Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
GVU Trojaner v 2.07 infiziert meinen rechner. Bin ich ihn los?

GVU Trojaner v 2.07 infiziert meinen rechner. Bin ich ihn los?


Plagegeister aller Art und deren Bekämpfung: GVU Trojaner v 2.07 infiziert meinen rechner. Bin ich ihn los?

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 03.10.2012, 21:43   #28
Mahoo
 
GVU Trojaner v 2.07 infiziert meinen rechner. Bin ich ihn los? - Standard

GVU Trojaner v 2.07 infiziert meinen rechner. Bin ich ihn los?


Code:
ATTFilter
ComboFix 12-10-03.03 - Mahoo 03.10.2012  22:32:18.1.2 - x86
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.3582.2669 [GMT 2:00]
ausgeführt von:: c:\users\Mahoo\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\dsgsdgdsgdsgw.pad
c:\users\Mahoo\4.0
c:\users\Mahoo\AppData\Local\Temp\99cab429-f99d-4f69-9d04-113ad532bd0f\CliSecureRT.dll
c:\users\Mahoo\AppData\Roaming\Help\coredb\storage
c:\windows\system32\ladfGSRCoinst_i386.dll
c:\windows\system32\muzapp.exe
c:\windows\system32\System32\MASetupCleaner.exe
c:\windows\system32\System32\muzapp.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-09-03 bis 2012-10-03  ))))))))))))))))))))))))))))))
.
.
2012-10-03 20:37 . 2012-10-03 20:39	--------	d-----w-	c:\users\Mahoo\AppData\Local\temp
2012-10-03 20:37 . 2012-10-03 20:37	--------	d-----w-	c:\users\UpdatusUser\AppData\Local\temp
2012-10-03 20:37 . 2012-10-03 20:37	--------	d-----w-	c:\users\DefaultAppPool\AppData\Local\temp
2012-10-02 19:40 . 2012-10-02 19:40	--------	d-----w-	C:\_OTL
2012-10-02 06:09 . 2012-08-30 08:17	6980552	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{0F720654-8CF1-4EEC-84EF-9B39E62DBB22}\mpengine.dll
2012-10-01 13:51 . 2012-10-01 13:51	--------	d-----w-	c:\users\Mahoo\AppData\Local\ElevatedDiagnostics
2012-09-28 10:40 . 2012-08-30 19:13	888168	----a-w-	c:\windows\system32\nvdispgenco32.dll
2012-09-28 10:40 . 2012-08-30 19:13	6109032	----a-w-	c:\windows\system32\nvopencl.dll
2012-09-28 10:40 . 2012-08-30 19:13	19828584	----a-w-	c:\windows\system32\nvoglv32.dll
2012-09-28 10:40 . 2012-08-30 19:13	10790760	----a-w-	c:\windows\system32\drivers\nvlddmkm.sys
2012-09-28 10:39 . 2012-08-30 19:13	7626088	----a-w-	c:\windows\system32\nvcuda.dll
2012-09-28 10:39 . 2012-08-30 19:13	2573672	----a-w-	c:\windows\system32\nvcuvid.dll
2012-09-28 10:39 . 2012-08-30 19:13	1866088	----a-w-	c:\windows\system32\nvcuvenc.dll
2012-09-28 10:39 . 2012-08-30 19:13	17559912	----a-w-	c:\windows\system32\nvcompiler.dll
2012-09-28 04:48 . 2012-09-28 04:48	--------	d-----w-	c:\users\Mahoo\AppData\Roaming\Malwarebytes
2012-09-28 04:48 . 2012-09-28 04:48	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2012-09-28 04:48 . 2012-09-28 04:48	--------	d-----w-	c:\programdata\Malwarebytes
2012-09-28 04:48 . 2012-09-07 15:04	22856	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-09-28 00:53 . 2012-09-28 00:53	--------	d-----w-	c:\program files\ESET
2012-09-27 22:22 . 2012-09-27 22:22	--------	d-----w-	c:\users\Administrator\AppData\Roaming\Canneverbe Limited
2012-09-27 22:21 . 2012-09-27 22:21	--------	d-----w-	c:\users\Administrator\AppData\Local\Adobe
2012-09-27 21:47 . 2012-09-27 21:47	--------	d-----w-	c:\users\Administrator\AppData\Roaming\DAEMON Tools Lite
2012-09-27 21:29 . 2012-09-27 21:29	--------	d-----w-	c:\users\Administrator\AppData\Local\Macromedia
2012-09-27 21:26 . 2012-09-27 21:26	--------	d-----w-	c:\users\Administrator\AppData\Local\Mozilla
2012-09-27 21:22 . 2012-09-27 21:22	--------	d-----w-	c:\users\Administrator\AppData\Roaming\Avira
2012-09-25 19:31 . 2012-08-21 20:12	245760	----a-w-	c:\windows\system32\OxpsConverter.exe
2012-09-23 20:00 . 2012-09-23 20:00	--------	d-----w-	c:\users\Mahoo\.thumbnails
2012-09-23 18:25 . 2012-09-23 18:26	--------	d-----w-	c:\program files\GIMP 2
2012-09-23 18:14 . 2012-09-23 18:14	--------	d-----w-	c:\users\Mahoo\AppData\Local\webkit
2012-09-23 17:33 . 2012-09-23 17:33	--------	d-----w-	c:\users\Mahoo\AppData\Local\fontconfig
2012-09-23 17:33 . 2012-09-23 22:03	--------	d-----w-	c:\users\Mahoo\.gimp-2.8
2012-09-23 17:33 . 2012-09-23 17:33	--------	d-----w-	c:\users\Mahoo\AppData\Local\gegl-0.2
2012-09-13 18:04 . 2012-08-22 17:16	712048	----a-w-	c:\windows\system32\drivers\ndis.sys
2012-09-13 18:04 . 2012-07-04 19:45	33280	----a-w-	c:\windows\system32\drivers\RNDISMP.sys
2012-09-13 18:04 . 2012-08-22 17:16	1292144	----a-w-	c:\windows\system32\drivers\tcpip.sys
2012-09-13 18:04 . 2012-08-22 17:16	240496	----a-w-	c:\windows\system32\drivers\netio.sys
2012-09-13 18:04 . 2012-08-22 17:16	187760	----a-w-	c:\windows\system32\drivers\FWPKCLNT.SYS
2012-09-13 18:04 . 2012-08-02 16:57	490496	----a-w-	c:\windows\system32\d3d10level9.dll
2012-09-09 15:18 . 2012-09-09 15:18	73696	----a-w-	c:\program files\Mozilla Firefox\breakpadinjector.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-03 20:38 . 2011-02-24 20:20	4194304	----a-w-	c:\windows\ServiceProfiles\NetworkService\msmqlog.bin
2012-09-28 08:58 . 2012-04-15 16:02	696240	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2012-09-28 08:58 . 2011-06-08 15:31	73136	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-30 19:13 . 2011-11-14 19:02	1009512	----a-w-	c:\windows\system32\nvdispco32.dll
2012-08-30 19:13 . 2011-05-21 05:01	15291752	----a-w-	c:\windows\system32\nvd3dum.dll
2012-08-30 19:13 . 2010-09-19 01:58	2422120	----a-w-	c:\windows\system32\nvapi.dll
2012-08-30 19:13 . 2009-07-13 22:09	12465512	----a-w-	c:\windows\system32\nvwgf2um.dll
2012-08-30 15:57 . 2011-01-07 20:06	645992	----a-w-	c:\windows\system32\nvvsvc.exe
2012-08-30 15:57 . 2011-01-07 20:06	2557288	----a-w-	c:\windows\system32\nvsvcr.dll
2012-08-30 15:57 . 2011-01-07 20:06	108392	----a-w-	c:\windows\system32\nvmctray.dll
2012-08-30 15:57 . 2010-07-09 14:20	62312	----a-w-	c:\windows\system32\nvshext.dll
2012-08-30 15:57 . 2011-01-07 20:06	3963240	----a-w-	c:\windows\system32\nvcpl.dll
2012-08-30 15:57 . 2011-01-07 20:06	2836840	----a-w-	c:\windows\system32\nvsvc.dll
2012-08-30 08:40 . 2012-08-30 08:40	429416	----a-w-	c:\windows\system32\nvStreaming.exe
2012-07-30 11:32 . 2012-07-30 11:32	83168	----a-w-	c:\windows\system32\drivers\ssudbus.sys
2012-07-30 11:32 . 2012-07-30 11:32	181344	----a-w-	c:\windows\system32\drivers\ssudmdm.sys
2012-07-18 17:47 . 2012-08-16 18:27	2345984	----a-w-	c:\windows\system32\win32k.sys
2012-09-09 15:18 . 2011-12-20 19:11	266720	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KiesPreload"="c:\program files\Samsung\Kies\Kies.exe" [2012-07-03 975288]
"KiesPDLR"="c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-07-03 21432]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-08-09 348664]
"MsmqIntCert"="mqrt.dll" [2010-11-20 152064]
"Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2012-07-24 5115192]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2011-09-27 19:03	66328	----a-w-	c:\program files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	autocheck autochk /p \??\G:\0autocheck autochk *
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [x]
R3 Installer Service;Installer Service;c:\programdata\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\{07D77970-B205-460C-84E4-263F30455597}\Installer\InstallerService.exe [x]
R3 LADF_DHP2;G35 DHP2 Filter Driver;c:\windows\system32\DRIVERS\ladfDHP2i386.sys [x]
R3 LADF_SBVM;G35 SBVM Filter Driver;c:\windows\system32\DRIVERS\ladfSBVMi386.sys [x]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R3 netr28u;GW-USMicroN Driver for Vista;c:\windows\system32\DRIVERS\netr28u.sys [x]
R3 nmwcdsa;Samsung USB Phone Parent;c:\windows\system32\drivers\nmwcdsa.sys [x]
R3 nmwcdsac;Samsung USB Generic;c:\windows\system32\drivers\nmwcdsac.sys [x]
R3 nmwcdsacj;Samsung USB Port;c:\windows\system32\drivers\nmwcdsacj.sys [x]
R3 nmwcdsacm;Samsung USB Modem;c:\windows\system32\drivers\nmwcdsacm.sys [x]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [x]
R3 Samsung UPD Service2;Samsung UPD Service2;c:\windows\System32\SUPDSvc2.exe [x]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [x]
S2 Dokan;Dokan;c:\windows\system32\drivers\dokan.sys [x]
S2 DokanMounter;DokanMounter;c:\program files\Dokan\DokanLibrary\mounter.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [x]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 LADF_CaptureOnly;LADF Capture Filter Driver;c:\windows\system32\DRIVERS\ladfGSCi386.sys [x]
S3 LADF_RenderOnly;LADF Render Filter Driver;c:\windows\system32\DRIVERS\ladfGSRi386.sys [x]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
iissvcs	REG_MULTI_SZ   	w3svc was
apphost	REG_MULTI_SZ   	apphostsvc
Akamai	REG_MULTI_SZ   	Akamai
.
Inhalt des "geplante Tasks" Ordners
.
2012-10-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-15 08:58]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
Trusted Zone: samsungsetup.com\www
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Mahoo\AppData\Roaming\Mozilla\Firefox\Profiles\3gn9tca2.default\
FF - prefs.js: network.proxy.type - 0
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{ba14329e-9550-4989-b3f2-9732e92d17cc} - (no file)
HKCU-Run-KiesAirMessage - c:\program files\Samsung\Kies\KiesAirMessage.exe
AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-05_Sloan - c:\program files\Samsung\USB Drivers\05_Sloan\Uninstall.exe
AddRemove-06_Spencer - c:\program files\Samsung\USB Drivers\06_Spencer\Uninstall.exe
AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-08_EMPChipset - c:\program files\Samsung\USB Drivers\08_EMPChipset\Uninstall.exe
AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-17_EMP_Chipset2 - c:\program files\Samsung\USB Drivers\17_EMP_Chipset2\Uninstall.exe
AddRemove-18_Zinia_Serial_Driver - c:\program files\Samsung\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe
AddRemove-19_VIA_driver - c:\program files\Samsung\USB Drivers\19_VIA_driver\Uninstall.exe
AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe
AddRemove-21_Searsburg - c:\program files\Samsung\USB Drivers\21_Searsburg\Uninstall.exe
AddRemove-22_WiBro_WiMAX - c:\program files\Samsung\USB Drivers\22_WiBro_WiMAX\Uninstall.exe
AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe
AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files\common files\akamai/netsession_win_5891ae0.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\NVIDIA Corporation\Display\nvxdsync.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\programdata\EPSON\EPW!3 SSRP\E_S40ST7.EXE
c:\programdata\EPSON\EPW!3 SSRP\E_S40RP7.EXE
c:\windows\system32\inetsrv\inetinfo.exe
c:\windows\system32\mqsvc.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\mqtgsvc.exe
c:\windows\system32\taskhost.exe
c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\conhost.exe
c:\windows\system32\conhost.exe
c:\program files\NVIDIA Corporation\Display\nvtray.exe
c:\windows\system32\sppsvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-10-03  22:42:04 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-10-03 20:42
.
Vor Suchlauf: 15 Verzeichnis(se), 24.314.724.352 Bytes frei
Nach Suchlauf: 21 Verzeichnis(se), 23.883.182.080 Bytes frei
.
- - End Of File - - D521F141A258E5C215903B46E957A6E5
Gmer Log
Code:
ATTFilter
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-10-04 00:42:55
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP5T0L0-1 SAMSUNG_HD080HJ rev.ZH100-47
Running: zygu08np.exe; Driver: C:\Users\Mahoo\AppData\Local\Temp\ugloypog.sys


---- System - GMER 1.0.15 ----

SSDT            93853D66                                                                                                                                   ZwCreateSection
SSDT            93853D70                                                                                                                                   ZwRequestWaitReplyPort
SSDT            93853D6B                                                                                                                                   ZwSetContextThread
SSDT            93853D75                                                                                                                                   ZwSetSecurityObject
SSDT            93853D7A                                                                                                                                   ZwSystemDebugControl
SSDT            93853D07                                                                                                                                   ZwTerminateProcess

---- Kernel code sections - GMER 1.0.15 ----

.text           ntkrnlpa.exe!ZwRollbackEnlistment + 140D                                                                                                   8308C3C9 1 Byte  [06]
.text           ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                                                                     830C5D52 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text           ntkrnlpa.exe!KeRemoveQueueEx + 11F7                                                                                                        830CCEAC 4 Bytes  [66, 3D, 85, 93] {CMP AX, 0x9385}
.text           ntkrnlpa.exe!KeRemoveQueueEx + 1553                                                                                                        830CD208 4 Bytes  [70, 3D, 85, 93]
.text           ntkrnlpa.exe!KeRemoveQueueEx + 1597                                                                                                        830CD24C 4 Bytes  [6B, 3D, 85, 93]
.text           ntkrnlpa.exe!KeRemoveQueueEx + 1613                                                                                                        830CD2C8 4 Bytes  [75, 3D, 85, 93]
.text           ntkrnlpa.exe!KeRemoveQueueEx + 1667                                                                                                        830CD31C 4 Bytes  [7A, 3D, 85, 93]
.text           ...                                                                                                                                        
?               C:\Windows\system32\Drivers\PROCEXP113.SYS                                                                                                 Das System kann die angegebene Datei nicht finden. !

---- User IAT/EAT - GMER 1.0.15 ----

IAT             C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1196] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress]     [7598FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT             C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1196] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress]    [7598FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT             C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1196] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress]   [7598FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT             C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1196] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress]  [7598FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT             C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1196] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress]   [7598FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT             C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1196] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress]   [7598FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                                                                     fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                                                                     fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device          \Driver\ACPI_HAL \Device\0000004a                                                                                                          halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----
Log Osam
Code:
ATTFilter
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 00:51:00 on 04.10.2012

OS: Windows 7 Home Premium Edition Service Pack 1 (Build 7601), 32-bit
Default Browser: Mozilla Corporation Firefox 15.0.1

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"Adobe Flash Player Updater.job" - "Adobe Systems Incorporated" - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\Windows\system32\FlashPlayerCPLApp.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~2\Office14\MLCFG32.CPL

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys
"avkmgr" (avkmgr) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avkmgr.sys
"catchme" (catchme) - ? - C:\Users\Mahoo\AppData\Local\Temp\catchme.sys  (File not found)
"DgiVecp" (DgiVecp) - ? - C:\Windows\system32\Drivers\DgiVecp.sys  (File not found)
"Dokan" (Dokan) - "Windows (R) Win 7 DDK provider" - C:\Windows\system32\drivers\dokan.sys
"G35 DHP2 Filter Driver" (LADF_DHP2) - "Logitech" - C:\Windows\System32\DRIVERS\ladfDHP2i386.sys
"G35 SBVM Filter Driver" (LADF_SBVM) - "Logitech" - C:\Windows\System32\DRIVERS\ladfSBVMi386.sys
"gdrv" (gdrv) - "Windows (R) 2000 DDK provider" - C:\Windows\gdrv.sys
"GW-USMicroN Driver for Vista" (netr28u) - ? - C:\Windows\System32\DRIVERS\netr28u.sys  (File not found)
"MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\Windows\system32\drivers\mbam.sys
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys
"SSPORT" (SSPORT) - "Samsung Electronics" - C:\Windows\system32\Drivers\SSPORT.sys
"ugloypog" (ugloypog) - ? - C:\Users\Mahoo\AppData\Local\Temp\ugloypog.sys  (Hidden registry entry, rootkit activity | File not found)

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807573E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{5F327514-6C5E-4d60-8F16-D07FA08A78ED} "Auto Update Property Sheet Extension" - ? - C:\Windows\system32\wuaucpl.cpl  (File not found)
{D66DC78C-4F61-447F-942B-3FB6980118CF} "CInfoTipShellExt Class" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\VISSHE.DLL
{A70C977A-BF00-412C-90B7-034C51DA2439} "DesktopContext Class" - "NVIDIA Corporation" - C:\Program Files\NVIDIA Corporation\Display\nvui.dll
{99FD978C-D287-4F50-827F-B2C658EDA8E7} "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} "Groove Explorer Icon Overlay 2 (GFS Stub)" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
{920E6DB1-9907-4370-B3A0-BAFC03D81399} "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
{16F3DD56-1AF5-4347-846D-7C10C4192619} "Groove Explorer Icon Overlay 3 (GFS Folder)" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
{2916C86E-86A6-43FE-8112-43ABE6BF8DCC} "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
{2A541AE1-5BF6-4665-A8A3-CFA9672E4291} "Groove Folder Synchronization" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
{6C467336-8281-4E60-8204-430CED96822D} "Groove GFS Context Menu Handler" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
{A449600E-1DC6-4232-B948-9BD794D62056} "Groove GFS Stub Icon Handler" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
{387E725D-DC16-4D76-B310-2C93ED4752A0} "Groove XML Icon Handler" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
{506F4668-F13E-4AA1-BB04-B43203AB3CC0} "ImageExtractorShellExt Class" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\VISSHE.DLL
{DC70C4A5-2044-4c59-B806-DEFB9AE0DF7C} "KbLogiExt Class" - "Logitech, Inc." - C:\Program Files\Logitech\SetPointP\kbcplext.dll
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\msoshext.dll
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\msoshext.dll
{0875DCB6-C686-4243-9432-ADCCF0B9F2D7} "Microsoft OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\ONFILTER.DLL
{00020D75-0000-0000-C000-000000000046} "Microsoft Outlook" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~2\Office14\MLSHEXT.DLL
{3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} "NVIDIA CPL Context Menu Extension" - "NVIDIA Corporation" - C:\Windows\system32\nvshext.dll
{0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\OLKFSTUB.DLL
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Program Files\WinRAR\rarext.dll
{3D60EDA7-9AB4-4DA8-864C-D9B5F2E7281D} "Workspaces" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
Logitech Setpoint Extension "{B9B9F083-2B04-452A-8691-83694AC1037B}" - ? -   (File not found | COM-object registry key not found)

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\Windows\system32\Macromed\Flash\Flash10l.ocx / hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} "{8AD9C840-044E-11D1-B3E9-00805F499D93}" - ? -   (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab
{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} "{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}" - ? -   (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
{CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA} "{CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA}" - ? -   (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}" - ? -   (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
{FFFDC614-B694-4AE6-AB38-5D6374584B52} "Verknüpfte &OneNote-Notizen" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
{B4F3A835-0E21-4959-BA22-42B3008E02FF} "Office Document Cache Handler" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\Mahoo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"KiesPDLR" - ? - C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
"KiesPreload" - "Samsung" - C:\Program Files\Samsung\Kies\Kies.exe /preload
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"avgnt" - "Avira Operations GmbH & Co. KG" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
"Launch LCore" - "Logitech Inc." - C:\Program Files\Logitech Gaming Software\LCore.exe /minimized

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"EPSON S21 Series 32MonitorBE" - "SEIKO EPSON CORPORATION" - C:\Windows\system32\E_FLBFAE.DLL

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"Adobe Acrobat Update Service" (AdobeARMservice) - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
"Adobe Flash Player Update Service" (AdobeFlashPlayerUpdateSvc) - "Adobe Systems Incorporated" - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
"Akamai NetSession Interface" (Akamai) - "Akamai Technologies, Inc." - c:\program files\common files\akamai\netsession_win_5891ae0.dll
"ASP.NET State Service" (aspnet_state) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
"Avira Echtzeit Scanner" (AntiVirService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
"Avira Planer" (AntiVirSchedulerService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\sched.exe
"DokanMounter" (DokanMounter) - ? - C:\Program Files\Dokan\DokanLibrary\mounter.exe  (File found, but it contains no detailed information)
"EPSON V3 Service4(01)" (EPSON_PM_RPCV4_01) - "SEIKO EPSON CORPORATION" - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE
"EPSON V5 Service4(01)" (EPSON_EB_RPCV4_01) - "SEIKO EPSON CORPORATION" - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE
"Installer Service" (Installer Service) - ? - C:\ProgramData\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\{07D77970-B205-460C-84E4-263F30455597}\Installer\InstallerService.exe  (File found, but it contains no detailed information)
"Logitech Bluetooth Service" (LBTServ) - "Logitech, Inc." - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
"MBAMScheduler" (MBAMScheduler) - "Malwarebytes Corporation" - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
"MBAMService" (MBAMService) - "Malwarebytes Corporation" - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Microsoft SharePoint Workspace Audit Service" (Microsoft SharePoint Workspace Audit Service) - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\GROOVE.EXE
"Mozilla Maintenance Service" (MozillaMaintenance) - "Mozilla Foundation" - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
"nProtect GameGuard Service" (npggsvc) - "INCA Internet Co., Ltd." - C:\Windows\system32\GameMon.des
"NVIDIA Display Driver Service" (nvsvc) - "NVIDIA Corporation" - C:\Windows\system32\nvvsvc.exe
"NVIDIA Stereoscopic 3D Driver Service" (Stereo Service) - "NVIDIA Corporation" - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
"NVIDIA Update Service Daemon" (nvUpdatusService) - "NVIDIA Corporation" - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
"Office  Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"Office Software Protection Platform" (osppsvc) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
"PnkBstrA" (PnkBstrA) - ? - C:\Windows\system32\PnkBstrA.exe  (File found, but it contains no detailed information)
"Samsung UPD Service2" (Samsung UPD Service2) - "Samsung Electronics" - C:\Windows\System32\SUPDSvc2.exe
"ServiceLayer" (ServiceLayer) - "Nokia" - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
"Steam Client Service" (Steam Client Service) - "Valve Corporation" - C:\Program Files\Common Files\Steam\SteamService.exe

[Winlogon]
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----
"LBTWlgn" - "Logitech, Inc." - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll

===[ Logfile end ]=========================================[ Logfile end ]===

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

 

Themen zu GVU Trojaner v 2.07 infiziert meinen rechner. Bin ich ihn los?
administrator, anti-malware, antivir, autostart, exp/12-0507.bj.2.c, exp/2012-0507.cu, exp/java.ternub.gen, explorer, infiziert., java/jogek.ay, java/jogek.az, löschen, problem, rechner, registrierung, schädlinge, seite, service, speicher, system, test, trojaner, version, versucht, zufällig


« Ukash Trojaner | mystart.indredibar bei Chorme.newTab »


Ähnliche Themen: GVU Trojaner v 2.07 infiziert meinen rechner. Bin ich ihn los?


  1. Win 7 Rechner mit Trojaner TR/AD.Gamarue.Y.1144 infiziert
    Log-Analyse und Auswertung - 19.11.2015 (26)
  2. CBL listet meinen Mac (OS X, Version 10.6.8) als mit Neuvret-Trojaner infiziert - was tun?
    Alles rund um Mac OSX & Linux - 28.10.2015 (8)
  3. Mit BKA Trojaner auf Windows XP Rechner infiziert
    Log-Analyse und Auswertung - 21.04.2014 (11)
  4. TR/Agent.uyq.1 - Hat Antivir damit einen echten Trojaner gefunden? Wenn ja, wie finde ich heraus, ob er meinen PC infiziert hat?
    Plagegeister aller Art und deren Bekämpfung - 08.04.2014 (5)
  5. Interpol-Trojaner hat meinen Rechner gesperrt
    Log-Analyse und Auswertung - 07.12.2013 (21)
  6. Massenemails über meinen Account, Trojaner oder Virus auf dem Rechner?
    Plagegeister aller Art und deren Bekämpfung - 21.08.2013 (13)
  7. GVU Trojaner auf Win 7 Rechner. Bin gerade im Ausland unterwegs und brauche meinen Rechner dringend
    Log-Analyse und Auswertung - 29.01.2013 (10)
  8. Trojaner der meinen Rechner blockiert
    Plagegeister aller Art und deren Bekämpfung - 21.12.2012 (5)
  9. GUV Trojaner 2.07 blockiert meinen Rechner
    Plagegeister aller Art und deren Bekämpfung - 01.08.2012 (9)
  10. Trojaner (Trojan.Phex.THAGen3) behindert meinen Rechner bei nutzung firefox
    Log-Analyse und Auswertung - 18.07.2012 (1)
  11. GVU Trojaner mit webcam infiziert rechner
    Plagegeister aller Art und deren Bekämpfung - 10.07.2012 (1)
  12. Rechner mit Verschlüsselungs Trojaner infiziert
    Log-Analyse und Auswertung - 07.05.2012 (17)
  13. Antispyware 2012 infiziert meinen Rechner
    Plagegeister aller Art und deren Bekämpfung - 17.12.2011 (3)
  14. Spyeye Trojaner hat laut Bank meinen PC infiziert
    Plagegeister aller Art und deren Bekämpfung - 15.02.2011 (18)
  15. Trojaner Flut ist über meinen Rechner geschwappt! braviax.exe, Rootkin.gen & co.
    Plagegeister aller Art und deren Bekämpfung - 27.08.2009 (42)
  16. Kann jemand mir helfen ich habe ein Trojaner auf meinen Rechner.
    Mülltonne - 15.12.2008 (0)
  17. habe drei trojaner auf meinen rechner wie bekomme ich sie weg
    Antiviren-, Firewall- und andere Schutzprogramme - 03.06.2005 (9)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema GVU Trojaner v 2.07 infiziert meinen rechner. Bin ich ihn los? - Code: Alles auswählen Aufklappen ATTFilter ComboFix 12-10-03.03 - Mahoo 03.10.2012 22:32:18.1.2 - x86 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.3582.2669 [GMT 2:00] ausgeführt von:: c:\users\Mahoo\Desktop\ComboFix.exe AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C} SP: - GVU Trojaner v 2.07 infiziert meinen rechner. Bin ich ihn los?...
Archiv
Du betrachtest: GVU Trojaner v 2.07 infiziert meinen rechner. Bin ich ihn los? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55