Error - 31.07.2012 12:56:59 | Computer Name = ****-PC | Source = MSSQL$DWINSTANCE01 | ID = 3409
Description = Performance counter shared memory setup failed with error -1. Reinstall
 sqlctr.ini for this instance, and ensure that the instance login account has correct
 registry permissions.
 
Error - 31.07.2012 13:00:11 | Computer Name = ****-PC | Source = MSSQL$DWINSTANCE01 | ID = 8313
Description = Error in mapping SQL Server performance object/counter indexes to 
object/counter names. SQL Server performance counters are disabled.
 
Error - 31.07.2012 13:00:11 | Computer Name = ****-PC | Source = MSSQL$DWINSTANCE01 | ID = 3409
Description = Performance counter shared memory setup failed with error -1. Reinstall
 sqlctr.ini for this instance, and ensure that the instance login account has correct
 registry permissions.
 
Error - 31.07.2012 13:02:47 | Computer Name = ****-PC | Source = MSSQL$DWINSTANCE01 | ID = 8313
Description = Error in mapping SQL Server performance object/counter indexes to 
object/counter names. SQL Server performance counters are disabled.
 
Error - 31.07.2012 13:02:47 | Computer Name = ****-PC | Source = MSSQL$DWINSTANCE01 | ID = 3409
Description = Performance counter shared memory setup failed with error -1. Reinstall
 sqlctr.ini for this instance, and ensure that the instance login account has correct
 registry permissions.
 
Error - 31.07.2012 14:07:01 | Computer Name = ****-PC | Source = MSSQL$DWINSTANCE01 | ID = 8313
Description = Error in mapping SQL Server performance object/counter indexes to 
object/counter names. SQL Server performance counters are disabled.
 
Error - 31.07.2012 14:07:01 | Computer Name = ****-PC | Source = MSSQL$DWINSTANCE01 | ID = 3409
Description = Performance counter shared memory setup failed with error -1. Reinstall
 sqlctr.ini for this instance, and ensure that the instance login account has correct
 registry permissions.
 
[ System Events ]
Error - 31.07.2012 14:13:52 | Computer Name = ****-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 31.07.2012 14:17:14 | Computer Name = ****-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 31.07.2012 14:17:14 | Computer Name = ****-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 31.07.2012 14:17:14 | Computer Name = ****-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 31.07.2012 14:19:20 | Computer Name = ****-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 31.07.2012 14:19:20 | Computer Name = ****-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 31.07.2012 14:19:20 | Computer Name = ****-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 31.07.2012 14:24:20 | Computer Name = ****-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 31.07.2012 14:24:20 | Computer Name = ****-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 31.07.2012 14:24:20 | Computer Name = ****-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
 
< End of report >
Gmer.txt: hier bin ich mir nicht ganz sicher ob ich richtig vorgegangen bin, als die Häckenchen zu entfernen waren. Habe sie bei IAT/EAT, Show all herausgenommen und bei der Systempartition (C gelassen. Da hat sich der Scan aufgehängt. Habe dann nochmals - ohne Häkchen bei der C: partition laufen lassen und hier das Ergebnis:
Code:
ATTFilter
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-07-31 20:56:43
Windows 6.1.7600  Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD5000AAKS-00UU3A0 rev.01.03B01
Running: trjppjhq.exe; Driver: C:\Users\****\AppData\Local\Temp\ufdiqpod.sys


---- Kernel code sections - GMER 1.0.15 ----

.text           ntkrnlpa.exe!ZwRollbackTransaction + 13E9  82895599 1 Byte  [06]
.text           ntkrnlpa.exe!KiDispatchInterrupt + 5A2     828BA092 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}

---- Devices - GMER 1.0.15 ----

AttachedDevice  \FileSystem\Ntfs \Ntfs                     tdrpm258.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1     tdrpm258.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1     fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1     rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1     snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2     tdrpm258.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2     fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2     rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2     snapman.sys (Acronis Snapshot API/Acronis)

Device          \Driver\ACPI_HAL \Device\0000004a          halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----
ich hoffe mir kann hier einer helfen und schon mal Danke für die Mühen.
Gruss Hompen.

 

Themen zu GVU Trojaner Windows7 32bit
7-zip, autorun, bho, entfernen, error, excel, failed, firefox, flash player, format, homepage, iexplore.exe, install.exe, kaspersky, locker, logfile, neu aufsetzen, nvidia update, object, plug-in, realtek, registry, rundll, scan, security, server, software, svchost.exe, system, system neu, trojaner, trojaner windows7, windows, windows unlocker


« Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde blockiert | Live Security Platinum »


Ähnliche Themen: GVU Trojaner Windows7 32bit


  1. GVU Trojaner Windows 7 32bit
    Plagegeister aller Art und deren Bekämpfung - 05.09.2013 (28)
  2. GVU Trojaner - abgesicherter Modus funktioniert nicht - Windows7 32bit - Daten sichern
    Log-Analyse und Auswertung - 30.08.2013 (19)
  3. GVU-Trojaner - Windows XP 32Bit
    Plagegeister aller Art und deren Bekämpfung - 04.07.2013 (39)
  4. GVU Trojaner, Vista 32bit
    Log-Analyse und Auswertung - 13.06.2013 (33)
  5. BKA-Trojaner auf Vista-32bit PC mit XP als 2. BS
    Plagegeister aller Art und deren Bekämpfung - 11.05.2013 (23)
  6. Windows7 (wahrscheinlich 32Bit Version) zeigt einen weissen Bildschirm nach der Benutzeranmeldung
    Plagegeister aller Art und deren Bekämpfung - 19.04.2013 (10)
  7. GVU Trojaner Windows XP 32bit
    Plagegeister aller Art und deren Bekämpfung - 08.03.2013 (15)
  8. GVU Trojaner WinVista 32bit
    Log-Analyse und Auswertung - 22.01.2013 (3)
  9. GVU 2.11 Trojaner Win Vista 32bit
    Log-Analyse und Auswertung - 17.01.2013 (5)
  10. Trojaner GVU vista 32bit
    Plagegeister aller Art und deren Bekämpfung - 12.12.2012 (8)
  11. Win7 32bit GVU Trojaner
    Plagegeister aller Art und deren Bekämpfung - 17.10.2012 (3)
  12. GVU Trojaner 2.07 Windows 7 32bit
    Log-Analyse und Auswertung - 26.09.2012 (9)
  13. GVU Trojaner auf Win7 32bit
    Log-Analyse und Auswertung - 11.09.2012 (7)
  14. GUV Trojaner auf XPsp3 32bit
    Log-Analyse und Auswertung - 29.08.2012 (13)
  15. AKM Trojaner und OTLPENet.exe win xp 32bit
    Log-Analyse und Auswertung - 29.05.2012 (1)
  16. #GEMA-Virus 100€ zahlen // Windows7 Home 32bit
    Plagegeister aller Art und deren Bekämpfung - 05.04.2012 (14)
  17. BKA Trojaner (mahmud.exe) win xp sp3 32bit
    Log-Analyse und Auswertung - 23.10.2011 (1)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema GVU Trojaner Windows7 32bit - Hallo, der PC meiner Eltern hat sich eine GVU Trojaner eingefangen und nun versuche ich mit meinem - zugegebenermaßen - Halbwissen diesen zu flicken. Habe versucht ihn mit Kaspersky Windows - GVU Trojaner Windows7 32bit...
Archiv
Du betrachtest: GVU Trojaner Windows7 32bit auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19