Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
GVU-Trojaner 2.07 auf Win7 32 bit am 02.09.12 eingefangen

GVU-Trojaner 2.07 auf Win7 32 bit am 02.09.12 eingefangen


Log-Analyse und Auswertung: GVU-Trojaner 2.07 auf Win7 32 bit am 02.09.12 eingefangen

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 07.09.2012, 20:15   #1
Ratte2000
 
GVU-Trojaner 2.07 auf Win7 32 bit am 02.09.12 eingefangen - Standard

GVU-Trojaner 2.07 auf Win7 32 bit am 02.09.12 eingefangen


Hallo,

ich habe mir am 02.09.2012 nachts einen GVU 2.07 eingefangen.

Unter Verwendung eines 2.Benutzer wurden folgende Schritte beim befallenen Benutzer durchgeführt:
- ctfmon-link in der Autostart entfernt
- Trojaner-exe im Userverzeichnis gelöscht
- versteckte Trojanerdatei vom Desktop gelöscht

Danach hatte ich beim befallenen User wieder Zugriff. Danach habe ich folgendes durchgeführt:

Avira Internet Security inkl. Bereinigung

Scan mit OTL

OTL.txt:
Code:
ATTFilter
OTL logfile created on: 06.09.2012 19:35:20 - Run 1
OTL by OldTimer - Version 3.2.61.0     Folder = C:\Users\Matthias\Desktop
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,88 Gb Available Physical Memory | 62,83% Memory free
6,00 Gb Paging File | 4,72 Gb Available in Paging File | 78,69% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 111,69 Gb Total Space | 67,72 Gb Free Space | 60,63% Space Free | Partition Type: NTFS
Drive E: | 1863,01 Gb Total Space | 1140,11 Gb Free Space | 61,20% Space Free | Partition Type: NTFS
Drive G: | 1863,01 Gb Total Space | 350,70 Gb Free Space | 18,82% Space Free | Partition Type: NTFS
 
Computer Name: MATTHIAS-PC | User Name: Matthias | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.09.06 19:33:24 | 000,599,040 | ---- | M] (OldTimer Tools) -- C:\Users\Matthias\Desktop\OTL.exe
PRC - [2012.09.02 18:25:42 | 003,491,792 | ---- | M] (Acronis) -- C:\Programme\Common Files\Acronis\CDP\afcdpsrv.exe
PRC - [2012.08.08 10:42:25 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.06.28 20:49:22 | 001,173,712 | ---- | M] (Acronis) -- C:\Programme\Acronis\TrueImageHome\TimounterMonitor.exe
PRC - [2012.06.28 20:48:10 | 005,924,712 | ---- | M] (Acronis) -- C:\Programme\Common Files\Acronis\SyncAgent\syncagentsrv.exe
PRC - [2012.06.28 20:47:22 | 000,821,584 | ---- | M] (Acronis) -- C:\Programme\Common Files\Acronis\Schedule2\schedul2.exe
PRC - [2012.06.28 20:47:12 | 000,403,688 | ---- | M] (Acronis) -- C:\Programme\Common Files\Acronis\Schedule2\schedhlp.exe
PRC - [2012.06.28 20:46:30 | 005,993,216 | ---- | M] (Acronis) -- C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe
PRC - [2012.05.29 13:09:52 | 001,528,672 | ---- | M] (TuneUp Software) -- C:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe
PRC - [2012.05.29 13:09:52 | 001,220,960 | ---- | M] (TuneUp Software) -- C:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe
PRC - [2012.05.14 14:44:09 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.14 14:44:08 | 000,619,472 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avfwsvc.exe
PRC - [2012.05.14 14:44:08 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe
PRC - [2012.05.14 14:44:08 | 000,375,760 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avmailc.exe
PRC - [2012.05.14 14:44:08 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.14 14:44:08 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012.02.23 12:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Programme\Common Files\Apple\Internet Services\ubd.exe
PRC - [2012.01.20 21:03:48 | 000,719,672 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office14\MSOSYNC.EXE
PRC - [2012.01.13 12:00:38 | 001,576,840 | ---- | M] () -- C:\Programme\SEH Computertechnik GmbH\SEH UTN Manager\utnservice.exe
PRC - [2011.11.04 15:40:06 | 000,687,400 | ---- | M] (Nero AG) -- C:\Programme\Nero\Update\NASvc.exe
PRC - [2011.08.03 13:50:00 | 002,255,464 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011.08.03 13:50:00 | 000,812,648 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\nvxdsync.exe
PRC - [2011.08.03 13:50:00 | 000,373,864 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\nvtray.exe
PRC - [2011.06.24 06:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.12.13 15:37:46 | 000,135,536 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft LifeCam\MSCamS32.exe
PRC - [2010.11.20 14:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010.11.20 14:17:41 | 001,174,016 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
PRC - [2010.03.15 11:58:30 | 000,172,544 | ---- | M] (Panasonic Corporation) -- C:\Programme\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe
PRC - [2010.01.09 22:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
PRC - [2007.06.15 13:57:42 | 000,145,504 | ---- | M] (B.H.A Corporation) -- C:\Windows\System32\bgsvcgen.exe
PRC - [2001.11.12 15:31:48 | 000,020,480 | ---- | M] (X10) -- C:\Programme\Common Files\X10\Common\X10nets.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.06.28 20:46:10 | 013,005,184 | ---- | M] () -- C:\Programme\Acronis\TrueImageHome\Common\ti_managers.dll
MOD - [2012.06.28 17:34:28 | 000,018,816 | ---- | M] () -- C:\Programme\Acronis\TrueImageHome\ti_managers_proxy_stub.dll
MOD - [2012.06.14 03:21:32 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
MOD - [2012.06.14 03:21:26 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
MOD - [2012.05.14 03:14:51 | 000,689,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlServ#\7ad858343df4d35cd393b6263608a70a\System.Data.SqlServerCe.ni.dll
MOD - [2012.05.14 03:09:43 | 000,628,224 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\168755d010e5a96ac940b0ddd27616a4\System.EnterpriseServices.ni.dll
MOD - [2012.05.14 03:09:43 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\80fae9f16f80075535e72458ef293f7a\System.Transactions.ni.dll
MOD - [2012.05.14 03:09:42 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\f3814b488d9e083cbbc623e01b389f09\System.Data.ni.dll
MOD - [2012.05.14 03:08:57 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012.05.14 03:08:54 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012.05.14 03:08:54 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012.05.14 03:08:45 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2011.11.02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.11.02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011.03.17 01:11:16 | 004,297,568 | ---- | M] () -- C:\Programme\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010.11.13 02:02:21 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010.11.05 03:58:05 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2009.08.16 18:06:02 | 000,141,312 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll
MOD - [2009.06.10 23:23:19 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2012.09.02 18:25:42 | 003,491,792 | ---- | M] (Acronis) [Auto | Running] -- C:\Programme\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv)
SRV - [2012.09.02 18:07:47 | 000,250,568 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.08.24 16:00:04 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.07.13 14:14:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.06.28 20:48:10 | 005,924,712 | ---- | M] (Acronis) [Auto | Running] -- C:\Programme\Common Files\Acronis\SyncAgent\syncagentsrv.exe -- (syncagentsrv)
SRV - [2012.06.28 20:47:22 | 000,821,584 | ---- | M] (Acronis) [Auto | Running] -- C:\Programme\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2012.05.29 13:09:52 | 001,528,672 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2012.05.29 13:09:50 | 000,029,024 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp)
SRV - [2012.05.14 14:44:09 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.14 14:44:08 | 000,619,472 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avfwsvc.exe -- (AntiVirFirewallService)
SRV - [2012.05.14 14:44:08 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe -- (AntiVirWebService)
SRV - [2012.05.14 14:44:08 | 000,375,760 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService)
SRV - [2012.05.14 14:44:08 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.01.13 12:00:38 | 001,576,840 | ---- | M] () [Auto | Running] -- C:\Programme\SEH Computertechnik GmbH\SEH UTN Manager\utnservice.exe -- (SEH UTN Service)
SRV - [2011.11.04 15:40:06 | 000,687,400 | ---- | M] (Nero AG) [Auto | Running] -- C:\Programme\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2011.08.03 13:50:00 | 002,255,464 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011.06.12 12:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2010.12.13 15:37:46 | 000,135,536 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)
SRV - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2010.01.09 22:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2010.01.09 22:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
SRV - [2009.08.10 16:59:50 | 000,178,720 | ---- | M] () [Disabled | Stopped] -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe -- (nSvcIp)
SRV - [2009.08.10 16:59:48 | 000,387,616 | ---- | M] () [Disabled | Stopped] -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.02.03 15:53:00 | 001,155,072 | ---- | M] (MAGIX AG) [Disabled | Stopped] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs)
SRV - [2008.08.07 11:10:02 | 003,276,800 | ---- | M] (MAGIX®) [Disabled | Stopped] -- C:\Programme\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
SRV - [2007.06.15 13:57:42 | 000,145,504 | ---- | M] (B.H.A Corporation) [Auto | Running] -- C:\Windows\System32\bgsvcgen.exe -- (bgsvcgen)
SRV - [2007.06.05 14:20:32 | 000,177,704 | ---- | M] () [Disabled | Stopped] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing)
SRV - [2001.11.12 15:31:48 | 000,020,480 | ---- | M] (X10) [Auto | Running] -- C:\Programme\Common Files\X10\Common\X10nets.exe -- (x10nets)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Recognizer | On_Demand | Unknown] --  -- (Paiihevca)
DRV - [2012.09.02 18:25:43 | 000,234,752 | ---- | M] (Acronis) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\afcdp.sys -- (afcdp)
DRV - [2012.09.02 18:25:41 | 000,775,232 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\tdrpman.sys -- (tdrpman)
DRV - [2012.09.02 18:25:37 | 000,614,592 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\timntr.sys -- (timounter)
DRV - [2012.09.02 18:25:36 | 000,126,880 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vididr.sys -- (vididr)
DRV - [2012.09.02 18:25:35 | 000,086,496 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vsflt67.sys -- (vidsflt67)
DRV - [2012.09.02 18:25:34 | 000,177,600 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\snapman.sys -- (snapman)
DRV - [2012.09.02 18:25:34 | 000,080,416 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\fltsrv.sys -- (fltsrv)
DRV - [2012.05.14 14:44:09 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.05.14 14:44:09 | 000,112,032 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avfwot.sys -- (avfwot)
DRV - [2012.05.14 14:44:09 | 000,091,968 | ---- | M] (Avira GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avfwim.sys -- (avfwim)
DRV - [2012.05.14 14:44:09 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012.01.13 12:01:04 | 000,034,304 | ---- | M] (SEH Computertechnik GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\sehutn.sys -- (sehutn)
DRV - [2011.12.15 15:52:00 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011.12.12 20:31:38 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2011.08.03 13:50:00 | 010,304,104 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2011.07.20 02:54:06 | 000,047,104 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\iBtFltCoex.sys -- (iBtFltCoex)
DRV - [2011.07.19 23:12:22 | 000,225,280 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btmhsf.sys -- (btmhsf)
DRV - [2011.07.08 01:21:28 | 000,139,880 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2011.02.11 02:35:44 | 000,728,064 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTL8192cu.sys -- (RTL8192cu)
DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.06.09 14:00:48 | 001,554,472 | ---- | M] (Trident Microsystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\TrdCap.sys -- (TrdCap)
DRV - [2010.02.06 16:49:00 | 000,597,536 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTL8192su.sys -- (RTL8192su)
DRV - [2009.08.04 17:43:40 | 000,213,024 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvstor32.sys -- (nvstor32)
DRV - [2009.07.30 17:12:54 | 000,287,392 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmf6232.sys -- (NVNET)
DRV - [2009.07.14 00:02:52 | 000,347,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvm62x32.sys -- (NVENETFD)
DRV - [2009.06.29 00:36:36 | 000,017,920 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2009.05.13 14:47:30 | 000,027,160 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10ufx2.sys -- (XUIF)
DRV - [2009.05.13 14:26:26 | 000,013,720 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10hid.sys -- (X10Hid)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 90 DF 7D CD 3C 89 CD 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {9E3C49B2-61D1-4E75-B461-89DD97DC4B7B}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{9E3C49B2-61D1-4E75-B461-89DD97DC4B7B}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Nero.com/KM: C:\PROGRA~1\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.08.24 16:00:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.08.21 21:18:17 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.08.24 16:00:05 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.08.21 21:18:17 | 000,000,000 | ---D | M]
 
[2011.12.29 11:21:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Matthias\AppData\Roaming\mozilla\Extensions
[2012.08.24 16:04:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Matthias\AppData\Roaming\mozilla\Firefox\Profiles\nxug5y1n.default\extensions
[2012.08.24 16:04:15 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\Matthias\AppData\Roaming\mozilla\firefox\profiles\nxug5y1n.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.02.01 17:27:17 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.02.01 17:27:17 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.08.24 16:00:05 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.11.10 06:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2009.12.17 01:03:36 | 000,063,488 | ---- | M] (Nullsoft) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2012.08.24 16:00:03 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.08.24 16:00:03 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.08.24 16:00:03 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.08.24 16:00:03 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.08.24 16:00:03 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.08.24 16:00:03 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Programme\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [Corel File Shell Monitor] C:\Programme\Corel\Corel MediaOne\CorelIOMonitor.exe ()
O4 - HKLM..\Run: [LifeCam] C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKCU..\Run: [MobileDocuments] C:\Programme\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O4 - HKCU..\Run: [OfficeSyncProcess] C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{30757C13-6560-4B6E-A938-4FC7110C6322}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.09.06 19:33:45 | 000,599,040 | ---- | C] (OldTimer Tools) -- C:\Users\Matthias\Desktop\OTL.exe
[2012.09.03 21:59:28 | 000,000,000 | ---D | C] -- C:\Users\Matthias\AppData\Roaming\Malwarebytes
[2012.09.03 21:58:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.09.03 21:58:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.09.03 21:58:11 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.09.03 21:58:11 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.09.02 18:25:43 | 000,000,000 | ---D | C] -- C:\Users\Matthias\AppData\Roaming\328A4CAB-EC49-48FC-8749-ABE8159A4DCD
[2012.08.16 03:01:13 | 000,000,000 | -HSD | C] -- C:\Config.Msi
 
========== Files - Modified Within 30 Days ==========
 
[2012.09.06 19:33:24 | 000,599,040 | ---- | M] (OldTimer Tools) -- C:\Users\Matthias\Desktop\OTL.exe
[2012.09.06 19:28:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.09.04 21:53:08 | 000,009,888 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.09.04 21:53:08 | 000,009,888 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.09.04 21:50:02 | 000,668,302 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.09.04 21:50:02 | 000,619,894 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.09.04 21:50:02 | 000,134,150 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.09.04 21:50:02 | 000,110,082 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.09.04 21:45:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.09.04 21:45:32 | 2415,370,240 | -HS- | M] () -- C:\hiberfil.sys
[2012.09.03 21:58:12 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.09.02 18:25:32 | 000,001,097 | ---- | M] () -- C:\Users\Public\Desktop\Acronis True Image Home 2012.lnk
[2012.09.01 15:00:00 | 000,000,450 | ---- | M] () -- C:\Windows\tasks\Intel_C_CVPR134604BU120LGN.job
[2012.08.16 03:19:38 | 000,830,576 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
 
========== Files Created - No Company Name ==========
 
[2012.09.03 21:58:12 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.09.02 18:25:32 | 000,001,097 | ---- | C] () -- C:\Users\Public\Desktop\Acronis True Image Home 2012.lnk
[2012.01.02 14:32:30 | 000,002,828 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys
[2012.01.02 14:32:30 | 000,000,008 | RHS- | C] () -- C:\Windows\System32\DF38B70230.sys
[2012.01.02 14:04:04 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2012.01.02 11:07:33 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2012.01.02 11:07:33 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2012.01.02 11:07:33 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2012.01.02 11:07:33 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2012.01.02 11:07:33 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2012.01.02 11:07:33 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2012.01.02 11:07:33 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2012.01.02 11:07:33 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2012.01.02 11:07:33 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2012.01.02 11:07:33 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat
[2012.01.02 11:07:33 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2012.01.02 11:07:33 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2012.01.02 11:07:33 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2012.01.02 11:07:33 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2012.01.02 11:07:33 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2012.01.02 11:07:33 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat
[2012.01.02 11:07:33 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat
[2012.01.02 11:07:33 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2012.01.02 11:07:33 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2011.12.30 18:53:36 | 000,650,752 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2011.12.30 18:53:36 | 000,240,640 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2011.12.30 18:51:56 | 000,001,534 | ---- | C] () -- C:\ProgramData\ss.ini
[2011.12.30 17:45:38 | 000,001,285 | ---- | C] () -- C:\Users\Matthias\InterCon-NetTool.ini
[2011.12.18 22:36:35 | 000,127,184 | ---- | C] () -- C:\Windows\Unwise.exe
[2011.12.18 22:36:34 | 000,149,504 | ---- | C] () -- C:\Windows\unwise32_setup.exe
[2011.12.18 22:00:47 | 000,006,136 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
 
========== LOP Check ==========
 
[2012.09.02 18:25:43 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\328A4CAB-EC49-48FC-8749-ABE8159A4DCD
[2012.01.04 11:33:20 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Acronis
[2011.12.30 18:35:15 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Canon
[2011.12.30 22:11:32 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Haenlein-Software
[2011.12.30 21:55:12 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\IrfanView
[2012.01.02 14:06:38 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\MAGIX
[2011.12.22 22:51:24 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\OpenCandy
[2011.12.31 13:45:03 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\TuneUp Software
[2009.07.14 06:53:46 | 000,026,080 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >

Scan mit Malewarebyte

Scan mit Gmer

Entsprechende Logfiles sind im Anhang.

Ich bin mir nicht sicher, ob ich bereits alles entfernen konnte. Was mich beunruhigt ist, dass das Win7-Sicherheitszentrum bei meiner Avira Internet Security Suite nur die Firewall erkennt. Aber nicht den Virenscanner und die Anti-Spysoftware.

Ich bitte um Hilfe und verbleibe mit
Besten Grüssen

Ratte2000

 

Themen zu GVU-Trojaner 2.07 auf Win7 32 bit am 02.09.12 eingefangen
32 bit, antivir, autorun, avg, avira internet security suite, bho, bonjour, defender, desktop, document, entfernen, firefox, flash player, format, helper, home, internet, langs, logfile, mozilla, nicht sicher, object, plug-in, proxy, realtek, registry, security, senden, software, win7 32 bit, windows


« Mein Account wird gehackt .... | soap0_wsdl.exe nicht gefunden »


Ähnliche Themen: GVU-Trojaner 2.07 auf Win7 32 bit am 02.09.12 eingefangen


  1. Trojaner "MyBrowser" von Plus Network eingefangen über GoogleChrome (WIn7)
    Log-Analyse und Auswertung - 30.09.2015 (42)
  2. Virus eingefangen (2. Rechner / Win7 )
    Log-Analyse und Auswertung - 04.10.2014 (22)
  3. Win7: Habe ich mir einen Trojaner eingefangen?
    Log-Analyse und Auswertung - 21.09.2013 (3)
  4. BKA-Trojaner eingefangen (Win7, 32-bit) und mit der Entfernung überfordert
    Plagegeister aller Art und deren Bekämpfung - 08.08.2013 (17)
  5. [Win7 Home 64bit] GVU Trojaner eingefangen und entfernt?
    Plagegeister aller Art und deren Bekämpfung - 12.05.2013 (27)
  6. GVU trojaner in win7 eingefangen
    Log-Analyse und Auswertung - 12.02.2013 (8)
  7. !Hilfe! hab mir Trojaner Polizei Österreich eingefangen!Win7 64bit
    Plagegeister aller Art und deren Bekämpfung - 28.09.2012 (2)
  8. Trojaner GVU 2.07 auf Win7 32 bit am 03092012 eingefangen
    Plagegeister aller Art und deren Bekämpfung - 15.09.2012 (13)
  9. Win7 64bit - GVU 2.07 eingefangen
    Log-Analyse und Auswertung - 12.08.2012 (10)
  10. GVU-Trojaner eingefangen. Win7
    Plagegeister aller Art und deren Bekämpfung - 10.08.2012 (11)
  11. Win7 64bit GVU-Trojaner 2.07 eingefangen
    Log-Analyse und Auswertung - 31.07.2012 (18)
  12. GVU Trojaner 2.07 unter win7 64 bit eingefangen
    Log-Analyse und Auswertung - 25.07.2012 (15)
  13. GVU Trojaner eingefangen unter Win7 64bit
    Log-Analyse und Auswertung - 23.07.2012 (19)
  14. Warten sie während die Verbindung mit dem Internet hergestellt wird - Trojaner eingefangen - Win7
    Log-Analyse und Auswertung - 21.03.2012 (1)
  15. GEMA Trojaner eingefangen Win7- OTL.txt Datei vorhanden
    Plagegeister aller Art und deren Bekämpfung - 23.02.2012 (1)
  16. Auch den Bundespolizei Trojaner eingefangen, Win7 64 bit
    Log-Analyse und Auswertung - 14.02.2012 (23)
  17. Trojaner eingefangen unter Win7?
    Log-Analyse und Auswertung - 30.12.2010 (33)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema GVU-Trojaner 2.07 auf Win7 32 bit am 02.09.12 eingefangen - Hallo, ich habe mir am 02.09.2012 nachts einen GVU 2.07 eingefangen. Unter Verwendung eines 2.Benutzer wurden folgende Schritte beim befallenen Benutzer durchgeführt: - ctfmon-link in der Autostart entfernt - Trojaner-exe - GVU-Trojaner 2.07 auf Win7 32 bit am 02.09.12 eingefangen...
Archiv
Du betrachtest: GVU-Trojaner 2.07 auf Win7 32 bit am 02.09.12 eingefangen auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55