| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: GVU Trojaner 2.07 Windows Vista Home PremiumWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
12.05.2013, 01:20
| #1 |
| |  GVU Trojaner 2.07 Windows Vista Home Premium Hallo liebe Experten, Ich habe hier einen Rechner der von einem GVU Trojaner befallen wurde. Ich konnte anhand der Aufmachung der Geldforderung ausmachen, dass es sich um die Version 2.07 handeln muss. Anleitung mit Kaspersky Rescue CD mit Windowsunlocker habe ich bereits ohne Erfolg durchgeführt. Der abgesicherte Modus lässt sich nicht starten bzw. nur mit Eingabeaufforderung sobald ich explorer.exe starte wird der Rechner sofort heruntergefahren. Das gleiche passiert wenn ich den Safe Mode Normal oder mit Netzwerktreibern starte. Hier sind die Auszüge der OTL und Extras.txt. Ich hoffe Ihr könnt mir weiterhelfen. Vielen Dank soweit. Code:
ATTFilter EXTRAS.TXT
OTL Extras logfile created on: 5/12/2013 3:11:49 AM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Windows Vista (TM) Home Premium Service Pack 2 (Version = 6.0.6002) - Type = System
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 85.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 96.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 325.11 Gb Total Space | 219.09 Gb Free Space | 67.39% Space Free | Partition Type: NTFS
Drive H: | 10.23 Gb Total Space | 1.09 Gb Free Space | 10.68% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [CEWE FOTOSCHAU] -- "C:\Program Files\dm\dm Fotowelt\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [dm Fotowelt] -- "C:\Program Files\dm\dm Fotowelt\dm Fotowelt.exe" "%1" ()
Directory [dm-Fotowelt] -- "C:\Program Files\dm\dm Fotowelt\dm-Fotowelt.exe" "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{054EC923-4B05-D008-CBEC-7403ED383923}" = CCC Help Danish
"{09633A5E-3089-41A8-9FF1-382171423C5D}" = PSSWCORE
"{09AF88A0-1895-E3CE-506A-FBA159EABC90}" = Catalyst Control Center Localization Greek
"{0A2C5854-557E-48C8-835A-3B9F074BDCAA}" = Python 2.5
"{0A3A7A33-B6F5-6643-E98D-0AC5DD6493EE}" = CCC Help Thai
"{0D2E9DCB-9938-475E-B4DD-8851738852FF}" = AIO_Scan
"{0D9ABD1F-786F-0D46-C2B4-9766CC22DFB0}" = Catalyst Control Center Graphics Previews Common
"{0F022A2E-7022-497D-90A5-0F46746D8275}" = Macromedia Extension Manager
"{0FD46238-4C18-5173-D133-B07D93599AC7}" = CCC Help Japanese
"{11BB336F-0E58-4977-B866-F24FA334616B}" = HP Active Support Library
"{15286CC2-DA82-B166-0D49-3AE8EE35ACD3}" = CCC Help Czech
"{15B8AFD9-92E9-4E86-96D9-83FAC510B82E}" = HPPhotoSmartPhotobookWebPack1
"{1CD383EF-2B28-8384-1F08-437965EEE2AC}" = CCC Help Finnish
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"{21B9B213-DE8D-10A6-CC00-7053F449DD9B}" = CCC Help Dutch
"{22F761D1-8063-4170-ADF7-2D2F47834CA9}" = VideoToolkit01
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check
"{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java(TM) 6 Update 33
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9
"{27197499-7680-4208-8FD8-5439CDB0FDC1}" = HPProductAssistant
"{2AFEAA03-2DFE-4519-A629-EDAB6541ABE9}" = HPSSupply
"{2BD5C305-1B27-4D41-B690-7A61172D2FEB}" = Macromedia Flash 8
"{2E4609A3-F5AF-4408-B0C4-B8B84BC753DF}" = Catalyst Control Center - Branding
"{2ED1D587-9CF4-0216-E314-A7F2D245A051}" = Catalyst Control Center Localization Thai
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{31787FDD-D9FB-C812-4A61-93A1C6B61568}" = ATI Catalyst Install Manager
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
"{32622F02-640A-4335-86FF-557325DC39D4}" = PS_AIO_04_C6300_Software_Min
"{3530A86D-0151-BADE-7D8B-2BE5E573B7FE}" = Catalyst Control Center Graphics Full New
"{37F8AD37-33BD-A92F-1C61-F1E3BC257A52}" = CCC Help Korean
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3CB4DE6B-0063-F6CF-4D5E-C5AC574727DB}" = Catalyst Control Center Localization Czech
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth
"{4880CDEC-46B5-ECCB-0629-DCC5B59378BD}" = Catalyst Control Center Localization Chinese Traditional
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A15E552-7701-9671-4A5F-D2AD5D90BD1F}" = Catalyst Control Center Localization Polish
"{4A3D0CF8-60FF-4CEF-91A4-A1F001424602}" = DocProc
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{4F027497-15AE-4DE5-B3BC-8E721C6127DE}" = ccc-Branding
"{4FE36001-30C5-45b5-83FB-17770A55F59E}" = 2500
"{50FF0E66-C30A-66C2-5557-7A7DE87A2A57}" = CCC Help Turkish
"{533A46E3-A450-CD86-E4C2-61CC832149F9}" = Catalyst Control Center Localization Russian
"{537C444C-9FD0-07F4-80BE-292B712FA23E}" = CCC Help Russian
"{54334E35-0C4E-7DDF-C137-7B3009142372}" = Catalyst Control Center Graphics Light
"{5442A47B-0CF1-9928-6B96-98ECED7EC302}" = Skins
"{5840C930-8D3F-797A-42B9-4C3CC4D033FC}" = Catalyst Control Center Localization Korean
"{593A6CAF-E114-4e31-884F-74FF349E8E36}" = SolutionCenter
"{5E32EB1B-4E61-0A50-BEBC-35C856692F26}" = CCC Help Norwegian
"{640A46BE-9E3F-F4CC-29E1-BFC86CCFF16B}" = Catalyst Control Center Localization Chinese Standard
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6CA7D5C7-42EE-4FEF-66E2-403A151CDA83}" = CCC Help Polish
"{70E1E357-E57C-4284-B04E-58196DC27BC1}" = PanoStandAlone
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71A6311C-8903-7B1D-3D1A-0ACF1065BBAE}" = CCC Help German
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7A7DC702-DEDE-42A8-8722-B3BA724D546F}" = Fax
"{7BD42C12-74D1-4804-B24D-D21E25D4E3CF}" = PS_AIO_04_C6300_ProductContext
"{7DD1D7EB-4F6B-411F-43A9-BD6BA5FA44D6}" = Catalyst Control Center Localization Finnish
"{7EE104D6-75B0-9AD7-C6EF-16793F6AF206}" = CCC Help Greek
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}" = Macromedia Flash 8 Video Encoder
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{92ED0BAB-1093-4990-AD55-E00D2FCAE42F}" = 2500Trb
"{948001BB-99F4-BA2C-9B92-044F16DAA35E}" = CCC Help Hungarian
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{9885A11E-60E4-417C-B58B-8B31B21C0B8A}" = HP Easy Setup - Frontend
"{99832252-D489-4276-B961-6D505CF0AFAA}" = PS_AIO_04_C6300_Software
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp
"{9CD9BB77-92F7-674F-E2D3-CF6D14C672EF}" = Catalyst Control Center Localization Turkish
"{9D9AE4AE-450D-909B-64F1-6F137CB4CDCC}" = CCC Help Chinese Traditional
"{9DBA770F-BF73-4D39-B1DF-6035D95268FC}" = HP Customer Feedback
"{9DC47B66-E422-EDBF-341C-B544BC3F0D65}" = Catalyst Control Center Graphics Previews Vista
"{9EDC4EA1-558A-4297-9BCB-F36E572E6B1D}" = C6300_Help
"{9F4EE72A-C5C9-42ad-ABEF-427690843577}" = MarketResearch
"{9F6C988E-9B1C-5038-A4E1-F8817509DAE8}" = Catalyst Control Center Localization Italian
"{A3B7C670-4A1E-4EE2-950E-C875BC1965D0}" = Copy
"{A55F99F2-D43E-8731-F7F9-3B3AB133A893}" = ccc-utility
"{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA2E8A46-B45E-4aea-8A23-88AB57D04523}" = WebReg
"{AC76BA86-7AD7-1031-7B44-A91000000001}" = Adobe Reader 9.1 - Deutsch
"{AFAD41A9-9687-48A3-848F-693C11451433}" = HP Customer Experience Enhancements
"{B02BBF6C-FB6E-4BA4-7977-3D03D913BD9E}" = CCC Help Spanish
"{B0DE8404-2287-D17A-D483-608CC5D7427F}" = CCC Help Swedish
"{B37B43B2-05A2-C0E6-C74B-23184780BD4B}" = CCC Help Chinese Standard
"{B68ED296-D899-4573-AFFC-D3F6904785D4}" = HP Driver Diagnostics
"{BF08AB1C-3357-4f20-A200-8EBB8EF27C59}" = BufferChm
"{C4DA680A-657A-E15B-51EE-E71CF527CD80}" = Catalyst Control Center Localization Japanese
"{C4F0D5BE-0A7F-017E-66FC-DE96B6AF8F6F}" = CCC Help Italian
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C716522C-3731-4667-8579-40B098294500}" = Toolbox
"{C8732DC3-1736-44b2-B741-2D636DE58605}" = HP Photosmart C6300 All-In-One Driver Software 11.0 Rel .4
"{C89B5E3A-690F-4CEE-909A-BF869E198B0A}" = Scan
"{C916D86C-AB76-49c7-B0E4-A946E0FD9BC2}" = HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B
"{C926ACAF-84DF-BDFD-6825-BC5669940AD0}" = Catalyst Control Center Localization Dutch
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CC0E1AE3-091D-4969-B151-7AC142062C28}" = SmartWebPrinting
"{CC3CFFD1-0EEF-C9DD-5731-089CAA05EB30}" = CCC Help Portuguese
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}" = getPlus(R) for Adobe
"{D16B4BE6-8B10-422f-8034-96D1CA9483B5}" = GPBaseService
"{D4250558-4DE6-4342-8865-D397FD66076B}" = C6300
"{D73EA784-FC47-E0AA-46CD-12486F41C252}" = Catalyst Control Center Localization Spanish
"{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}" = HP Photosmart Essential 2.5
"{D9A5FF9F-7CEA-4075-8F17-1077026CD98B}" = CCC Help French
"{D9ABB34A-C07A-DCE7-21D3-3BB3E343457B}" = ccc-core-static
"{DB6CFD79-2AC7-A10E-CE84-13AAA52AE9C2}" = Catalyst Control Center Localization Norwegian
"{E053E456-5B00-9D0E-9FC8-7FC23326D487}" = Catalyst Control Center Localization French
"{E09575B2-498D-4C8B-A9D2-623F78574F29}" = AIO_CDB_Software
"{E15C3B8B-E6AE-E417-4D8D-0E53424DFFBB}" = Catalyst Control Center Localization Portuguese
"{E535C94A-B87F-4182-BEA8-1E9322078D3E}" = Cards_Calendar_OrderGift_DoMorePlugout
"{E6CFBFB5-9232-410C-B353-AF6E614B2681}" = LightScribe System Software 1.10.16.1
"{E7112940-5F8E-4918-B9FE-251F2F8DC81F}" = AIO_CDB_ProductContext
"{E8C2622C-9FF1-4F60-8008-A0208154F9F3}" = muvee autoProducer 6.1
"{E96B0085-6659-486b-A221-5042A042728D}" = Toolbox
"{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
"{EC3A1D84-E178-56CB-C615-3E2720DD3959}" = Catalyst Control Center Localization Swedish
"{ED2CB13D-0C50-4907-8EA1-82319CB8FD61}" = 2500_Help
"{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery
"{EF9B6310-F152-23FD-5ECE-1EA8EDC3BAF6}" = Catalyst Control Center Localization Danish
"{EF9E56EE-0243-4BAD-88F4-5E7508AA7D96}" = Destination Component
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F67530B4-606E-4FEF-1555-CB8A5A539C84}" = Catalyst Control Center Graphics Full Existing
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F84DFE70-2803-7068-EFD5-8F91A648DE87}" = Catalyst Control Center Core Implementation
"{F8CBC264-23A4-E63B-D112-67BFF6A8AED7}" = Catalyst Control Center Localization Hungarian
"{F95F178B-56AD-4fab-87F8-FA81E66C7D68}" = Network
"{FE46F4D4-CC88-B686-FE10-B2C845FD3BC3}" = CCC Help English
"{FEC2EC4D-D096-F5CA-CE9B-D525AB4573F6}" = Catalyst Control Center Localization German
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Astrolab32" = Astrolab32
"CCleaner" = CCleaner
"dm Fotowelt" = dm Fotowelt
"dm-Fotowelt" = dm-Fotowelt
"FileConverter_1.3 Toolbar" = FileConverter 1.3 Toolbar
"Google Chrome" = Google Chrome
"Google Updater" = Google Updater
"HP Imaging Device Functions" = HP Imaging Device Functions 11.0
"HP Photosmart Essential" = HP Photosmart Essential 3.0
"HP Smart Web Printing" = HP Smart Web Printing
"HP Solution Center & Imaging Support Tools" = HP Solution Center 11.0
"HPExtendedCapabilities" = HP Customer Participation Program 11.0
"HPOCR" = OCR Software by I.R.I.S. 11.0
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"McAfee Security Scan" = McAfee Security Scan Plus
"MediaNavigation.CDLabelPrint" = CD-LabelPrint
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 12.0 (x86 de)" = Mozilla Firefox 12.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NAV" = Norton AntiVirus
"OsdMaestro" = HP On-Screen Cap/Num/Scroll Lock Indicator
"PC-Doctor 5 for Windows" = Hardware Diagnose Tools
"Shop for HP Supplies" = Shop for HP Supplies
"TeamViewer 3" = TeamViewer 3
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Software Update" = Yahoo! Software Update
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\Dr._Merkel_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater
< End of report >
Code:
ATTFilter OTL.TXT
OTL logfile created on: 5/12/2013 3:11:49 AM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Windows Vista (TM) Home Premium Service Pack 2 (Version = 6.0.6002) - Type = System
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 85.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 96.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 325.11 Gb Total Space | 219.09 Gb Free Space | 67.39% Space Free | Partition Type: NTFS
Drive H: | 10.23 Gb Total Space | 1.09 Gb Free Space | 10.68% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
========== Win32 Services (SafeList) ==========
SRV - [2013/03/12 17:25:50 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/02/05 11:48:00 | 000,235,216 | ---- | M] (McAfee, Inc.) [On_Demand] -- C:\Program Files\McAfee Security Scan\3.0.318\McCHSvc.exe -- (McComponentHostService)
SRV - [2012/11/12 15:27:46 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/06/15 22:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) [Auto] -- C:\Program Files\Norton AntiVirus\Engine\19.9.1.14\ccSvcHst.exe -- (NAV)
SRV - [2009/03/03 08:53:08 | 000,033,176 | ---- | M] (NOS Microsystems Ltd.) [On_Demand] -- C:\Program Files\NOS\bin\getPlus_HelperSvc.exe -- (getPlus(R) Helper) getPlus(R)
SRV - [2008/11/17 05:22:16 | 000,185,640 | ---- | M] (TeamViewer GmbH) [Auto] -- C:\Program Files\TeamViewer3\TeamViewer_Service.exe -- (TeamViewer)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2007/07/12 11:36:12 | 000,354,840 | ---- | M] (Intel Corporation) [Auto] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand] -- -- (IpInIp)
DRV - [2013/04/12 19:53:06 | 001,000,024 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.5.0.145\Definitions\BASHDefs\20130502.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2013/01/16 03:32:45 | 001,603,824 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.5.0.145\Definitions\VirusDefs\20130510.022\NAVEX15.SYS -- (NAVEX15)
DRV - [2013/01/16 03:32:45 | 000,093,296 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.5.0.145\Definitions\VirusDefs\20130510.022\NAVENG.SYS -- (NAVENG)
DRV - [2012/12/13 07:49:25 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2012/12/13 07:49:25 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012/08/31 20:27:25 | 000,386,720 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.5.0.145\Definitions\IPSDefs\20130510.001\IDSvix86.sys -- (IDSVix86)
DRV - [2012/07/05 22:17:57 | 000,574,112 | ---- | M] (Symantec Corporation) [File_System | On_Demand] -- C:\Windows\System32\Drivers\NAV\1309010.00E\SRTSP.SYS -- (SRTSP)
DRV - [2012/07/05 22:17:57 | 000,032,928 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\Windows\system32\drivers\NAV\1309010.00E\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2012/06/07 00:43:43 | 000,132,768 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\Windows\system32\drivers\NAV\1309010.00E\ccSetx86.sys -- (ccSet_NAV)
DRV - [2012/05/21 21:37:12 | 000,924,320 | ---- | M] (Symantec Corporation) [File_System | Boot] -- C:\Windows\System32\drivers\NAV\1309010.00E\symefa.sys -- (SymEFA)
DRV - [2012/04/17 22:13:32 | 000,345,208 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\Windows\System32\Drivers\NAV\1309010.00E\SYMTDIV.SYS -- (SYMTDIv)
DRV - [2012/04/17 21:42:14 | 000,149,624 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\Windows\system32\drivers\NAV\1309010.00E\Ironx86.SYS -- (SymIRON)
DRV - [2012/03/24 07:55:55 | 000,141,944 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011/08/15 18:51:40 | 000,340,088 | R--- | M] (Symantec Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\NAV\1309010.00E\symds.sys -- (SymDS)
DRV - [2008/02/25 18:53:20 | 003,520,512 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2007/08/03 06:44:00 | 000,091,648 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=81&bd=Presario&pf=desktop
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=81&bd=Presario&pf=desktop
IE - HKLM\..\URLSearchHook: {78e516ef-11de-47a1-8364-a99b917ec5ee} - C:\Program Files\FileConverter_1.3\prxtbFile.dll (Conduit Ltd.)
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Dr._Merkel_ON_C\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = about:blank [binary data]
IE - HKU\Dr._Merkel_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\Dr._Merkel_ON_C\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\Dr._Merkel_ON_C\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKU\Dr._Merkel_ON_C\..\URLSearchHook: {78e516ef-11de-47a1-8364-a99b917ec5ee} - C:\Program Files\FileConverter_1.3\prxtbFile.dll (Conduit Ltd.)
IE - HKU\Dr._Merkel_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\Dr._Merkel_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
========== FireFox ==========
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://compaq-desktop.de.msn.com/?pc=CICD"
FF - prefs.js..keyword.URL: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=ORJ&o=100000027&locale=de_DE&apn_uid=A841DF5D-8842-43E3-BB46-8E7693085A32&apn_ptnrs=U3&apn_sauid=B19F6165-728C-4C89-8371-EF807455C309&apn_dtid=YYYYYYYYDE&&q="
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\System32\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\System32\npdeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMSS.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2009/04/28 07:05:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.5.0.145\IPSFFPlgn\ [2012/03/24 08:02:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/11/12 15:27:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2009/04/28 07:05:45 | 000,000,000 | ---D | M]
[2011/05/22 11:29:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dr. Merkel\AppData\Roaming\Mozilla\Extensions
[2012/11/18 03:46:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dr. Merkel\AppData\Roaming\Mozilla\Firefox\Profiles\2ewnrls1.default\extensions
[2012/09/19 10:37:36 | 000,002,396 | ---- | M] () -- C:\Users\Dr. Merkel\AppData\Roaming\Mozilla\Firefox\Profiles\2ewnrls1.default\searchplugins\askcom.xml
[2012/11/12 15:27:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/07/20 06:03:24 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
File not found (No name found) --
[2012/03/24 08:02:27 | 000,000,000 | ---D | M] (Norton Vulnerability Protection) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.5.0.145\IPSFFPLGN
[2009/09/03 02:38:06 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2012/11/12 15:27:46 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/11/12 15:27:44 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/11/12 15:27:44 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/11/12 15:27:44 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012/11/12 15:27:44 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012/11/12 15:27:44 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/11/12 15:27:44 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\19.9.1.14\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (FileConverter 1.3 Toolbar) - {78e516ef-11de-47a1-8364-a99b917ec5ee} - C:\Program Files\FileConverter_1.3\prxtbFile.dll (Conduit Ltd.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (FileConverter 1.3 Toolbar) - {78e516ef-11de-47a1-8364-a99b917ec5ee} - C:\Program Files\FileConverter_1.3\prxtbFile.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Show Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - File not found
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKU\Dr._Merkel_ON_C\..\Toolbar\WebBrowser: (FileConverter 1.3 Toolbar) - {78E516EF-11DE-47A1-8364-A99B917EC5EE} - C:\Program Files\FileConverter_1.3\prxtbFile.dll (Conduit Ltd.)
O3 - HKU\Dr._Merkel_ON_C\..\Toolbar\WebBrowser: (Show Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - File not found
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [hpqSRMon] File not found
O4 - HKLM..\Run: [hpsysdrv] C:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [OsdMaestro] C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe (OsdMaestro)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateReg] C:\Windows\System32\jureg.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\LocalService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\NetworkService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O13 - gopher Prefix: missing
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 10.9.2)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} hxxp://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab (get_atlcom Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKU\Dr._Merkel_ON_C Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\aFlowQ_1440x900.JPG
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\aFlowQ_1440x900.JPG
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/01/09 07:03:34 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{0b169cc5-12c1-11dd-9ad6-001e8cb6e95e}\Shell\AutoRun\command - "" = setup.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2013/05/11 19:13:53 | 000,000,000 | ---D | C] -- C:\Users\Dr. Merkel\AppData\Roaming\Malwarebytes
[2013/05/11 19:13:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/05/11 19:13:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/05/11 19:13:45 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013/05/11 19:13:45 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/05/11 19:02:29 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0
[2013/04/15 08:55:44 | 000,000,000 | -HSD | C] -- C:\found.000
========== Files - Modified Within 30 Days ==========
[2013/05/11 19:46:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/05/11 19:46:19 | 000,327,680 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2013/05/11 19:44:29 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/05/11 19:44:25 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/05/11 19:44:25 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/05/11 19:44:04 | 2146,738,176 | -HS- | M] () -- C:\hiberfil.sys
[2013/05/11 19:13:48 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/05/11 19:07:00 | 000,627,756 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013/05/11 19:07:00 | 000,595,386 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/05/11 19:07:00 | 000,125,676 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013/05/11 19:07:00 | 000,103,460 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/05/11 19:02:43 | 000,297,704 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/05/11 17:29:12 | 000,163,075 | ---- | M] () -- C:\Users\Dr. Merkel\AppData\Roaming\2433f433
[2013/05/11 17:29:12 | 000,163,073 | ---- | M] () -- C:\ProgramData\2433f433
[2013/05/11 17:29:12 | 000,163,053 | ---- | M] () -- C:\Users\Dr. Merkel\AppData\Local\2433f433
[2013/05/11 09:24:00 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/05/11 09:20:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/05/11 08:49:22 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2013/05/10 13:54:58 | 000,030,208 | ---- | M] () -- C:\Users\Dr. Merkel\Pictures\Neuer Ordner (2)\Desktop\Documents\624d77b8.dll
[2013/05/10 11:07:49 | 000,002,747 | ---- | M] () -- C:\Users\Dr. Merkel\Pictures\Neuer Ordner (2)\Desktop\Microsoft Office Outlook 2003 (2).lnk
[2013/05/10 07:21:17 | 000,002,747 | ---- | M] () -- C:\Users\Dr. Merkel\Pictures\Neuer Ordner (2)\Desktop\Microsoft Office Outlook 2003 (3).lnk
========== Files Created - No Company Name ==========
[2013/05/11 19:44:04 | 2146,738,176 | -HS- | C] () -- C:\hiberfil.sys
[2013/05/10 13:55:12 | 000,163,075 | ---- | C] () -- C:\Users\Dr. Merkel\AppData\Roaming\2433f433
[2013/05/10 13:55:12 | 000,163,073 | ---- | C] () -- C:\ProgramData\2433f433
[2013/05/10 13:55:12 | 000,163,053 | ---- | C] () -- C:\Users\Dr. Merkel\AppData\Local\2433f433
[2013/05/10 13:54:58 | 000,030,208 | ---- | C] () -- C:\Users\Dr. Merkel\Pictures\Neuer Ordner (2)\Desktop\Documents\624d77b8.dll
[2011/06/07 13:28:17 | 000,166,450 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2011/06/07 13:28:17 | 000,081,920 | ---- | C] () -- C:\Windows\System32\ATIODE.exe
[2011/06/07 13:28:17 | 000,040,960 | ---- | C] () -- C:\Windows\System32\ATIODCLI.exe
[2010/11/20 18:02:09 | 000,000,000 | ---- | C] () -- C:\Users\Dr. Merkel\AppData\Roaming\wklnhst.dat
[2009/12/20 14:05:18 | 000,004,096 | -H-- | C] () -- C:\Users\Dr. Merkel\AppData\Local\keyfile3.drm
[2009/10/21 04:14:12 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/10/21 04:14:12 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/04/28 06:56:16 | 000,188,769 | ---- | C] () -- C:\Windows\hpoins31.dat
[2009/04/22 16:13:24 | 000,024,227 | ---- | C] () -- C:\Users\Dr. Merkel\AppData\Roaming\UserTile.png
[2009/04/12 02:25:39 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/06/17 05:23:21 | 000,001,691 | ---- | C] () -- C:\Windows\hpomdl31.dat
[2008/04/25 15:58:16 | 000,011,776 | ---- | C] () -- C:\Users\Dr. Merkel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/04/25 08:55:13 | 000,164,248 | ---- | C] () -- C:\Windows\hpoins19.dat
[2008/04/25 08:54:58 | 000,026,952 | ---- | C] () -- C:\Windows\hpomdl19.dat
[2008/04/25 08:08:32 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2008/04/25 07:41:44 | 000,000,680 | ---- | C] () -- C:\Users\Dr. Merkel\AppData\Local\d3d9caps.dat
[2008/01/09 14:54:31 | 000,627,756 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008/01/09 14:54:31 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008/01/09 14:54:31 | 000,125,676 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008/01/09 14:54:31 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2008/01/09 06:56:10 | 000,111,448 | ---- | C] () -- C:\Windows\hpqins13.dat
[2008/01/09 06:50:36 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2008/01/09 06:46:42 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2008/01/09 06:46:42 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2008/01/09 06:37:38 | 000,061,440 | ---- | C] () -- C:\Windows\System32\OsdRemove.exe
[2008/01/09 06:35:19 | 000,327,680 | ---- | C] () -- C:\Windows\System32\pythoncom25.dll
[2008/01/09 06:35:19 | 000,102,400 | ---- | C] () -- C:\Windows\System32\pywintypes25.dll
[2006/11/02 08:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:47:37 | 000,297,704 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:33:01 | 000,595,386 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,103,460 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2003/02/20 11:53:42 | 000,005,702 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI
========== LOP Check ==========
[2009/12/03 14:26:46 | 000,000,000 | ---D | M] -- C:\Users\Dr. Merkel\AppData\Roaming\Canon
[2008/11/30 13:30:12 | 000,000,000 | ---D | M] -- C:\Users\Dr. Merkel\AppData\Roaming\CD-LabelPrint
[2012/09/19 10:33:53 | 000,000,000 | ---D | M] -- C:\Users\Dr. Merkel\AppData\Roaming\Image Zone Express
[2010/10/10 19:54:05 | 000,000,000 | ---D | M] -- C:\Users\Dr. Merkel\AppData\Roaming\Printer Info Cache
[2011/10/13 17:59:53 | 000,000,000 | ---D | M] -- C:\Users\Dr. Merkel\AppData\Roaming\RegistryKeys
[2008/11/26 07:14:53 | 000,000,000 | ---D | M] -- C:\Users\Dr. Merkel\AppData\Roaming\TeamViewer
[2010/11/20 18:02:47 | 000,000,000 | ---D | M] -- C:\Users\Dr. Merkel\AppData\Roaming\Template
[2008/06/10 10:25:40 | 000,000,000 | ---D | M] -- C:\Users\Dr. Merkel\AppData\Roaming\WinBatch
[2008/04/25 07:13:28 | 000,000,000 | -HSD | M] -- C:\ProgramData\Anwendungsdaten
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data
[2012/05/30 02:23:14 | 000,000,000 | ---D | M] -- C:\ProgramData\Ask
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents
[2008/04/25 07:13:28 | 000,000,000 | -HSD | M] -- C:\ProgramData\Dokumente
[2008/04/25 07:13:28 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favoriten
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites
[2008/01/09 07:03:23 | 000,000,000 | ---D | M] -- C:\ProgramData\muvee Technologies
[2008/01/09 07:12:19 | 000,000,000 | ---D | M] -- C:\ProgramData\PC-Doctor
[2011/07/03 13:35:15 | 000,000,000 | ---D | M] -- C:\ProgramData\PCSettings
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu
[2008/04/25 07:13:28 | 000,000,000 | -HSD | M] -- C:\ProgramData\Startmenü
[2006/11/02 09:02:04 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates
[2013/04/14 12:15:19 | 000,000,000 | ---D | M] -- C:\ProgramData\tmp
[2008/04/25 07:13:28 | 000,000,000 | -HSD | M] -- C:\ProgramData\Vorlagen
[2008/04/25 07:46:53 | 000,000,000 | ---D | M] -- C:\ProgramData\WildTangent
[2009/10/25 10:59:52 | 000,000,000 | ---D | M] -- C:\ProgramData\WindowsSearch
[2011/07/03 14:55:03 | 000,000,000 | ---D | M] -- C:\ProgramData\Xerox
[2013/05/11 19:46:19 | 000,032,514 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
< End of report >
|
|
12.05.2013, 11:17
| #2 |
| | GVU Trojaner 2.07 Windows Vista Home Premium Hallo habe jetzt diese Dateien per Kaspersky Rescue CD gelöscht.
__________________[2013/05/11 19:44:04 | 2146,738,176 | -HS- | C] () -- C:\hiberfil.sys [2013/05/10 13:55:12 | 000,163,075 | ---- | C] () -- C:\Users\Dr. Merkel\AppData\Roaming\2433f433 [2013/05/10 13:55:12 | 000,163,073 | ---- | C] () -- C:\ProgramData\2433f433 [2013/05/10 13:55:12 | 000,163,053 | ---- | C] () -- C:\Users\Dr. Merkel\AppData\Local\2433f433 [2013/05/10 13:54:58 | 000,030,208 | ---- | C] () -- C:\Users\Dr. Merkel\Pictures\Neuer Ordner (2)\Desktop\Documents\624d77b8.dll Jetzt springt er wieder an. Ich versuche es jetzt mit AntiMalwarebytes. |
|
12.05.2013, 13:47
| #3 |
| /// Helfer-Team  | GVU Trojaner 2.07 Windows Vista Home Premium__________________
__________________ |
|
12.05.2013, 15:16
| #4 |
| | GVU Trojaner 2.07 Windows Vista Home Premium Hallo, Das ist leider nicht mehr möglich  . Ich habe nur noch die Mails und Fotos gesichert und dann den Rechner komplett formatiert und bin gerade dabei ihn neu aufzusetzen.Was ich so gelesen habe ist das wohl die sicherste Variante. Vielen Dank für die Antwort. Grüße |
|
12.05.2013, 20:07
| #5 |
| /// Helfer-Team | GVU Trojaner 2.07 Windows Vista Home Premium Das ist nicht verkehrt! Ich haette die Gelegenheit genutzt Windows 7 zu nehmen  Downloade Dir bitte  SecurityCheck und:
|
|
28.06.2013, 12:19
| #6 |
| /// Helfer-Team | GVU Trojaner 2.07 Windows Vista Home Premium Fehlende Rückmeldung Gibt es Probleme beim Abarbeiten obiger Anleitung? Um Kapazitäten für andere Hilfesuchende freizumachen, lösche ich dieses Thema aus meinen Benachrichtigungen. Solltest Du weitermachen wollen, schreibe mir eine PN oder eröffne ein neues Thema. http://www.trojaner-board.de/69886-a...-beachten.html Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner sauber ist.
__________________ --> GVU Trojaner 2.07 Windows Vista Home Premium |
|
| Themen zu GVU Trojaner 2.07 Windows Vista Home Premium |
| 32 bit, adobe, autorun, bho, defender, error, firefox, flash player, format, google, home, install.exe, kaspersky, logfile, mozilla, netzwerk, object, officejet, plug-in, realtek, registry, rundll, scan, security, software, starten, trojaner, vista, windows |
Linear-Darstellung
