Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: GVU Trojaner Windows 7 64 Bit

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 11.08.2012, 16:51   #1
tsarikoff
 
GVU Trojaner Windows 7 64 Bit - Standard

GVU Trojaner Windows 7 64 Bit



Hallo,
ich habe mir leider einen Trojaner geholt. Nach Neustart kann ich auf der Rechner zugreifen, wenn ich aber ins Internet gehe, wird Trojaner sofort aktiv. Malwarebytes scan hat nichts gefunden.
Ich habe nun diesen Forum gefunden und nach Einleitung OTL Scan durchgeführt. Hier ist OTL Logfile:

OTL logfile created on: 11.08.2012 17:32:28 - Run 1
OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\roman\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

7,91 Gb Total Physical Memory | 5,56 Gb Available Physical Memory | 70,27% Memory free
15,82 Gb Paging File | 13,41 Gb Available in Paging File | 84,74% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 454,82 Gb Total Space | 231,35 Gb Free Space | 50,87% Space Free | Partition Type: NTFS
Drive E: | 3,72 Gb Total Space | 3,42 Gb Free Space | 92,05% Space Free | Partition Type: FAT32
Drive Q: | 9,77 Gb Total Space | 0,02 Gb Free Space | 0,20% Space Free | Partition Type: NTFS

Computer Name: ROMAN-RECHNER | User Name: roman | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012.08.11 15:05:02 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\roman\Desktop\OTL.exe
PRC - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011.08.01 21:05:15 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2011.04.21 07:52:51 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2011.04.21 07:52:36 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011.02.24 00:10:24 | 000,212,944 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
PRC - [2011.02.22 05:19:12 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2011.02.22 05:19:08 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2011.02.18 17:30:32 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) -- C:\Windows\SysWOW64\ZoneLabs\vsmon.exe
PRC - [2011.02.18 17:28:38 | 001,043,968 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe
PRC - [2011.02.03 20:44:00 | 000,057,344 | ---- | M] (Lenovo Group Limited) -- C:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exe
PRC - [2011.01.27 13:30:20 | 000,059,240 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\Communications Utility\TPKNRSVC.exe
PRC - [2011.01.27 13:30:18 | 000,041,320 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\Communications Utility\TpKnrres.exe
PRC - [2011.01.27 13:29:32 | 000,040,808 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\Communications Utility\CamMute.exe
PRC - [2011.01.17 05:58:42 | 000,267,624 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\TPONSCR.exe
PRC - [2011.01.07 12:28:42 | 000,446,592 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\SysWOW64\SASrv.exe
PRC - [2010.12.16 19:36:18 | 000,281,448 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\AutoLock\ALCKRESI.exe
PRC - [2010.12.02 05:55:56 | 000,064,440 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe
PRC - [2010.11.25 09:51:34 | 000,028,672 | ---- | M] (Lenovo Group Limited) -- C:\Program Files (x86)\Lenovo\System Update\SUService.exe
PRC - [2010.11.24 09:34:26 | 000,045,496 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\micmute.exe
PRC - [2010.11.21 11:49:24 | 000,247,608 | ---- | M] () -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe
PRC - [2010.04.07 07:37:40 | 000,093,032 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\VIRTSCRL\lvvsst.exe
PRC - [2010.04.01 07:50:46 | 000,043,960 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\VIRTSCRL\virtscrl.exe
PRC - [2010.03.11 14:06:06 | 000,193,824 | ---- | M] (Protexis Inc.) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2009.05.27 22:09:36 | 000,049,976 | ---- | M] () -- C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe
PRC - [2008.01.10 12:13:50 | 000,061,440 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe


========== Modules (No Company Name) ==========

MOD - [2012.08.11 14:10:01 | 000,252,928 | ---- | M] () -- C:\Users\roman\AppData\Local\Temp\update00.b.exe
MOD - [2011.07.29 01:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MOD - [2011.05.26 13:42:00 | 000,067,872 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2010.04.06 09:05:16 | 002,085,888 | ---- | M] () -- C:\Programme\Lenovo\AutoLock\cv210.dll
MOD - [2010.04.06 09:04:06 | 002,201,088 | ---- | M] () -- C:\Programme\Lenovo\AutoLock\cxcore210.dll
MOD - [2009.05.27 22:09:36 | 000,049,976 | ---- | M] () -- C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011.01.13 14:05:46 | 000,047,728 | ---- | M] (Lenovo.) [On_Demand | Stopped] -- C:\Windows\SysNative\TPHDEXLG64.exe -- (TPHDEXLGSVC)
SRV:64bit: - [2010.12.17 07:18:08 | 000,198,784 | ---- | M] (Conexant Systems Inc.) [Auto | Running] -- C:\Windows\SysNative\CxAudMsg64.exe -- (CxAudMsg)
SRV:64bit: - [2010.11.12 11:48:50 | 000,045,928 | ---- | M] (Lenovo.) [Auto | Running] -- C:\Windows\SysNative\ibmpmsvc.exe -- (IBMPMSVC)
SRV - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011.08.01 21:05:15 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.04.21 07:52:51 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.02.24 00:10:24 | 000,212,944 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe -- (jhi_service)
SRV - [2011.02.22 05:19:12 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2011.02.22 05:19:08 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2011.02.18 17:30:32 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\Windows\SysWOW64\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2011.02.15 17:26:18 | 000,822,264 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Programme\CheckPoint\ZAForceField\ISWSVC.exe -- (IswSvc)
SRV - [2011.02.03 20:44:00 | 000,079,208 | ---- | M] (Lenovo) [On_Demand | Stopped] -- C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE -- (Power Manager DBC Service)
SRV - [2011.01.27 13:30:20 | 000,059,240 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\Communications Utility\TPKNRSVC.exe -- (LENOVO.TPKNRSVC)
SRV - [2011.01.27 13:29:32 | 000,040,808 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\Communications Utility\CamMute.exe -- (LENOVO.CAMMUTE)
SRV - [2011.01.07 12:28:42 | 000,446,592 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\SASrv.exe -- (SAService)
SRV - [2010.12.18 15:50:36 | 000,962,848 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Programme\ThinkPad\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2010.12.03 13:01:54 | 000,116,072 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Programme\Lenovo\RapidBoot\HyperW7Svc64.exe -- (HyperW7Svc)
SRV - [2010.12.03 04:00:56 | 000,114,024 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\HOTKEY\tphkload.exe -- (TPHKLOAD)
SRV - [2010.12.02 05:55:56 | 000,064,440 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC)
SRV - [2010.11.25 09:51:34 | 000,028,672 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files (x86)\Lenovo\System Update\SUService.exe -- (SUService)
SRV - [2010.11.24 09:34:26 | 000,045,496 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\HOTKEY\micmute.exe -- (LENOVO.MICMUTE)
SRV - [2010.11.21 11:49:24 | 000,247,608 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2010.11.02 13:49:46 | 001,515,792 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2010.11.02 13:39:08 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Programme\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV - [2010.11.02 13:34:14 | 000,836,880 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2010.09.22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2010.09.21 14:49:00 | 002,286,976 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010.04.07 07:37:40 | 000,093,032 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\VIRTSCRL\lvvsst.exe -- (Lenovo.VIRTSCRLSVC)
SRV - [2010.03.18 23:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.03.11 14:06:06 | 000,193,824 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008.01.10 12:13:50 | 000,061,440 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012.07.03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.08.01 21:05:15 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011.08.01 21:05:15 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011.05.10 08:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011.03.31 01:55:12 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2011.03.31 01:54:36 | 012,262,336 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011.03.24 15:36:20 | 001,576,064 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2011.03.24 12:50:30 | 001,423,408 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.03.04 18:18:42 | 000,166,016 | ---- | M] (Ricoh co.,Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\5U877.sys -- (5U877)
DRV:64bit: - [2011.02.03 20:44:00 | 000,014,960 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\TPPWR64V.SYS -- (TPPWRIF)
DRV:64bit: - [2011.01.13 14:04:20 | 000,139,888 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ApsX64.sys -- (Shockprf)
DRV:64bit: - [2011.01.13 14:02:28 | 000,023,664 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ApsHM64.sys -- (TPDIGIMN)
DRV:64bit: - [2010.12.18 09:58:00 | 000,425,000 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (BTWAMPFL)
DRV:64bit: - [2010.12.18 09:57:34 | 000,039,464 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2010.12.18 09:57:34 | 000,021,416 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2010.12.18 09:57:32 | 000,162,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2010.12.18 09:57:32 | 000,145,960 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2010.12.14 19:12:00 | 000,098,816 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\risdxc64.sys -- (risdxc)
DRV:64bit: - [2010.12.07 13:06:42 | 000,412,776 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010.12.01 05:02:22 | 000,042,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WDKMD.sys -- (wdkmd)
DRV:64bit: - [2010.11.25 07:59:16 | 000,694,888 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RTL8192su.sys -- (RTL8192su)
DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.11.12 11:48:30 | 000,039,024 | ---- | M] (Lenovo.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ibmpmdrv.sys -- (IBMPMDRV)
DRV:64bit: - [2010.11.09 03:16:36 | 008,500,736 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64)
DRV:64bit: - [2010.11.05 16:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010.10.19 09:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010.09.07 07:09:36 | 000,015,472 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\smiifx64.sys -- (lenovo.smi)
DRV:64bit: - [2010.05.15 16:30:52 | 000,458,840 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vsdatant.sys -- (Vsdatant)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 01:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2009.07.02 04:16:02 | 000,040,512 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\psadd.sys -- (psadd)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2011.02.15 17:25:38 | 000,033,528 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\Programme\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL)
DRV - [2010.12.03 13:01:58 | 000,031,592 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Programme\Lenovo\RapidBoot\PHCORE64.sys -- (PHCORE)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {F268617B-6DBA-4390-A88B-90E255BD9881}
IE:64bit: - HKLM\..\SearchScopes\{F268617B-6DBA-4390-A88B-90E255BD9881}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=LEMDF8&pc=MALC&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {23FF8FB5-41B1-423D-8289-59BC0F1736FA}
IE - HKLM\..\SearchScopes\{23FF8FB5-41B1-423D-8289-59BC0F1736FA}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=LEMDF8&pc=MALC&src=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\..\URLSearchHook: - No CLSID value found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\..\SearchScopes,DefaultScope = {23FF8FB5-41B1-423D-8289-59BC0F1736FA}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\PROGRAM FILES\CHECKPOINT\ZAFORCEFIELD\TRUSTCHECKER [2012.03.09 17:31:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker [2011.08.01 18:29:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.03.27 21:29:13 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - homepage: hxxp://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}{google:searchFieldtrialParameter}sou rceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: hxxp://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.75\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.75\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.75\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\roman\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: npFFApi (Enabled) = C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\roman\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\roman\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\roman\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: Google Mail = C:\Users\roman\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (ICQ Sparberater) - {5A0D6E4B-B0DF-4148-8B1E-F7A430FF5E24} - C:\Program Files (x86)\icq\Internet Explorer\icq.dll (solute gmbh)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Programme\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3:64bit: - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O4:64bit: - HKLM..\Run: [ALCKRESI.EXE] C:\Programme\Lenovo\AutoLock\ALCKRESI.exe (Lenovo Group Limited)
O4:64bit: - HKLM..\Run: [ForteConfig] C:\Programme\CONEXANT\ForteConfig\fmapp.exe ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
O4:64bit: - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
O4:64bit: - HKLM..\Run: [LENOVO.TPKNRRES] C:\Programme\Lenovo\Communications Utility\TpKnrres.exe (Lenovo Group Limited)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe (Conexant Systems, Inc.)
O4:64bit: - HKLM..\Run: [TpShocks] C:\Windows\SysNative\TpShocks.exe (Lenovo.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor File not found
O4 - HKLM..\Run: [RotateImage] C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe (Ricoh co.,Ltd.)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKLM..\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll] C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.06.10 18:32:46 | 000,000,049 | -HS- | M] () - Q:\AUTORUN.INF -- [ NTFS ]
O33 - MountPoints2\{2b646754-9907-11e0-82eb-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{2b646754-9907-11e0-82eb-806e6f6e6963}\Shell\AutoRun\command - "" = Q:\LenovoQDrive.exe -- [2009.08.10 23:01:24 | 000,267,576 | -HS- | M] (Lenovo Group Limited)
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012.08.11 16:09:25 | 000,000,000 | ---D | C] -- C:\Users\roman\AppData\Roaming\Malwarebytes
[2012.08.11 16:09:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.08.11 16:09:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.08.11 16:09:09 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.08.11 16:09:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.08.11 16:06:37 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\roman\Desktop\OTL.exe
[2012.08.11 16:06:36 | 010,652,120 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\roman\Desktop\mbam-setup-1.62.0.1300.exe
[2012.08.03 10:53:20 | 000,000,000 | ---D | C] -- C:\Users\roman\Desktop\KletterWald
[2012.07.31 18:05:57 | 000,000,000 | ---D | C] -- C:\Users\roman\Documents\Bluetooth-Exchange-Ordner
[2012.07.29 09:44:58 | 000,000,000 | ---D | C] -- C:\Users\roman\Documents\ForceField Shared Files
[2012.07.28 22:01:02 | 000,000,000 | ---D | C] -- C:\Users\roman\Desktop\alla
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012.08.11 17:30:46 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.08.11 17:30:46 | 000,654,400 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.08.11 17:30:46 | 000,616,242 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.08.11 17:30:46 | 000,130,240 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.08.11 17:30:46 | 000,106,622 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.08.11 17:26:08 | 000,302,592 | ---- | M] () -- C:\Users\roman\Desktop\z8tvxmq6.exe
[2012.08.11 16:39:11 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.08.11 16:27:43 | 000,024,400 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.08.11 16:27:43 | 000,024,400 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.08.11 16:19:18 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.08.11 16:19:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.08.11 16:18:56 | 2077,675,519 | -HS- | M] () -- C:\hiberfil.sys
[2012.08.11 16:17:40 | 004,503,728 | ---- | M] () -- C:\ProgramData\00etadpu.pad
[2012.08.11 16:09:12 | 000,001,124 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.08.11 15:15:24 | 010,652,120 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\roman\Desktop\mbam-setup-1.62.0.1300.exe
[2012.08.11 15:05:02 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\roman\Desktop\OTL.exe
[2012.08.11 14:13:07 | 000,000,466 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2012.08.11 14:10:03 | 000,001,900 | ---- | M] () -- C:\Users\roman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
[2012.07.22 21:20:04 | 000,000,528 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012.08.11 17:26:40 | 000,302,592 | ---- | C] () -- C:\Users\roman\Desktop\z8tvxmq6.exe
[2012.08.11 16:09:12 | 000,001,124 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.08.11 14:10:03 | 004,503,728 | ---- | C] () -- C:\ProgramData\00etadpu.pad
[2012.08.11 14:10:03 | 000,001,900 | ---- | C] () -- C:\Users\roman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
[2012.03.28 16:11:48 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2011.11.09 19:43:33 | 000,000,000 | ---- | C] () -- C:\Users\roman\AppData\Local\{D0696010-3898-4C0C-9A34-820C8509A4D4}
[2011.08.01 17:54:28 | 000,000,103 | ---- | C] () -- C:\Windows\MULTILEX.INI
[2011.06.18 05:17:17 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll
[2011.06.17 19:46:48 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011.06.17 19:46:47 | 000,216,876 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011.06.17 19:46:46 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin

========== LOP Check ==========

[2012.08.08 22:39:11 | 000,000,000 | ---D | M] -- C:\Users\roman\AppData\Roaming\BitTorrent
[2011.08.01 18:29:34 | 000,000,000 | ---D | M] -- C:\Users\roman\AppData\Roaming\CheckPoint
[2012.03.08 21:34:19 | 000,000,000 | ---D | M] -- C:\Users\roman\AppData\Roaming\elsterformular
[2011.08.17 17:11:21 | 000,000,000 | ---D | M] -- C:\Users\roman\AppData\Roaming\EndNote
[2011.08.17 17:12:24 | 000,000,000 | ---D | M] -- C:\Users\roman\AppData\Roaming\GraphPad Software
[2012.04.21 20:57:07 | 000,000,000 | ---D | M] -- C:\Users\roman\AppData\Roaming\ICQ
[2012.04.01 21:22:43 | 000,000,000 | ---D | M] -- C:\Users\roman\AppData\Roaming\PCDr
[2011.08.01 17:54:58 | 000,000,000 | ---D | M] -- C:\Users\roman\AppData\Roaming\PwrMgr
[2012.04.01 21:17:46 | 000,000,000 | ---D | M] -- C:\Users\roman\AppData\Roaming\Update
[2012.07.22 21:20:04 | 000,000,528 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
[2012.05.13 00:16:03 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012.08.11 14:13:07 | 000,000,466 | ---- | M] () -- C:\Windows\Tasks\SystemToolsDailyTest.job

========== Purity Check ==========



< End of report >

Und Extras. txt:

OTL Extras logfile created on: 11.08.2012 17:32:28 - Run 1
OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\roman\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

7,91 Gb Total Physical Memory | 5,56 Gb Available Physical Memory | 70,27% Memory free
15,82 Gb Paging File | 13,41 Gb Available in Paging File | 84,74% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 454,82 Gb Total Space | 231,35 Gb Free Space | 50,87% Space Free | Partition Type: NTFS
Drive E: | 3,72 Gb Total Space | 3,42 Gb Free Space | 92,05% Space Free | Partition Type: FAT32
Drive Q: | 9,77 Gb Total Space | 0,02 Gb Free Space | 0,20% Space Free | Partition Type: NTFS

Computer Name: ROMAN-RECHNER | User Name: roman | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2F1510A3-3DFA-4B13-A7A4-527BEDF37FE3}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{7339A2EB-C936-4786-924F-BF0699A3F6A8}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{EC662574-7E47-437B-96ED-BB134B30650E}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06F3F327-F235-44BF-8EB4-7A4024864931}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe |
"{224719B8-12A3-4457-B886-28E2D9370E81}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{3B11D0AF-8FBC-47FB-95E2-5C52F2DA1805}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{500733BC-3FF7-4095-92F6-974807B37D22}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe |
"{5A86A908-A833-429D-B1D2-227EA34C7D0B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{61E1E2D5-248E-4056-AC78-D957C47643BF}" = dir=in | app=c:\program files (x86)\intel corporation\intel wireless display\widiapp.exe |
"{73DDF45F-02C5-4F6C-8DF5-B042EC14D7EA}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{7597D8A2-9A3E-424C-A7D6-2BE38C608C17}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{93150666-CF4B-4F00-A683-B90F3961B02F}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe |
"{A13B26BB-07B2-42E4-8698-4A8F733AC02B}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{B1E6FB1B-9F5B-4EB7-B332-0EE5C168A993}" = protocol=17 | dir=in | app=c:\windows\syswow64\zonelabs\vsmon.exe |
"{CA078069-3EB7-49AF-9359-26E369C3F29F}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe |
"{E4095B1A-9F9C-47BB-B979-78AAAA50C5EF}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe |
"{E84E733A-75F9-4838-B684-91DE83DCE9EB}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe |
"{E850CF4A-E63E-4F69-99A2-786B613E4A8C}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe |
"{EBE025BC-C52A-45FC-95D3-89E1829C5D8F}" = protocol=6 | dir=in | app=c:\windows\syswow64\zonelabs\vsmon.exe |
"{F0F55007-A350-4CC4-B206-4B601031D9D3}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{26A24AE4-039D-4CA4-87B4-2F86416029FF}" = Java(TM) 6 Update 29 (64-bit)
"{28EF7372-9087-4AC3-9B9F-D9751FCDF830}" = Intel(R) Wireless Display
"{38EEE2A9-AB75-4242-8472-C668FE938B0C}}_is1" = Biogazelle qbasePLUS v2.1 (20110607-1430)
"{439760BC-7737-4386-9B1D-A90A3E8A22EA}" = Apple Mobile Device Support
"{46A84694-59EC-48F0-964C-7E76E9F8A2ED}" = ThinkVantage System für aktiven Festplattenschutz
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{57DD35E9-D9BB-4089-BB05-EF933C586CB3}" = Broadcom InConcert Maestro
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{88C6A6D9-324C-46E8-BA87-563D14021442}_is1" = ThinkVantage Communications Utility
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{AF162E20-417F-4946-A06D-65734984957F}" = Intel(R) PROSet/Wireless WiFi-Software
"{B613A9BB-2B34-4824-A4BE-2427653D59D6}" = iTunes
"{BD19E69F-0F87-46CD-AD8D-7A93903B01AC}" = O&O UnErase
"{C6C9D5F7-630C-4125-8C4E-94AF77C1896E}" = ThinkPad Bluetooth with Enhanced Data Rate Software
"{CA0D2F09-F811-48D4-843E-C87696C6A9D9}" = Bonjour
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E224B44B-B5EB-4af3-A80A-A255358E241A}_is1" = ThinkVantage AutoLock
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"22AF3CC91FBC5231DD5CB8903F03E2AF3E97ADDF" = Windows-Treiberpaket - Realtek (RTL8167) Net (12/06/2010 7.035.1206.2010)
"466E9B20D871055D6D3CDA2CDD1D355E978A61AF" = Windows-Treiberpaket - Lenovo 1.61.00.11 (11/11/2010 1.61.00.11)
"5DF942712DC7660AE4A1B04809A1C3F67B0CA27C" = Windows-Treiberpaket - Synaptics (SynTP) Mouse (03/24/2011 15.2.19.0)
"73C6BE3E3B6FC5418F2B47E6C75F6C8F9552DC12" = Windows-Treiberpaket - Intel (iaStor) hdc (11/06/2010 10.1.0.1008)
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"CCleaner" = CCleaner
"CNXT_AUDIO_HDA" = Conexant HD Audio
"DisableAMTPopup" = Disable AMT Profile Synchronization Pop-up for Windows XP/Vista/7
"EnablePS" = Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7
"LENOVO.SMIIF" = Lenovo System Interface Driver
"LenovoAutoScrollUtility" = Lenovo Auto Scroll Utility
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"OnScreenDisplay" = Anzeige am Bildschirm
"PC-Doctor for Windows" = Lenovo ThinkVantage Toolbox
"Power Management Driver" = ThinkPad Power Management Driver
"ProInst" = Intel PROSet Wireless
"SynTPDeinstKey" = ThinkPad UltraNav Driver
"WinRAR archiver" = WinRAR 4.01 (64-Bit)
"ZoneAlarm Toolbar" = ZoneAlarm Toolbar

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{13F59938-C595-479C-B479-F171AB9AF64F}" = Lenovo User Guide
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{25C64847-B900-48AD-A164-1B4F9B774650}" = System Update
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{35B73650-6899-11DA-6784-00232A9018BE}" = GraphPad Prism 5
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}" = Create Recovery Media
"{50F68032-B5B7-4513-9116-C978DBD8F27A}" = Corel DVD MovieFactory 7
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5A0D6E4B-B0DF-4148-8B1E-F7A430FF5E24}" = ICQ Sparberater
"{5C1F18D2-F6B7-4242-B803-B5A78648185D}" = Corel WinDVD
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{805A7890-3138-44E4-8DAA-480C55516989}" = MainConcept MJPEG Codec Demo
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{86B3F2D6-AC2B-0014-8AE1-F2F77F781B0C}" = EndNote X4
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PROPLUS_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_PROPLUS_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_PROPLUS_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_PROPLUS_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_PROPLUS_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CA0DEE4-E84B-466F-9B96-FC255F3A929F}" = Integrated Camera TWAIN
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A3BE3F1E-2472-4211-8735-E8239BE49D9F}" = Burn.Now 4.5
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.5 - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B2CA6F37-1602-4823-81B5-0384B6888AA6}" = Integrated Camera Driver Installer Package Ver.1.1.0.1147
"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
"{BC61F51E-8AF7-46B9-AF20-B33B5EE81031}" = Nero 7 Essentials
"{C01A86F5-56E7-101F-9BC9-E3F1025EB779}" = Intel(R) Identity Protection Technology 1.1.2.0
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C83D5AA1-6A1F-4102-8F7F-C0230DD31FC0}" = RapidBoot
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}" = ThinkPad Energie-Manager
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EFB21DE7-8C19-4A88-BB28-A766E16493BC}" = Adobe Photoshop CS
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F2004B8D-7791-4B35-A3FA-D8CA8BB4DD81}" = Direct DiscRecorder
"{F84906ED-BB54-4889-B131-FED9C9056FC8}" = Intel(R) Wireless Display
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FD331A3B-F7A5-4C31-B8D4-DF413C85AF7A}" = Message Center Plus
"{FD4EC278-C1B1-4496-99ED-C0BE1B0AA521}" = Lenovo Warranty Information
"{FE041B02-234C-4AAA-9511-80DF6482A458}" = RICOH Media Driver v2.10.18.02
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"BitTorrent" = BitTorrent
"DivX Setup" = DivX-Setup
"E.M. Total Video Player 1.31_is1" = E.M. Total Video Player 1.31
"ElsterFormular 13.1.1.8479p" = ElsterFormular
"Google Chrome" = Google Chrome
"ICQToolbar" = ICQ Toolbar
"InstallShield_{50F68032-B5B7-4513-9116-C978DBD8F27A}" = Corel DVD MovieFactory Lenovo Edition
"InstallShield_{805A7890-3138-44E4-8DAA-480C55516989}" = MainConcept MJPEG Codec Demo
"InstallShield_{A3BE3F1E-2472-4211-8735-E8239BE49D9F}" = Corel Burn.Now Lenovo Edition
"InstallShield_{C83D5AA1-6A1F-4102-8F7F-C0230DD31FC0}" = RapidBoot
"InstallShield_{F2004B8D-7791-4B35-A3FA-D8CA8BB4DD81}" = Direct DiscRecorder
"KLiteCodecPack_is1" = K-Lite Codec Pack 8.6.0 (Full)
"Lenovo Welcome_is1" = Lenovo Welcome
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"MCMJPG" = MainConcept MJPG software codec (Remove Only)
"PROPLUS" = Microsoft Office Professional Plus 2007
"ResearchSoft Direct Export Helper" = ResearchSoft Direct Export Helper
"UnMLDict 2.0r" = Electronic dictionary MultiLex (English-Russian)
"WinLiveSuite" = Windows Live Essentials
"ZoneAlarm" = ZoneAlarm

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 22.07.2012 15:27:55 | Computer Name = roman-rechner | Source = PC-Doctor | ID = 1
Description = (5332) Asapi: (21:27:55:5700)(5332) S3LogPusherPlugin.Helper - Error
-- 334 Unable to storage the test log to medium

Error - 23.07.2012 12:53:23 | Computer Name = roman-rechner | Source = WinMgmt | ID = 10
Description =

Error - 24.07.2012 12:57:25 | Computer Name = roman-rechner | Source = WinMgmt | ID = 10
Description =

Error - 25.07.2012 11:38:55 | Computer Name = roman-rechner | Source = WinMgmt | ID = 10
Description =

Error - 26.07.2012 10:42:06 | Computer Name = roman-rechner | Source = WinMgmt | ID = 10
Description =

Error - 26.07.2012 10:43:11 | Computer Name = roman-rechner | Source = PC-Doctor | ID = 1
Description = (4144) Asapi: (16:43:11:4880)(4144) libTonopahClient.DownloadManager
- Error -- 135 HttpException : Http send request failed: getSystemErrormsg: FormatMessage(12007)
failed with error: 317

Error - 26.07.2012 10:43:11 | Computer Name = roman-rechner | Source = PC-Doctor | ID = 1
Description = (4144) Asapi: (16:43:11:5500)(4144) libTonopahClient.DownloadManager
- Error -- 135 HttpException : Http send request failed: getSystemErrormsg: FormatMessage(12007)
failed with error: 317

Error - 27.07.2012 14:52:12 | Computer Name = roman-rechner | Source = WinMgmt | ID = 10
Description =

Error - 28.07.2012 04:18:44 | Computer Name = roman-rechner | Source = WinMgmt | ID = 10
Description =

Error - 29.07.2012 03:45:08 | Computer Name = roman-rechner | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 08.08.2012 16:39:02 | Computer Name = roman-rechner | Source = DCOM | ID = 10016
Description =

Error - 08.08.2012 16:39:04 | Computer Name = roman-rechner | Source = DCOM | ID = 10016
Description =

Error - 08.08.2012 16:39:06 | Computer Name = roman-rechner | Source = DCOM | ID = 10016
Description =

Error - 08.08.2012 16:39:07 | Computer Name = roman-rechner | Source = DCOM | ID = 10016
Description =

Error - 08.08.2012 16:39:09 | Computer Name = roman-rechner | Source = DCOM | ID = 10016
Description =

Error - 08.08.2012 16:51:32 | Computer Name = roman-rechner | Source = DCOM | ID = 10016
Description =

Error - 08.08.2012 16:51:38 | Computer Name = roman-rechner | Source = DCOM | ID = 10016
Description =

Error - 10.08.2012 12:10:38 | Computer Name = roman-rechner | Source = DCOM | ID = 10016
Description =

Error - 11.08.2012 08:23:00 | Computer Name = roman-rechner | Source = Service Control Manager | ID = 7022
Description = Der Dienst "Windows Update" wurde nicht richtig gestartet.

Error - 11.08.2012 08:43:59 | Computer Name = roman-rechner | Source = Service Control Manager | ID = 7022
Description = Der Dienst "Windows Update" wurde nicht richtig gestartet.


< End of report >



Vielen Dank im Voraus!!!
tsarikoff

Alt 11.08.2012, 17:03   #2
markusg
/// Malware-holic
 
GVU Trojaner Windows 7 64 Bit - Standard

GVU Trojaner Windows 7 64 Bit



hi

dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user.
wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts.


• Starte bitte die OTL.exe
• Kopiere nun das Folgende in die Textbox.



Code:
ATTFilter
:OTL
[2012.08.11 14:10:03 | 000,001,900 | ---- | M] () -- C:\Users\roman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
[2012.08.11 14:10:03 | 004,503,728 | ---- | C] () -- C:\ProgramData\00etadpu.pad
 :Files
:Commands
[Reboot]
         


• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Fix Button.
• OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren.
starte in den normalen modus.

falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden
für eine weitere analyse benötige ich mal folgendes.
c:\Users\name\AppData\LocalLow\Sun\Java\Deployment\cache
dort rechtsklick auf den ordner cache, diesen mit winrar oder einem anderen programm packen, und im upload channel hochladen bitte
Trojaner-Board Upload Channel
wenn dies erledigt ist, bittemelden.
__________________

__________________

Alt 11.08.2012, 17:32   #3
tsarikoff
 
GVU Trojaner Windows 7 64 Bit - Standard

GVU Trojaner Windows 7 64 Bit



Vielen Dank für die schnelle Antwort.

ich habe Fix Funktion in OTL durchgeführt, bin aber nicht sicher ob ich das richtige Textfile gefunden habe. Ich kopiere aber es:

========== OTL ==========
C:\Users\roman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk moved successfully.
C:\ProgramData\00etadpu.pad moved successfully.
========== COMMANDS ==========

OTL by OldTimer - Version 3.2.56.0 log created on 08112012_182006

Cache.rar habe ich bereits hochgeladen.
__________________

Alt 11.08.2012, 17:44   #4
markusg
/// Malware-holic
 
GVU Trojaner Windows 7 64 Bit - Standard

GVU Trojaner Windows 7 64 Bit



wunderbar
Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.
Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 11.08.2012, 18:41   #5
tsarikoff
 
GVU Trojaner Windows 7 64 Bit - Standard

GVU Trojaner Windows 7 64 Bit



Danke noch mal für die Hilfe!
Scan ist jetzt abgeschlossen.
Hier ist ComboFix.txt:

Combofix Logfile:
Code:
ATTFilter
ComboFix 12-08-10.01 - roman 11.08.2012  18:53:07.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.8103.6167 [GMT 2:00]
ausgeführt von:: c:\users\roman\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
FW: ZoneAlarm Firewall *Enabled* {D17DF357-CFF5-F001-D1C1-FCD21DFE3D5E}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Roaming
c:\users\roman\AppData\Local\Temp\update00.b.exe
c:\users\roman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
Q:\Autorun.inf
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-07-11 bis 2012-08-11  ))))))))))))))))))))))))))))))
.
.
2012-08-11 17:35 . 2012-08-11 17:35	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-08-11 16:06 . 2012-08-11 16:06	--------	d-----w-	C:\_OTL
2012-08-11 14:09 . 2012-08-11 14:09	--------	d-----w-	c:\users\roman\AppData\Roaming\Malwarebytes
2012-08-11 14:09 . 2012-08-11 14:09	--------	d-----w-	c:\programdata\Malwarebytes
2012-08-11 14:09 . 2012-08-11 14:09	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2012-08-11 14:09 . 2012-07-03 11:46	24904	----a-w-	c:\windows\system32\drivers\mbam.sys
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-11 23:11 . 2011-08-16 17:59	59701280	----a-w-	c:\windows\system32\MRT.exe
2012-06-12 03:08 . 2012-07-11 23:14	3148800	----a-w-	c:\windows\system32\win32k.sys
2012-06-09 05:43 . 2012-07-11 19:53	14172672	----a-w-	c:\windows\system32\shell32.dll
2012-06-06 06:06 . 2012-07-11 19:53	2004480	----a-w-	c:\windows\system32\msxml6.dll
2012-06-06 06:06 . 2012-07-11 19:53	1881600	----a-w-	c:\windows\system32\msxml3.dll
2012-06-06 06:02 . 2012-07-11 19:53	1133568	----a-w-	c:\windows\system32\cdosys.dll
2012-06-06 05:05 . 2012-07-11 19:53	1390080	----a-w-	c:\windows\SysWow64\msxml6.dll
2012-06-06 05:05 . 2012-07-11 19:53	1236992	----a-w-	c:\windows\SysWow64\msxml3.dll
2012-06-06 05:03 . 2012-07-11 19:53	805376	----a-w-	c:\windows\SysWow64\cdosys.dll
2012-06-02 22:19 . 2012-06-22 06:39	38424	----a-w-	c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-22 06:39	2428952	----a-w-	c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-22 06:39	57880	----a-w-	c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-22 06:39	44056	----a-w-	c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-22 06:39	701976	----a-w-	c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-22 06:39	2622464	----a-w-	c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-22 06:39	99840	----a-w-	c:\windows\system32\wudriver.dll
2012-06-02 13:19 . 2012-06-22 06:38	186752	----a-w-	c:\windows\system32\wuwebv.dll
2012-06-02 13:15 . 2012-06-22 06:38	36864	----a-w-	c:\windows\system32\wuapp.exe
2012-06-02 05:50 . 2012-07-11 19:53	458704	----a-w-	c:\windows\system32\drivers\cng.sys
2012-06-02 05:48 . 2012-07-11 19:53	95600	----a-w-	c:\windows\system32\drivers\ksecdd.sys
2012-06-02 05:48 . 2012-07-11 19:53	151920	----a-w-	c:\windows\system32\drivers\ksecpkg.sys
2012-06-02 05:45 . 2012-07-11 19:53	340992	----a-w-	c:\windows\system32\schannel.dll
2012-06-02 05:44 . 2012-07-11 19:53	307200	----a-w-	c:\windows\system32\ncrypt.dll
2012-06-02 04:40 . 2012-07-11 19:53	22016	----a-w-	c:\windows\SysWow64\secur32.dll
2012-06-02 04:40 . 2012-07-11 19:53	225280	----a-w-	c:\windows\SysWow64\schannel.dll
2012-06-02 04:39 . 2012-07-11 19:53	219136	----a-w-	c:\windows\SysWow64\ncrypt.dll
2012-06-02 04:34 . 2012-07-11 19:53	96768	----a-w-	c:\windows\SysWow64\sspicli.dll
2012-05-15 04:01 . 2012-06-13 18:17	1188864	----a-w-	c:\windows\system32\wininet.dll
2012-05-15 03:59 . 2012-06-13 18:17	64512	----a-w-	c:\windows\system32\jsproxy.dll
2012-05-15 03:03 . 2012-06-13 18:17	981504	----a-w-	c:\windows\SysWow64\wininet.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{5A0D6E4B-B0DF-4148-8B1E-F7A430FF5E24}]
2011-06-30 12:27	50240	----a-w-	c:\program files (x86)\icq\Internet Explorer\icq.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"RotateImage"="c:\program files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe" [2008-10-30 55808]
"PWMTRV"="c:\progra~2\ThinkPad\UTILIT~1\PWMTR64V.DLL" [2011-02-03 1522536]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"ZoneAlarm Client"="c:\program files (x86)\Zone Labs\ZoneAlarm\zlclient.exe" [2011-02-18 1043968]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-04-21 281768]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-07-19 421736]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2011-8-1 113664]
Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2010-12-18 1202976]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-02 135664]
R2 HyperW7Svc;HyperW7 Service;c:\program files\Lenovo\RapidBoot\HyperW7Svc64.exe [2010-12-03 116072]
R3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys [2010-12-18 425000]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-12-18 39464]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-02 135664]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2010-11-02 340240]
R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE [2011-02-03 79208]
R3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys [2010-11-25 694888]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-05-10 51712]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM64.sys [2011-01-13 23664]
S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiifx64.sys [2010-09-07 15472]
S1 PHCORE;PHCORE;c:\program files\Lenovo\RapidBoot\PHCORE64.SYS [2010-12-03 31592]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-04-21 136360]
S2 CxAudMsg;Conexant Audio Message Service;c:\windows\system32\CxAudMsg64.exe [2010-12-17 198784]
S2 ICQ Service;ICQ Service;c:\program files (x86)\ICQ6Toolbar\ICQ Service.exe [2010-11-21 247608]
S2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [2011-02-15 33528]
S2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\IswSvc.exe [2011-02-15 822264]
S2 jhi_service;Intel(R) Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [2011-02-23 212944]
S2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe [2011-01-27 40808]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [2010-11-24 45496]
S2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe [2011-01-27 59240]
S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [2010-04-07 93032]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
S2 risdxc;risdxc;c:\windows\system32\DRIVERS\risdxc64.sys [2010-12-14 98816]
S2 SAService;Conexant SmartAudio service;c:\windows\system32\SAsrv.exe [x]
S2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe [2010-12-03 114024]
S2 TPHKSVC;Anzeige am Bildschirm;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2010-12-02 64440]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-02-22 2656280]
S3 5U877;USB Video Device;c:\windows\system32\DRIVERS\5U877.sys [2011-03-04 166016]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2011-03-30 317440]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-19 56344]
S3 NETwNs64;___ Intel(R) Wireless WiFi Link der Serie 5000 Adaptertreiber für Windows 7 64-Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [2010-11-09 8500736]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-12-07 412776]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [2010-12-01 42392]
.
.
Inhalt des "geplante Tasks" Ordners
.
2012-08-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-02 18:02]
.
2012-08-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-02 18:02]
.
2012-07-22 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\PC-Doctor\uaclauncher.exe [2011-06-27 15:06]
.
2012-08-11 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\PC-Doctor\uaclauncher.exe [2011-06-27 15:06]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-11-02 1933584]
"TpShocks"="TpShocks.exe" [2011-01-14 380776]
"ForteConfig"="c:\program files\Conexant\ForteConfig\fmapp.exe" [2010-10-26 49056]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-03-30 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-03-30 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-03-30 418840]
"LENOVO.TPKNRRES"="c:\program files\Lenovo\Communications Utility\TPKNRRES.exe" [2011-01-27 41320]
"ALCKRESI.EXE"="c:\program files\Lenovo\AutoLock\ALCKRESI.EXE" [2010-12-16 281448]
"ISW"="c:\program files\CheckPoint\ZAForceField\ForceField.exe" [2011-02-15 1123320]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2011-04-26 310912]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.de/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files (x86)\ICQ7.5\ICQ.exe
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-08-11  19:37:43
ComboFix-quarantined-files.txt  2012-08-11 17:37
.
Vor Suchlauf: 12 Verzeichnis(se), 255.981.944.832 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 255.893.450.752 Bytes frei
.
- - End Of File - - 2F5064E93B9DAA03249867D6709E8662
         
--- --- ---


Alt 13.08.2012, 19:14   #6
tsarikoff
 
GVU Trojaner Windows 7 64 Bit - Standard

GVU Trojaner Windows 7 64 Bit



Der Rechner funktioniert jetzt gut. Ist es aber jetzt sauber?
Ich wäre für weitere Hilfe sehr dankbar!

Alt 17.08.2012, 19:39   #7
markusg
/// Malware-holic
 
GVU Trojaner Windows 7 64 Bit - Standard

GVU Trojaner Windows 7 64 Bit



hi
lade den CCleaner standard:
CCleaner Download - CCleaner 3.21.1767
falls der CCleaner
bereits instaliert, überspringen.
instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 17.08.2012, 21:36   #8
tsarikoff
 
GVU Trojaner Windows 7 64 Bit - Standard

GVU Trojaner Windows 7 64 Bit



Danke für die Antwort.

Viele Programme, die bei dem Laptop vorinstalliert waren, habe ich noch nie benutzt, ich habe sie aber trotzdem als notwendig markiert



Adobe Flash Player 11 ActiveX 64-bit Adobe Systems Incorporated 13.12.2011 6,00MB 11.1.102.55 notwendig
Adobe Photoshop CS Adobe Systems, Inc. 01.08.2011 CS notwendig
Adobe Reader 9.4.5 - Deutsch Adobe Systems Incorporated 15.08.2011 243MB 9.4.5 notwendig
Anzeige am Bildschirm 17.06.2011 6.23.00 unbekannt
Apple Application Support Apple Inc. 01.08.2011 50,9MB 1.5.2 notwendig
Apple Mobile Device Support Apple Inc. 01.08.2011 22,6MB 3.4.1.2 notwendig
Apple Software Update Apple Inc. 01.08.2011 2,38MB 2.1.3.127 notwendig
Avira AntiVir Personal - Free Antivirus Avira GmbH 13.02.2012 77,3MB 10.2.0.707 notwendig
Biogazelle qbasePLUS v2.1 (20110607-1430) 25.11.2011 notwendig
BitTorrent 01.08.2011 7.2.1 notwendig
Bonjour Apple Inc. 01.08.2011 1,53MB 3.0.0.2 unbekannt
Broadcom InConcert Maestro Broadcom Corporation 17.06.2011 645KB 1.0.1.1500 unbekannt
CCleaner Piriform 24.07.2012 3.21 notwendig
Conexant HD Audio Conexant 01.04.2012 8.32.27.0 notwendig
Corel Burn.Now Lenovo Edition Corel Corporation 17.06.2011 80,9MB 4.5.0 notwendig
Corel DVD MovieFactory Lenovo Edition Corel Corporation 17.06.2011 318MB 7.0.0 notwendig
Corel WinDVD Corel Inc. 17.06.2011 301MB 10.0.5.828 notwendig
Create Recovery Media Lenovo Group Limited 17.06.2011 8,05MB 1.20.0.00 notwendig
Disable AMT Profile Synchronization Pop-up for Windows XP/Vista/7 17.06.2011 1.00unbekannt
DivX-Setup DivX, LLC 27.03.2012 2.6.1.8 notwendig
E.M. Total Video Player 1.31 EffectMatrix Inc. 01.08.2011 notwendig
Electronic dictionary MultiLex (English-Russian) 01.08.2011 notwendig
ElsterFormular Landesfinanzdirektion Thüringen 08.03.2012 160MB 13.1.1.8479p notwendig
EndNote X4 Thomson Reuters 17.08.2011 60,7MB 14.0.0.4845 notwendig
Google Chrome Google Inc. 02.08.2011 21.0.1180.79 notwendig
GraphPad Prism 5 GraphPad Software 17.08.2011 5.01 notwendig
ICQ Sparberater solute gmbh 01.08.2011 30,0KB 1.0.601 unnötig
ICQ Toolbar ICQ 01.08.2011 3.0.0 unnötig
ICQ7.5 ICQ 01.08.2011 7.5 notwendig
Integrated Camera Driver Installer Package Ver.1.1.0.1147 RICOH 17.06.2011 1.1.0.1147 notwendig
Integrated Camera TWAIN Chicony Electronics Co.,Ltd. 17.06.2011 1.0.11.1223 notwendig
Intel(R) Control Center Intel Corporation 17.06.2011 1.2.1.1007 notwendig
Intel(R) Identity Protection Technology 1.1.2.0 Intel Corporation 17.06.2011 1,13MB 1.1.2.0 notwendig
Intel(R) Management Engine Components Intel Corporation 17.06.2011 7.0.0.1144 notwendig
Intel(R) Processor Graphics Intel Corporation 17.06.2011 8.15.10.2342 notwendig
Intel(R) PROSet/Wireless WiFi-Software Intel Corporation 17.06.2011 116MB 14.00.0000 notwendig
Intel(R) Wireless Display Intel Corporation 17.06.2011 119MB 2.0.27.0 notwendig
iTunes Apple Inc. 01.08.2011 142MB 10.4.0.80 notwendig
Java(TM) 6 Update 29 (64-bit) Oracle 25.11.2011 91,6MB 6.0.290 notwendig
Java(TM) 7 Update 5 Oracle 12.08.2012 99,3MB 7.0.50 notwendig
JavaFX 2.1.1 Oracle Corporation 12.08.2012 20,8MB 2.1.1 notwendig
K-Lite Codec Pack 8.6.0 (Full) 28.03.2012 58,3MB 8.6.0 notwendig
Lenovo Auto Scroll Utility 17.06.2011 1.00 notwendig
Lenovo Care System Update 17.06.2011 notwendig
Lenovo System Interface Driver 17.06.2011 1.05 notwendig
Lenovo ThinkVantage Toolbox PC-Doctor, Inc. 01.04.2012 6.0.5849.23 notwendig
Lenovo User Guide Ihr Firmenname 17.06.2011 606KB 1.0.0008.00 notwendig
Lenovo Warranty Information Lenovo 17.06.2011 861KB 1.0.0005.00 notwendig
Lenovo Welcome Lenovo 17.06.2011 2.02.003.0 notwendig
MainConcept MJPEG Codec Demo MainConcept AG 16.06.2012 108KB 3.02.0004.0000 notwendig
MainConcept MJPG software codec (Remove Only) 16.06.2012 notwendig
Message Center Plus Lenovo Group Limited 17.06.2011 1,70MB 2.0.0012.00 notwendig
Microsoft .NET Framework 4 Client Profile Microsoft Corporation 16.02.2011 38,8MB 4.0.30319 notwendig
Microsoft Office 2010 Microsoft Corporation 17.06.2011 6,40MB 14.0.4763.1000 notwendig
Microsoft Office Professional Plus 2007 Microsoft Corporation 08.03.2012 12.0.6612.1000 notwendig
Microsoft Silverlight Microsoft Corporation 12.05.2012 50,6MB 5.1.10411.0 notwendig
Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Corporation 17.06.2011 1,69MB 3.1.0000 notwendig
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 03.08.2011 300KB 8.0.61001 notwendig
Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Corporation 17.06.2011 832KB 8.0.61000 notwendig
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Corporation 17.06.2011 252KB 9.0.30729 notwendig
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Corporation 17.06.2011 784KB 9.0.30729.4148 notwendig
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Corporation 03.08.2011 788KB 9.0.30729.6161 notwendig
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 17.06.2011 240KB 9.0.30729 notwendig
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 17.06.2011 592KB 9.0.30729.4148 notwendig
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 03.08.2011 600KB 9.0.30729.6161 notwendig
MSXML 4.0 SP2 (KB954430) Microsoft Corporation 03.08.2011 1,27MB 4.20.9870.0 notwendig
MSXML 4.0 SP2 (KB973688) Microsoft Corporation 03.08.2011 1,33MB 4.20.9876.0 notwendig
Nero 7 Essentials Nero AG 01.08.2011 1,13GB 7.03.0188 notwendig
O&O UnErase O&O Software GmbH 01.08.2011 11,5MB 6.0.1857 notwendig
PDFCreator Frank Heindörfer, Philip Chinery 01.08.2011 1.2.2 notwendig
QuickTime Apple Inc. 01.08.2011 73,6MB 7.69.80.9 notwendig
RapidBoot Lenovo 17.06.2011 345KB 1.0 notwendig
Realtek Ethernet Controller Driver Realtek 17.06.2011 7.35.1206.2010 notwendig
Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7 17.06.2011 1.00 unbekannt
ResearchSoft Direct Export Helper 17.08.2011 unbekannt
RICOH Media Driver v2.10.18.02 RICOH 17.06.2011 2.10.18.02 unbekannt
Skype™ 5.5 Skype Technologies S.A. 02.09.2011 17,0MB 5.5.114 notwendig
System Update Lenovo 17.06.2011 11,3MB 4.00.0039 notwendig
ThinkPad Bluetooth with Enhanced Data Rate Software Broadcom Corporation 17.06.2011 229MB 6.4.0.1500 notwendig
ThinkPad Energie-Manager 17.06.2011 3.44 notwendig
ThinkPad Power Management Driver 17.06.2011 1.61.00.11 notwendig
ThinkPad UltraNav Driver 17.06.2011 46,4MB 15.2.19.0 notwendig
ThinkVantage AutoLock Lenovo 17.06.2011 26,0MB 1.00 notwendig
ThinkVantage Communications Utility Lenovo 17.06.2011 12,3MB 2.03 notwendig
ThinkVantage System für aktiven Festplattenschutz Lenovo 17.06.2011 15,6MB 1.74 notwendig
Windows Live Essentials Microsoft Corporation 17.06.2011 15.4.3508.1109 notwendig
Windows Live Mesh ActiveX control for remote connections Microsoft Corporation 17.06.2011 5,57MB 15.4.5722.2 notwendig
Windows-Treiberpaket - Intel (iaStor) hdc (11/06/2010 10.1.0.1008) Intel 17.06.2011 11/06/2010 10.1.0.1008 notwendig
Windows-Treiberpaket - Lenovo 1.61.00.11 (11/11/2010 1.61.00.11) Lenovo 17.06.2011 11/11/2010 1.61.00.11 notwendig
Windows-Treiberpaket - Realtek (RTL8167) Net (12/06/2010 7.035.1206.2010) Realtek 17.06.2011 12/06/2010 7.035.1206.2010 notwendig
Windows-Treiberpaket - Synaptics (SynTP) Mouse (03/24/2011 15.2.19.0) Synaptics 17.06.2011 03/24/2011 15.2.19.0 notwendig
WinRAR 4.01 (64-Bit) win.rar GmbH 01.08.2011 4.01.0 notwendig
ZoneAlarm Check Point, Inc 01.08.2011 9.2.105.000 notwendig
ZoneAlarm Toolbar Check Point Software Technologies 01.08.2011 unnötig

Alt 20.08.2012, 17:27   #9
markusg
/// Malware-holic
 
GVU Trojaner Windows 7 64 Bit - Standard

GVU Trojaner Windows 7 64 Bit



deinstaliere:
Adobe Flash Player alle
Adobe - Adobe Flash Player installieren
neueste version laden
adobe reader:
Adobe - Adobe Reader herunterladen - Alle Versionen
haken bei mcafee security scan raus nehmen

bitte auch mal den adobe reader wie folgt konfigurieren:
adobe reader öffnen, bearbeiten, voreinstellungen.
allgemein:
nur zertifizierte zusatz module verwenden, anhaken.
internet:
hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc.
es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht.
bei javascript den haken bei java script verwenden raus nehmen
bei updater, automatisch instalieren wählen.
übernehmen /ok



deinstaliere:
ICQ Toolbar
ICQ Sparberater
Java(TM) 6 Update 29
ZoneAlarm : verzichte auf firewalls von drittanbietern.
die windows fw ist mehr als ausreichend für privat personen..
öffne dann ccleaner, analysieren starten.
öffne otl, bereinigen, pc startet neu, testen wie er läuft.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Antwort

Themen zu GVU Trojaner Windows 7 64 Bit
antivir, autorun, avira, bho, bonjour, browser, error, failed, festplatte, firefox, flash player, format, gvu trojaner windows 7, home, homepage, install.exe, internet, lenovo, logfile, office 2007, popup, pwmtr64v.dll, realtek, registry, rundll, saving, scan, security, software, trojaner, windows, windows 7 64 bit



Ähnliche Themen: GVU Trojaner Windows 7 64 Bit


  1. Windows 7 SP 1 mit Trojaner infiziert - Windows Update Fehlercode 8007002
    Log-Analyse und Auswertung - 11.09.2015 (60)
  2. Windows 7: Trojaner - Windows Updates, Firewall defekt
    Log-Analyse und Auswertung - 20.03.2015 (24)
  3. Windows 7: Nach BKA Trojaner Fehlermeldung beim Starten, Windows Sicherheitscenter kann nicht gestartet werden
    Log-Analyse und Auswertung - 18.11.2014 (9)
  4. Windows-Verschlüsselungs-Trojaner unter Windows 7 auf einem MAC
    Log-Analyse und Auswertung - 14.06.2012 (3)
  5. windows verschlüsselungs Flirtfever-Trojaner, Windows XP
    Log-Analyse und Auswertung - 13.06.2012 (1)
  6. Nach BKA Trojaner, Windows Firewall deaktiviert sich (Windows XP)
    Plagegeister aller Art und deren Bekämpfung - 10.06.2012 (1)
  7. Willkomen bei Windows Update, Sie haben sich mit einen Windows-Verschlüsselungs Trojaner infiziert.
    Log-Analyse und Auswertung - 06.06.2012 (1)
  8. UKash Windows Secure Trojaner mit Windows XP eingefangen
    Plagegeister aller Art und deren Bekämpfung - 05.06.2012 (1)
  9. Windows Notfall Sicherheits Update Center - Windows XP Trojaner
    Log-Analyse und Auswertung - 21.05.2012 (2)
  10. Windows-Verschlüsselungs-Trojaner unter Windows XP
    Log-Analyse und Auswertung - 16.05.2012 (9)
  11. Windows 7 (64bit) Virus/Trojaner (evtl. Windows Verschlüsselungs Trojaner)
    Plagegeister aller Art und deren Bekämpfung - 07.05.2012 (19)
  12. Windows-Verschlüsselungs Trojaner Windows 7 Starter
    Plagegeister aller Art und deren Bekämpfung - 06.05.2012 (10)
  13. Infiziert mit Windows-Verschlüsselungs Trojaner -Mail mit Telefonrechnung - windows vista
    Plagegeister aller Art und deren Bekämpfung - 06.05.2012 (12)
  14. "Willkommen bei Windows Update Sie haben sich mit einen Windows-Verschlüsselungs Trojaner infiziert.
    Log-Analyse und Auswertung - 27.04.2012 (3)
  15. 'Windows Security Center' Trojaner - Windows-Benutzer gesperrt !
    Log-Analyse und Auswertung - 16.03.2012 (5)
  16. Windows Vista Home Premium 32-Bit Trojaner Windows gesperrt 50€ zahlen.
    Log-Analyse und Auswertung - 23.01.2012 (1)
  17. Trojaner Fake.AV c:\Users\Sexgott\AppData\Roaming\microsoft\Windows\start menu\Programs\windows reco
    Mülltonne - 28.04.2011 (1)

Zum Thema GVU Trojaner Windows 7 64 Bit - Hallo, ich habe mir leider einen Trojaner geholt. Nach Neustart kann ich auf der Rechner zugreifen, wenn ich aber ins Internet gehe, wird Trojaner sofort aktiv. Malwarebytes scan hat nichts - GVU Trojaner Windows 7 64 Bit...
Archiv
Du betrachtest: GVU Trojaner Windows 7 64 Bit auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.