|
Log-Analyse und Auswertung: GVU TrojanerWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
22.12.2012, 20:13 | #1 |
| GVU Trojaner Hallo, habe mir auch den GVU Trojaner eigefangen und kann auch nicht mehr im abgesicherten Modus starten ohne das ich diese GVU Meldung bekomme. Bitte um Hilfe |
22.12.2012, 21:43 | #2 |
/// Winkelfunktion /// TB-Süch-Tiger™ | GVU Trojaner Hallo und
__________________Mit einem sauberen 2. Rechner eine OTLPE-CD erstellen und den infizierten Rechner dann von dieser CD booten: Falls Du kein Brennprogramm installiert hast, lade dir bitte ISOBurner herunter. Das Programm wird Dir erlauben, OTLPE auf eine CD zu brennen und sie bootfähig zu machen. Du brauchst das Tool nur zu installieren, der Rest läuft automatisch => Wie brenne ich eine ISO Datei auf CD/DVD.
__________________ |
23.12.2012, 11:03 | #3 |
| GVU Trojaner Hallo, hat alles wie beschrieben funktioniert, danke.
__________________Hier die txt-DateiOTL Logfile: Code:
ATTFilter OTL logfile created on: 12/23/2012 10:28:11 AM - Run OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE Windows Vista (TM) Home Premium Service Pack 2 (Version = 6.0.6002) - Type = System Internet Explorer (Version = 7.0.6002.18005) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 91.00% Memory free 3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 298.09 Gb Total Space | 126.83 Gb Free Space | 42.55% Space Free | Partition Type: NTFS Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Computer Name: REATOGO | User Name: SYSTEM Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days Using ControlSet: ControlSet001 ========== Win32 Services (SafeList) ========== SRV - [2012/12/21 11:43:46 | 000,212,480 | ---- | M] () [Auto] -- C:\Users\Tom\AppData\Local\Temp\wpbt0.dll -- (Winmgmt) SRV - [2012/12/14 01:14:51 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012/11/06 13:00:04 | 005,814,392 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto] -- C:\Program Files\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent) SRV - [2012/11/04 03:11:46 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012/10/22 07:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto] -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe -- (avgwd) SRV - [2012/10/20 01:51:48 | 000,711,112 | ---- | M] () [Auto] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe -- (vToolbarUpdater13.2.0) SRV - [2012/07/13 06:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2011/11/10 08:17:31 | 000,167,264 | ---- | M] () [On_Demand] -- C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service) SRV - [2010/02/04 23:16:20 | 000,419,224 | ---- | M] (CSR, plc) [Auto] -- C:\Windows\System32\HFGService.dll -- (HFGService) SRV - [2008/07/10 07:04:14 | 000,036,864 | ---- | M] () [Auto] -- C:\Program Files\Hotkey\PowerBiosServer.exe -- (PowerBiosServer) SRV - [2008/04/07 02:17:30 | 000,430,592 | ---- | M] (Nokia.) [On_Demand] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2008/01/20 21:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand] -- -- (IpInIp) DRV - [2012/10/22 07:02:46 | 000,179,936 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System] -- C:\Windows\System32\drivers\avgidsdriverx.sys -- (AVGIDSDriver) DRV - [2012/10/20 01:51:49 | 000,026,984 | ---- | M] (AVG Technologies) [Kernel | System] -- C:\Windows\System32\drivers\avgtpx86.sys -- (avgtp) DRV - [2012/10/14 21:48:52 | 000,055,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot] -- C:\Windows\System32\drivers\avgidshx.sys -- (AVGIDSHX) DRV - [2012/10/04 21:32:50 | 000,093,536 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86) DRV - [2012/10/01 20:30:38 | 000,159,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86) DRV - [2012/09/20 20:46:06 | 000,164,832 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix) DRV - [2012/09/20 20:46:00 | 000,177,376 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot] -- C:\Windows\System32\drivers\avglogx.sys -- (Avglogx) DRV - [2012/09/20 20:45:54 | 000,019,936 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System] -- C:\Windows\System32\drivers\avgidsshimx.sys -- (AVGIDSShim) DRV - [2012/09/13 20:05:20 | 000,035,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot] -- C:\Windows\System32\drivers\avgrkx86.sys -- (Avgrkx86) DRV - [2010/02/04 23:16:08 | 000,048,024 | ---- | M] (CSR, plc) [Kernel | On_Demand] -- C:\Windows\System32\drivers\BthAudioHF.sys -- (BthAudioHF) DRV - [2009/03/31 02:39:36 | 000,036,608 | ---- | M] () [Kernel | On_Demand] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk) DRV - [2009/03/20 03:01:26 | 000,121,856 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ss_bmdm.sys -- (ss_bmdm) DRV - [2009/03/20 03:01:26 | 000,090,112 | ---- | M] (MCCI) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ss_bbus.sys -- (ss_bbus) SAMSUNG USB Mobile Device (WDM) DRV - [2009/03/20 03:01:26 | 000,014,976 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ss_bmdfl.sys -- (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter) DRV - [2009/01/13 11:56:06 | 000,346,112 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\RTL8187B.sys -- (RTL8187B) DRV - [2008/03/31 08:44:46 | 001,069,608 | ---- | M] (Bison Electronics. Inc. ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\BisonC07.sys -- (Cam5607) DRV - [2008/03/28 05:04:00 | 007,445,856 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2008/03/03 02:12:50 | 000,048,128 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\SiSGB6.sys -- (SiSGbeLH) DRV - [2007/09/17 08:53:26 | 000,021,632 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd) DRV - [2007/07/17 09:05:04 | 000,092,032 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard) DRV - [2007/04/11 03:40:14 | 000,046,592 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ESD7SK.sys -- (ESDCR) DRV - [2007/04/11 03:40:06 | 000,067,584 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\EMS7SK.sys -- (EMSCR) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\Tom_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKU\Tom_ON_C\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\Tom_ON_C\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found IE - HKU\Tom_ON_C\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll (SweetIM Technologies Ltd.) IE - HKU\Tom_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search" FF - prefs.js..browser.search.defaulturl: "hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "www.google.de" FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1 FF - prefs.js..extensions.enabledItems: 6 FF - prefs.js..extensions.enabledItems: 2 FF - prefs.js..extensions.enabledItems: 48 FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.4 FF - prefs.js..extensions.enabledItems: avg@igeared:6.103.018.001 FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1209 FF - prefs.js..keyword.URL: "hxxp://search.sweetim.com/search.asp?barid={D3AA5A4B-0177-4CE3-A669-90D42E5B600D}&src=2&crg=3.1010006&q=" FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "hxxp://search.sweetim.com/search.asp?barid={D3AA5A4B-0177-4CE3-A669-90D42E5B600D}&src=2&crg=3.1010006&q=" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\System32\Macromed\Flash\NPSWF32_11_5_502_135.dll () FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\13.2.0\\npsitesafety.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\System32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.669: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.669: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.669: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\ProgramData\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} [2010/01/22 12:06:51 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/11/05 11:57:45 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\FireFoxExt\13.2.0.5 [2012/11/10 02:39:48 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/11/04 03:11:47 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/11/04 03:11:37 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/11/04 03:11:47 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/11/04 03:11:37 | 000,000,000 | ---D | M] [2009/11/10 11:28:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tom\AppData\Roaming\Mozilla\Extensions [2012/11/10 02:40:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\rrpg7feh.default\extensions [2010/04/30 09:40:51 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\rrpg7feh.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011/06/12 01:21:11 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\rrpg7feh.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2012/10/25 00:00:24 | 000,000,000 | ---D | M] (PriceGong) -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\rrpg7feh.default\extensions\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829} [2009/11/10 11:36:04 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\rrpg7feh.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7} [2009/11/15 14:28:08 | 000,002,240 | ---- | M] () -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\rrpg7feh.default\searchplugins\askcom.xml [2012/04/21 14:33:14 | 000,003,915 | ---- | M] () -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\rrpg7feh.default\searchplugins\sweetim.xml [2012/11/04 03:11:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2012/11/04 03:11:36 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} File not found (No name found) -- [2012/11/10 02:39:48 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\PROGRAMDATA\AVG SECURE SEARCH\FIREFOXEXT\13.2.0.5 [2012/11/04 03:11:47 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012/02/27 14:22:36 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012/11/10 02:39:35 | 000,003,571 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml [2012/09/19 23:30:25 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012/02/27 14:22:36 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012/02/27 14:22:36 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012/02/27 14:22:36 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012/02/27 14:22:36 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006/09/18 16:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Shopping Assistant Plugin) - {1631550F-191D-4826-B069-D9439253D926} - C:\Program Files\PriceGong\2.6.4\PriceGongIE.dll (PriceGong) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - File not found O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll () O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll () O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found. O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O3 - HKU\Tom_ON_C\..\Toolbar\WebBrowser: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No CLSID value found. O3 - HKU\Tom_ON_C\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found. O3 - HKU\Tom_ON_C\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O3 - HKU\Tom_ON_C\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found. O3 - HKU\Tom_ON_C\..\Toolbar\WebBrowser: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [HotkeyOSD Software] C:\Program Files\Hotkey\HotKey.exe () O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [ROC_roc_ssl_v12] C:\Program Files\AVG Secure Search\ROC_roc_ssl_v12.exe () O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.) O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe () O4 - HKU\LocalService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\NetworkService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\Tom_ON_C..\Run: [compOUTE] C:\Users\Tom\AppData\Local\Temp\browicli.dll () O4 - HKU\Tom_ON_C..\Run: [msnmsgr] File not found O4 - Startup: C:\Users\Tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk = X:\I386\SYSTEM32\RUNDLL32.EXE (Microsoft Corporation) O8 - Extra context menu item: Web-Suche - C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\MenuExt.html () O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O13 - gopher Prefix: missing O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - File not found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\13.2.0\ViProtocol.dll () O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img25.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img25.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ] O33 - MountPoints2\{6b61c746-d273-11dd-93ee-0090f58c5496}\Shell - "" = AutoRun O33 - MountPoints2\{6b61c746-d273-11dd-93ee-0090f58c5496}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{b7f3d558-d268-11dd-ac17-0090f58c5496}\Shell - "" = AutoRun O33 - MountPoints2\{b7f3d558-d268-11dd-ac17-0090f58c5496}\Shell\AutoRun\command - "" = E:\AutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2012/12/21 01:53:16 | 000,293,376 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll [2012/12/21 01:53:16 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll [2012/12/12 01:59:09 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Wdfres.dll [2012/12/12 01:59:01 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFPlatform.dll [2012/12/12 01:59:01 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winusb.dll [2012/12/12 01:59:00 | 000,047,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\WdfLdr.sys [2012/12/12 01:58:58 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFCoinstaller.dll [2012/12/12 01:58:57 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFx.dll [2012/12/12 01:44:12 | 002,048,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2012/12/12 01:44:10 | 000,376,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dpnet.dll [2012/12/12 01:44:10 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dpnsvr.exe [2012/12/12 01:44:04 | 000,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll [2012/12/12 01:44:04 | 000,498,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2012/12/12 01:44:04 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2012/12/12 01:44:04 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2012/12/12 01:44:04 | 000,180,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2012/12/12 01:44:04 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2012/12/12 01:44:04 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2012/12/12 01:44:03 | 001,383,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2012/12/12 01:44:03 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll [2012/12/12 01:40:54 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll [2012/12/10 00:10:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG ========== Files - Modified Within 30 Days ========== [2012/12/21 12:31:35 | 095,023,320 | ---- | M] () -- C:\ProgramData\0tbpw.pad [2012/12/21 12:30:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/12/21 11:55:17 | 000,000,414 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{90CDE50F-0716-4E45-AE05-284A9FF51040}.job [2012/12/21 11:52:35 | 000,138,429 | ---- | M] () -- C:\ProgramData\nvModes.dat [2012/12/21 11:52:34 | 000,138,429 | ---- | M] () -- C:\ProgramData\nvModes.001 [2012/12/21 11:49:04 | 000,003,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012/12/21 11:49:03 | 000,003,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012/12/21 11:49:02 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012/12/21 11:44:11 | 095,023,320 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.pad [2012/12/21 11:44:09 | 000,003,102 | ---- | M] () -- C:\ProgramData\0tbpw.js [2012/12/21 11:44:09 | 000,000,902 | ---- | M] () -- C:\Users\Tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk [2012/12/21 11:31:48 | 000,025,600 | ---- | M] () -- C:\Users\Tom\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012/12/21 11:25:05 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012/12/21 11:25:05 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012/12/21 11:25:05 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012/12/21 11:25:05 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012/12/21 11:16:24 | 000,376,064 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012/12/21 01:54:22 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2012/12/16 08:12:54 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\System32\atmlib.dll [2012/12/16 05:50:29 | 000,293,376 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll [2012/12/16 05:14:22 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012/12/14 09:03:01 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012/12/14 01:14:51 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2012/12/14 01:14:50 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2012/12/10 00:10:58 | 000,000,858 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk [2012/12/10 00:10:58 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG ========== Files Created - No Company Name ========== [2012/12/21 11:44:09 | 000,003,102 | ---- | C] () -- C:\ProgramData\0tbpw.js [2012/12/21 11:44:09 | 000,000,902 | ---- | C] () -- C:\Users\Tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk [2012/12/21 11:43:50 | 095,023,320 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.pad [2012/12/21 11:43:50 | 095,023,320 | ---- | C] () -- C:\ProgramData\0tbpw.pad [2012/12/12 01:59:13 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf [2012/12/12 01:59:13 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf [2011/12/27 13:18:51 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll [2010/04/15 12:48:32 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll [2010/04/15 12:48:32 | 000,036,608 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys [2010/04/15 12:48:18 | 000,002,528 | ---- | C] () -- C:\Users\Tom\AppData\Roaming\$_hpcst$.hpc [2009/12/05 06:50:16 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat [2009/09/26 15:46:10 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2009/09/26 15:46:09 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009/08/03 08:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll [2009/08/03 08:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe [2009/05/09 12:28:40 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2008/12/25 09:53:35 | 000,025,600 | ---- | C] () -- C:\Users\Tom\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008/10/08 04:26:34 | 000,015,190 | ---- | C] () -- C:\Windows\M3000Twn.ini [2008/10/08 04:26:34 | 000,000,189 | ---- | C] () -- C:\Windows\OEM.ini [2008/10/08 03:38:17 | 000,138,429 | ---- | C] () -- C:\ProgramData\nvModes.001 [2008/10/08 03:38:09 | 000,138,429 | ---- | C] () -- C:\ProgramData\nvModes.dat [2008/10/08 03:05:01 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2008/10/08 02:34:53 | 000,356,352 | ---- | C] () -- C:\Windows\EMCRI.dll [2008/10/08 02:04:05 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2008/01/21 02:15:58 | 000,628,742 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2008/01/21 02:15:58 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2008/01/21 02:15:58 | 000,126,454 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2008/01/21 02:15:58 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2007/10/25 10:26:10 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys [2006/11/02 07:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006/11/02 07:47:37 | 000,376,064 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006/11/02 05:33:01 | 000,595,996 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006/11/02 05:33:01 | 000,104,070 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat ========== LOP Check ========== [2012/10/20 01:56:10 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\AVG2013 [2010/04/15 13:04:30 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\PC Suite [2011/12/27 13:18:54 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\pdfforge [2010/12/28 04:07:11 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Samsung [2012/10/20 01:52:51 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\TuneUp Software [2008/12/24 12:45:13 | 000,000,000 | -HSD | M] -- C:\ProgramData\Anwendungsdaten [2006/11/02 08:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data [2012/10/20 01:52:47 | 000,000,000 | ---D | M] -- C:\ProgramData\AVG Secure Search [2010/11/15 12:26:01 | 000,000,000 | ---D | M] -- C:\ProgramData\AVG Security Toolbar [2012/10/20 01:53:50 | 000,000,000 | ---D | M] -- C:\ProgramData\AVG2013 [2010/11/05 09:04:50 | 000,000,000 | -H-D | M] -- C:\ProgramData\Common Files [2006/11/02 08:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop [2006/11/02 08:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents [2008/12/24 12:45:13 | 000,000,000 | -HSD | M] -- C:\ProgramData\Dokumente [2008/12/24 12:45:13 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favoriten [2006/11/02 08:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites [2012/12/21 11:52:22 | 000,000,000 | ---D | M] -- C:\ProgramData\MFAData [2010/04/15 13:04:31 | 000,000,000 | ---D | M] -- C:\ProgramData\PC Suite [2006/11/02 08:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu [2008/12/24 12:45:13 | 000,000,000 | -HSD | M] -- C:\ProgramData\Startmenü [2012/04/21 14:33:22 | 000,000,000 | ---D | M] -- C:\ProgramData\SweetIM [2006/11/02 08:02:04 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates [2009/12/31 07:00:35 | 000,000,000 | ---D | M] -- C:\ProgramData\TOSHIBA [2008/12/24 12:45:13 | 000,000,000 | -HSD | M] -- C:\ProgramData\Vorlagen [2010/02/03 12:51:16 | 000,000,000 | ---D | M] -- C:\ProgramData\WinZip [2012/12/21 01:54:23 | 000,032,534 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2012/12/21 11:55:17 | 000,000,414 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{90CDE50F-0716-4E45-AE05-284A9FF51040}.job ========== Purity Check ========== < End of report > Wie gehts weiter? Kann ich den Lapi wieder normal starten? lg |
23.12.2012, 18:56 | #4 |
/// Winkelfunktion /// TB-Süch-Tiger™ | GVU Trojaner Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
Note: Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread. Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards. Mach einen OTL-Fix über OTLPE, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL O3 - HKU\Tom_ON_C\..\Toolbar\WebBrowser: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No CLSID value found. O3 - HKU\Tom_ON_C\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found. O3 - HKU\Tom_ON_C\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O3 - HKU\Tom_ON_C\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found. O4 - HKU\Tom_ON_C..\Run: [compOUTE] C:\Users\Tom\AppData\Local\Temp\browicli.dll () O4 - HKU\Tom_ON_C..\Run: [msnmsgr] File not found O4 - Startup: C:\Users\Tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk = X:\I386\SYSTEM32\RUNDLL32.EXE (Microsoft Corporation) :Files C:\Users\Tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk C:\ProgramData\0tbpw.* C:\ProgramData\*.pad :Commands [purity] [resethosts] Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann! Danach sollte Windows wieder normal starten - stell uns bitte den Quarantäneordner von OTL zur Verfügung. Dabei bitte so vorgehen: 1.) GANZ WICHTIG!! Virenscanner deaktivieren, der darf das Packen nicht beeinträchtigen! 2.) Ordner movedfiles in C:\_OTL in eine Datei zippen 3.) Die erstellte ZIP-Datei hier hochladen => http://www.trojaner-board.de/54791-a...ner-board.html Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang in den Thread posten! 4.) Wenns erfolgreich war Bescheid sagen 5.) Erst dann wieder den Virenscanner einschalten |
23.12.2012, 20:02 | #5 |
| GVU Trojaner Hallo, bin nach Anleitung vorgegangen. Nach dem Button Fix hat mich der Rechner gefragt ob er neu starten soll. Ich habe auf Yes geklickt und er ist abgestürzt. Habe dann noch ca. 10 Min gewartet bis ich ihn resetet habe. Habe ihn wieder normal gestartet, also nicht mehr Boot von der CD und das Problem war noch immer vorhanden. lg |
23.12.2012, 20:11 | #6 |
/// Winkelfunktion /// TB-Süch-Tiger™ | GVU Trojaner Mach ein neues Log mit OTLPE
__________________ --> GVU Trojaner |
24.12.2012, 11:06 | #7 |
| GVU Trojaner OTL Logfile: Code:
ATTFilter OTL logfile created on: 12/24/2012 10:53:43 AM - Run OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE Windows Vista (TM) Home Premium Service Pack 2 (Version = 6.0.6002) - Type = System Internet Explorer (Version = 7.0.6002.18005) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 91.00% Memory free 3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 298.09 Gb Total Space | 123.74 Gb Free Space | 41.51% Space Free | Partition Type: NTFS Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Computer Name: REATOGO | User Name: SYSTEM Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days Using ControlSet: ControlSet001 ========== Win32 Services (SafeList) ========== SRV - [2012/12/21 11:43:46 | 000,212,480 | ---- | M] () [Auto] -- C:\Users\Tom\AppData\Local\Temp\wpbt0.dll -- (Winmgmt) SRV - [2012/12/14 01:14:51 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012/11/06 13:00:04 | 005,814,392 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto] -- C:\Program Files\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent) SRV - [2012/11/04 03:11:46 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012/10/22 07:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto] -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe -- (avgwd) SRV - [2012/10/20 01:51:48 | 000,711,112 | ---- | M] () [Auto] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe -- (vToolbarUpdater13.2.0) SRV - [2012/07/13 06:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2011/11/10 08:17:31 | 000,167,264 | ---- | M] () [On_Demand] -- C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service) SRV - [2010/02/04 23:16:20 | 000,419,224 | ---- | M] (CSR, plc) [Auto] -- C:\Windows\System32\HFGService.dll -- (HFGService) SRV - [2008/07/10 07:04:14 | 000,036,864 | ---- | M] () [Auto] -- C:\Program Files\Hotkey\PowerBiosServer.exe -- (PowerBiosServer) SRV - [2008/04/07 02:17:30 | 000,430,592 | ---- | M] (Nokia.) [On_Demand] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2008/01/20 21:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand] -- -- (IpInIp) DRV - [2012/10/22 07:02:46 | 000,179,936 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System] -- C:\Windows\System32\drivers\avgidsdriverx.sys -- (AVGIDSDriver) DRV - [2012/10/20 01:51:49 | 000,026,984 | ---- | M] (AVG Technologies) [Kernel | System] -- C:\Windows\System32\drivers\avgtpx86.sys -- (avgtp) DRV - [2012/10/14 21:48:52 | 000,055,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot] -- C:\Windows\System32\drivers\avgidshx.sys -- (AVGIDSHX) DRV - [2012/10/04 21:32:50 | 000,093,536 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86) DRV - [2012/10/01 20:30:38 | 000,159,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86) DRV - [2012/09/20 20:46:06 | 000,164,832 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix) DRV - [2012/09/20 20:46:00 | 000,177,376 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot] -- C:\Windows\System32\drivers\avglogx.sys -- (Avglogx) DRV - [2012/09/20 20:45:54 | 000,019,936 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System] -- C:\Windows\System32\drivers\avgidsshimx.sys -- (AVGIDSShim) DRV - [2012/09/13 20:05:20 | 000,035,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot] -- C:\Windows\System32\drivers\avgrkx86.sys -- (Avgrkx86) DRV - [2010/02/04 23:16:08 | 000,048,024 | ---- | M] (CSR, plc) [Kernel | On_Demand] -- C:\Windows\System32\drivers\BthAudioHF.sys -- (BthAudioHF) DRV - [2009/03/31 02:39:36 | 000,036,608 | ---- | M] () [Kernel | On_Demand] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk) DRV - [2009/03/20 03:01:26 | 000,121,856 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ss_bmdm.sys -- (ss_bmdm) DRV - [2009/03/20 03:01:26 | 000,090,112 | ---- | M] (MCCI) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ss_bbus.sys -- (ss_bbus) SAMSUNG USB Mobile Device (WDM) DRV - [2009/03/20 03:01:26 | 000,014,976 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ss_bmdfl.sys -- (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter) DRV - [2009/01/13 11:56:06 | 000,346,112 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\RTL8187B.sys -- (RTL8187B) DRV - [2008/03/31 08:44:46 | 001,069,608 | ---- | M] (Bison Electronics. Inc. ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\BisonC07.sys -- (Cam5607) DRV - [2008/03/28 05:04:00 | 007,445,856 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2008/03/03 02:12:50 | 000,048,128 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\SiSGB6.sys -- (SiSGbeLH) DRV - [2007/09/17 08:53:26 | 000,021,632 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd) DRV - [2007/07/17 09:05:04 | 000,092,032 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard) DRV - [2007/04/11 03:40:14 | 000,046,592 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ESD7SK.sys -- (ESDCR) DRV - [2007/04/11 03:40:06 | 000,067,584 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\EMS7SK.sys -- (EMSCR) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\Tom_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKU\Tom_ON_C\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\Tom_ON_C\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found IE - HKU\Tom_ON_C\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll (SweetIM Technologies Ltd.) IE - HKU\Tom_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\System32\Macromed\Flash\NPSWF32_11_5_502_135.dll () FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\13.2.0\\npsitesafety.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\System32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.669: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.669: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.669: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\ProgramData\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} [2010/01/22 12:06:51 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/11/05 11:57:45 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\FireFoxExt\13.2.0.5 [2012/11/10 02:39:48 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/11/04 03:11:47 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/11/04 03:11:37 | 000,000,000 | ---D | M] [2012/11/04 03:11:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2012/11/04 03:11:36 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012/11/04 03:11:47 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012/02/27 14:22:36 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012/11/10 02:39:35 | 000,003,571 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml [2012/09/19 23:30:25 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012/02/27 14:22:36 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012/02/27 14:22:36 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012/02/27 14:22:36 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012/02/27 14:22:36 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2012/12/23 19:50:21 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Shopping Assistant Plugin) - {1631550F-191D-4826-B069-D9439253D926} - C:\Program Files\PriceGong\2.6.4\PriceGongIE.dll (PriceGong) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - File not found O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll () O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll () O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found. O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O3 - HKU\Tom_ON_C\..\Toolbar\WebBrowser: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No CLSID value found. O3 - HKU\Tom_ON_C\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found. O3 - HKU\Tom_ON_C\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O3 - HKU\Tom_ON_C\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found. O3 - HKU\Tom_ON_C\..\Toolbar\WebBrowser: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [HotkeyOSD Software] C:\Program Files\Hotkey\HotKey.exe () O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [ROC_roc_ssl_v12] C:\Program Files\AVG Secure Search\ROC_roc_ssl_v12.exe () O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.) O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe () O4 - HKU\LocalService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\NetworkService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\Tom_ON_C..\Run: [compOUTE] File not found O4 - HKU\Tom_ON_C..\Run: [msnmsgr] File not found O4 - Startup: Error locating startup folders. O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O13 - gopher Prefix: missing O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - File not found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\13.2.0\ViProtocol.dll () O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2012/12/23 19:50:19 | 002,237,440 | R--- | C] (OldTimer Tools) -- C:\OTLPE.exe [2012/12/23 19:50:13 | 000,000,000 | ---D | C] -- C:\_OTL [2012/12/23 10:38:59 | 000,000,000 | -HSD | C] -- C:\RECYCLER [2012/12/21 01:53:16 | 000,293,376 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll [2012/12/21 01:53:16 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll [2012/12/12 01:59:09 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Wdfres.dll [2012/12/12 01:59:01 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFPlatform.dll [2012/12/12 01:59:01 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winusb.dll [2012/12/12 01:59:00 | 000,047,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\WdfLdr.sys [2012/12/12 01:58:58 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFCoinstaller.dll [2012/12/12 01:58:57 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFx.dll [2012/12/12 01:44:12 | 002,048,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2012/12/12 01:44:10 | 000,376,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dpnet.dll [2012/12/12 01:44:10 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dpnsvr.exe [2012/12/12 01:44:04 | 000,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll [2012/12/12 01:44:04 | 000,498,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2012/12/12 01:44:04 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2012/12/12 01:44:04 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2012/12/12 01:44:04 | 000,180,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2012/12/12 01:44:04 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2012/12/12 01:44:04 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2012/12/12 01:44:03 | 001,383,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2012/12/12 01:44:03 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll [2012/12/12 01:40:54 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll [2012/12/10 00:10:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG ========== Files - Modified Within 30 Days ========== [2012/12/23 13:58:32 | 095,023,320 | ---- | M] () -- C:\ProgramData\0tbpw.pad [2012/12/23 13:58:21 | 000,138,405 | ---- | M] () -- C:\ProgramData\nvModes.dat [2012/12/23 13:58:21 | 000,138,405 | ---- | M] () -- C:\ProgramData\nvModes.001 [2012/12/23 13:58:08 | 000,003,107 | ---- | M] () -- C:\ProgramData\0tbpw.js [2012/12/23 13:58:08 | 000,000,902 | ---- | M] () -- C:\Users\Tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk [2012/12/23 13:57:37 | 000,003,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012/12/23 13:57:37 | 000,003,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012/12/23 13:57:36 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012/12/23 13:57:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/12/23 13:57:16 | 3218,259,968 | -HS- | M] () -- C:\hiberfil.sys [2012/12/21 11:55:17 | 000,000,414 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{90CDE50F-0716-4E45-AE05-284A9FF51040}.job [2012/12/21 11:31:48 | 000,025,600 | ---- | M] () -- C:\Users\Tom\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012/12/21 11:25:05 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012/12/21 11:25:05 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012/12/21 11:25:05 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012/12/21 11:25:05 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012/12/21 11:16:24 | 000,376,064 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012/12/21 01:54:22 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2012/12/16 08:12:54 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\System32\atmlib.dll [2012/12/16 05:50:29 | 000,293,376 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll [2012/12/16 05:14:22 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012/12/14 09:03:01 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012/12/14 01:14:51 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2012/12/14 01:14:50 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2012/12/10 00:10:58 | 000,000,858 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk [2012/12/10 00:10:58 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG ========== Files Created - No Company Name ========== [2012/12/23 13:58:08 | 000,003,107 | ---- | C] () -- C:\ProgramData\0tbpw.js [2012/12/23 13:58:08 | 000,000,902 | ---- | C] () -- C:\Users\Tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk [2012/12/23 13:58:04 | 095,023,320 | ---- | C] () -- C:\ProgramData\0tbpw.pad [2012/12/23 13:57:16 | 3218,259,968 | -HS- | C] () -- C:\hiberfil.sys [2012/12/12 01:59:13 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf [2012/12/12 01:59:13 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf [2011/12/27 13:18:51 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll [2010/04/15 12:48:32 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll [2010/04/15 12:48:32 | 000,036,608 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys [2010/04/15 12:48:18 | 000,002,528 | ---- | C] () -- C:\Users\Tom\AppData\Roaming\$_hpcst$.hpc [2009/12/05 06:50:16 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat [2009/09/26 15:46:10 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2009/09/26 15:46:09 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009/08/03 08:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll [2009/08/03 08:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe [2009/05/09 12:28:40 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2008/12/25 09:53:35 | 000,025,600 | ---- | C] () -- C:\Users\Tom\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008/10/08 04:26:34 | 000,015,190 | ---- | C] () -- C:\Windows\M3000Twn.ini [2008/10/08 04:26:34 | 000,000,189 | ---- | C] () -- C:\Windows\OEM.ini [2008/10/08 03:38:17 | 000,138,405 | ---- | C] () -- C:\ProgramData\nvModes.001 [2008/10/08 03:38:09 | 000,138,405 | ---- | C] () -- C:\ProgramData\nvModes.dat [2008/10/08 03:05:01 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2008/10/08 02:34:53 | 000,356,352 | ---- | C] () -- C:\Windows\EMCRI.dll [2008/10/08 02:04:05 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2008/01/21 02:15:58 | 000,628,742 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2008/01/21 02:15:58 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2008/01/21 02:15:58 | 000,126,454 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2008/01/21 02:15:58 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2007/10/25 10:26:10 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys [2006/11/02 07:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006/11/02 07:47:37 | 000,376,064 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006/11/02 05:33:01 | 000,595,996 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006/11/02 05:33:01 | 000,104,070 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat ========== LOP Check ========== [2012/10/20 01:56:10 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\AVG2013 [2010/04/15 13:04:30 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\PC Suite [2011/12/27 13:18:54 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\pdfforge [2010/12/28 04:07:11 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Samsung [2012/10/20 01:52:51 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\TuneUp Software [2008/12/24 12:45:13 | 000,000,000 | -HSD | M] -- C:\ProgramData\Anwendungsdaten [2006/11/02 08:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data [2012/10/20 01:52:47 | 000,000,000 | ---D | M] -- C:\ProgramData\AVG Secure Search [2010/11/15 12:26:01 | 000,000,000 | ---D | M] -- C:\ProgramData\AVG Security Toolbar [2012/10/20 01:53:50 | 000,000,000 | ---D | M] -- C:\ProgramData\AVG2013 [2010/11/05 09:04:50 | 000,000,000 | -H-D | M] -- C:\ProgramData\Common Files [2006/11/02 08:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop [2006/11/02 08:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents [2008/12/24 12:45:13 | 000,000,000 | -HSD | M] -- C:\ProgramData\Dokumente [2008/12/24 12:45:13 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favoriten [2006/11/02 08:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites [2012/12/21 11:52:22 | 000,000,000 | ---D | M] -- C:\ProgramData\MFAData [2010/04/15 13:04:31 | 000,000,000 | ---D | M] -- C:\ProgramData\PC Suite [2006/11/02 08:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu [2008/12/24 12:45:13 | 000,000,000 | -HSD | M] -- C:\ProgramData\Startmenü [2012/04/21 14:33:22 | 000,000,000 | ---D | M] -- C:\ProgramData\SweetIM [2006/11/02 08:02:04 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates [2009/12/31 07:00:35 | 000,000,000 | ---D | M] -- C:\ProgramData\TOSHIBA [2008/12/24 12:45:13 | 000,000,000 | -HSD | M] -- C:\ProgramData\Vorlagen [2010/02/03 12:51:16 | 000,000,000 | ---D | M] -- C:\ProgramData\WinZip [2012/12/21 01:54:23 | 000,032,534 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2012/12/21 11:55:17 | 000,000,414 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{90CDE50F-0716-4E45-AE05-284A9FF51040}.job ========== Purity Check ========== < End of report > wie gewünscht. hoffe das mit dem code hat so gefunkt. bin leider nur pc user lg [/code] |
24.12.2012, 16:35 | #8 |
/// Winkelfunktion /// TB-Süch-Tiger™ | GVU Trojaner Wiederhol den Fix unter OTLPE bitte mit diesem Script: Code:
ATTFilter :OTL O4 - HKU\Tom_ON_C..\Run: [compOUTE] File not found O4 - HKU\Tom_ON_C..\Run: [msnmsgr] File not found [2012/12/23 13:58:32 | 095,023,320 | ---- | M] () -- C:\ProgramData\0tbpw.pad [2012/12/23 13:58:08 | 000,003,107 | ---- | M] () -- C:\ProgramData\0tbpw.js [2012/12/23 13:58:08 | 000,000,902 | ---- | M] () -- C:\Users\Tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk
__________________ Logfiles bitte immer in CODE-Tags posten |
24.12.2012, 18:31 | #9 |
| GVU Trojaner Code: ========== OTL ========== Registry value HKEY_USERS\Tom_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\compOUTE deleted successfully. Registry value HKEY_USERS\Tom_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\msnmsgr deleted successfully. C:\ProgramData\0tbpw.pad moved successfully. C:\ProgramData\0tbpw.js moved successfully. C:\Users\Tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk moved successfully. OTLPE by OldTimer - Version 3.1.48.0 log created on 12242012_182043 [/code] Hallo, anbei das Logfile. Hat nicht gefunkt. Problem besteht noch immer. lg |
24.12.2012, 19:09 | #10 |
/// Winkelfunktion /// TB-Süch-Tiger™ | GVU Trojaner Dann brauch ich wieder ein neues OTLPE-Log
__________________ Logfiles bitte immer in CODE-Tags posten |
24.12.2012, 19:43 | #11 |
| GVU Trojaner Code:OTL Logfile: Code:
ATTFilter OTL logfile created on: 12/24/2012 7:35:12 PM - Run OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE Windows Vista (TM) Home Premium Service Pack 2 (Version = 6.0.6002) - Type = System Internet Explorer (Version = 7.0.6002.18005) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 91.00% Memory free 3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 298.09 Gb Total Space | 123.65 Gb Free Space | 41.48% Space Free | Partition Type: NTFS Drive D: | 29.67 Gb Total Space | 24.90 Gb Free Space | 83.91% Space Free | Partition Type: FAT32 Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Computer Name: REATOGO | User Name: SYSTEM Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days Using ControlSet: ControlSet001 ========== Win32 Services (SafeList) ========== SRV - [2012/12/21 11:43:46 | 000,212,480 | ---- | M] () [Auto] -- C:\Users\Tom\AppData\Local\Temp\wpbt0.dll -- (Winmgmt) SRV - [2012/12/14 01:14:51 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012/11/06 13:00:04 | 005,814,392 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto] -- C:\Program Files\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent) SRV - [2012/11/04 03:11:46 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012/10/22 07:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto] -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe -- (avgwd) SRV - [2012/10/20 01:51:48 | 000,711,112 | ---- | M] () [Auto] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe -- (vToolbarUpdater13.2.0) SRV - [2012/07/13 06:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2011/11/10 08:17:31 | 000,167,264 | ---- | M] () [On_Demand] -- C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service) SRV - [2010/02/04 23:16:20 | 000,419,224 | ---- | M] (CSR, plc) [Auto] -- C:\Windows\System32\HFGService.dll -- (HFGService) SRV - [2008/07/10 07:04:14 | 000,036,864 | ---- | M] () [Auto] -- C:\Program Files\Hotkey\PowerBiosServer.exe -- (PowerBiosServer) SRV - [2008/04/07 02:17:30 | 000,430,592 | ---- | M] (Nokia.) [On_Demand] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2008/01/20 21:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand] -- -- (IpInIp) DRV - [2012/10/22 07:02:46 | 000,179,936 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System] -- C:\Windows\System32\drivers\avgidsdriverx.sys -- (AVGIDSDriver) DRV - [2012/10/20 01:51:49 | 000,026,984 | ---- | M] (AVG Technologies) [Kernel | System] -- C:\Windows\System32\drivers\avgtpx86.sys -- (avgtp) DRV - [2012/10/14 21:48:52 | 000,055,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot] -- C:\Windows\System32\drivers\avgidshx.sys -- (AVGIDSHX) DRV - [2012/10/04 21:32:50 | 000,093,536 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86) DRV - [2012/10/01 20:30:38 | 000,159,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86) DRV - [2012/09/20 20:46:06 | 000,164,832 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix) DRV - [2012/09/20 20:46:00 | 000,177,376 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot] -- C:\Windows\System32\drivers\avglogx.sys -- (Avglogx) DRV - [2012/09/20 20:45:54 | 000,019,936 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System] -- C:\Windows\System32\drivers\avgidsshimx.sys -- (AVGIDSShim) DRV - [2012/09/13 20:05:20 | 000,035,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot] -- C:\Windows\System32\drivers\avgrkx86.sys -- (Avgrkx86) DRV - [2010/02/04 23:16:08 | 000,048,024 | ---- | M] (CSR, plc) [Kernel | On_Demand] -- C:\Windows\System32\drivers\BthAudioHF.sys -- (BthAudioHF) DRV - [2009/03/31 02:39:36 | 000,036,608 | ---- | M] () [Kernel | On_Demand] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk) DRV - [2009/03/20 03:01:26 | 000,121,856 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ss_bmdm.sys -- (ss_bmdm) DRV - [2009/03/20 03:01:26 | 000,090,112 | ---- | M] (MCCI) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ss_bbus.sys -- (ss_bbus) SAMSUNG USB Mobile Device (WDM) DRV - [2009/03/20 03:01:26 | 000,014,976 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ss_bmdfl.sys -- (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter) DRV - [2009/01/13 11:56:06 | 000,346,112 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\RTL8187B.sys -- (RTL8187B) DRV - [2008/03/31 08:44:46 | 001,069,608 | ---- | M] (Bison Electronics. Inc. ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\BisonC07.sys -- (Cam5607) DRV - [2008/03/28 05:04:00 | 007,445,856 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2008/03/03 02:12:50 | 000,048,128 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\SiSGB6.sys -- (SiSGbeLH) DRV - [2007/09/17 08:53:26 | 000,021,632 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd) DRV - [2007/07/17 09:05:04 | 000,092,032 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard) DRV - [2007/04/11 03:40:14 | 000,046,592 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ESD7SK.sys -- (ESDCR) DRV - [2007/04/11 03:40:06 | 000,067,584 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\EMS7SK.sys -- (EMSCR) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\Tom_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKU\Tom_ON_C\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\Tom_ON_C\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found IE - HKU\Tom_ON_C\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll (SweetIM Technologies Ltd.) IE - HKU\Tom_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\System32\Macromed\Flash\NPSWF32_11_5_502_135.dll () FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\13.2.0\\npsitesafety.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\System32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.669: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.669: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.669: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\ProgramData\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} [2010/01/22 12:06:51 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/11/05 11:57:45 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\FireFoxExt\13.2.0.5 [2012/11/10 02:39:48 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/11/04 03:11:47 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/11/04 03:11:37 | 000,000,000 | ---D | M] [2012/11/04 03:11:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2012/11/04 03:11:36 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012/11/04 03:11:47 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012/02/27 14:22:36 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012/11/10 02:39:35 | 000,003,571 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml [2012/09/19 23:30:25 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012/02/27 14:22:36 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012/02/27 14:22:36 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012/02/27 14:22:36 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012/02/27 14:22:36 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2012/12/23 19:50:21 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Shopping Assistant Plugin) - {1631550F-191D-4826-B069-D9439253D926} - C:\Program Files\PriceGong\2.6.4\PriceGongIE.dll (PriceGong) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - File not found O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll () O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll () O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found. O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O3 - HKU\Tom_ON_C\..\Toolbar\WebBrowser: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No CLSID value found. O3 - HKU\Tom_ON_C\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found. O3 - HKU\Tom_ON_C\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O3 - HKU\Tom_ON_C\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found. O3 - HKU\Tom_ON_C\..\Toolbar\WebBrowser: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [HotkeyOSD Software] C:\Program Files\Hotkey\HotKey.exe () O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [ROC_roc_ssl_v12] C:\Program Files\AVG Secure Search\ROC_roc_ssl_v12.exe () O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.) O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe () O4 - HKU\LocalService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\NetworkService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - Startup: Error locating startup folders. O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O13 - gopher Prefix: missing O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - File not found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\13.2.0\ViProtocol.dll () O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2012/12/23 19:50:19 | 002,237,440 | R--- | C] (OldTimer Tools) -- C:\OTLPE.exe [2012/12/23 19:50:13 | 000,000,000 | ---D | C] -- C:\_OTL [2012/12/23 10:38:59 | 000,000,000 | -HSD | C] -- C:\RECYCLER [2012/12/21 01:53:16 | 000,293,376 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll [2012/12/21 01:53:16 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll [2012/12/12 01:59:09 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Wdfres.dll [2012/12/12 01:59:01 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFPlatform.dll [2012/12/12 01:59:01 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winusb.dll [2012/12/12 01:59:00 | 000,047,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\WdfLdr.sys [2012/12/12 01:58:58 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFCoinstaller.dll [2012/12/12 01:58:57 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFx.dll [2012/12/12 01:44:12 | 002,048,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2012/12/12 01:44:10 | 000,376,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dpnet.dll [2012/12/12 01:44:10 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dpnsvr.exe [2012/12/12 01:44:04 | 000,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll [2012/12/12 01:44:04 | 000,498,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2012/12/12 01:44:04 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2012/12/12 01:44:04 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2012/12/12 01:44:04 | 000,180,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2012/12/12 01:44:04 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2012/12/12 01:44:04 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2012/12/12 01:44:03 | 001,383,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2012/12/12 01:44:03 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll [2012/12/12 01:40:54 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll [2012/12/10 00:10:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG ========== Files - Modified Within 30 Days ========== [2012/12/24 12:31:47 | 095,023,320 | ---- | M] () -- C:\ProgramData\0tbpw.pad [2012/12/24 12:30:54 | 000,000,680 | ---- | M] () -- C:\Users\Tom\AppData\Local\d3d9caps.dat [2012/12/24 12:30:53 | 000,000,414 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{90CDE50F-0716-4E45-AE05-284A9FF51040}.job [2012/12/24 12:26:09 | 000,138,405 | ---- | M] () -- C:\ProgramData\nvModes.dat [2012/12/24 12:26:09 | 000,138,405 | ---- | M] () -- C:\ProgramData\nvModes.001 [2012/12/24 12:25:55 | 000,003,107 | ---- | M] () -- C:\ProgramData\0tbpw.js [2012/12/24 12:25:55 | 000,000,902 | ---- | M] () -- C:\Users\Tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk [2012/12/24 12:25:48 | 000,003,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012/12/24 12:25:48 | 000,003,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012/12/24 12:25:38 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012/12/24 12:25:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/12/24 12:25:16 | 3218,259,968 | -HS- | M] () -- C:\hiberfil.sys [2012/12/21 11:31:48 | 000,025,600 | ---- | M] () -- C:\Users\Tom\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012/12/21 11:25:05 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012/12/21 11:25:05 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012/12/21 11:25:05 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012/12/21 11:25:05 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012/12/21 11:16:24 | 000,376,064 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012/12/21 01:54:22 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2012/12/16 08:12:54 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\System32\atmlib.dll [2012/12/16 05:50:29 | 000,293,376 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll [2012/12/16 05:14:22 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012/12/14 09:03:01 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012/12/14 01:14:51 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2012/12/14 01:14:50 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2012/12/10 00:10:58 | 000,000,858 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk [2012/12/10 00:10:58 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG ========== Files Created - No Company Name ========== [2012/12/24 12:30:54 | 000,000,680 | ---- | C] () -- C:\Users\Tom\AppData\Local\d3d9caps.dat [2012/12/24 12:25:55 | 000,003,107 | ---- | C] () -- C:\ProgramData\0tbpw.js [2012/12/24 12:25:55 | 000,000,902 | ---- | C] () -- C:\Users\Tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk [2012/12/24 12:25:53 | 095,023,320 | ---- | C] () -- C:\ProgramData\0tbpw.pad [2012/12/23 13:57:16 | 3218,259,968 | -HS- | C] () -- C:\hiberfil.sys [2012/12/12 01:59:13 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf [2012/12/12 01:59:13 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf [2011/12/27 13:18:51 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll [2010/04/15 12:48:32 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll [2010/04/15 12:48:32 | 000,036,608 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys [2010/04/15 12:48:18 | 000,002,528 | ---- | C] () -- C:\Users\Tom\AppData\Roaming\$_hpcst$.hpc [2009/12/05 06:50:16 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat [2009/09/26 15:46:10 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2009/09/26 15:46:09 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009/08/03 08:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll [2009/08/03 08:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe [2009/05/09 12:28:40 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2008/12/25 09:53:35 | 000,025,600 | ---- | C] () -- C:\Users\Tom\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008/10/08 04:26:34 | 000,015,190 | ---- | C] () -- C:\Windows\M3000Twn.ini [2008/10/08 04:26:34 | 000,000,189 | ---- | C] () -- C:\Windows\OEM.ini [2008/10/08 03:38:17 | 000,138,405 | ---- | C] () -- C:\ProgramData\nvModes.001 [2008/10/08 03:38:09 | 000,138,405 | ---- | C] () -- C:\ProgramData\nvModes.dat [2008/10/08 03:05:01 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2008/10/08 02:34:53 | 000,356,352 | ---- | C] () -- C:\Windows\EMCRI.dll [2008/10/08 02:04:05 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2008/01/21 02:15:58 | 000,628,742 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2008/01/21 02:15:58 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2008/01/21 02:15:58 | 000,126,454 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2008/01/21 02:15:58 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2007/10/25 10:26:10 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys [2006/11/02 07:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006/11/02 07:47:37 | 000,376,064 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006/11/02 05:33:01 | 000,595,996 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006/11/02 05:33:01 | 000,104,070 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat ========== LOP Check ========== [2012/10/20 01:56:10 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\AVG2013 [2010/04/15 13:04:30 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\PC Suite [2011/12/27 13:18:54 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\pdfforge [2010/12/28 04:07:11 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Samsung [2012/10/20 01:52:51 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\TuneUp Software [2008/12/24 12:45:13 | 000,000,000 | -HSD | M] -- C:\ProgramData\Anwendungsdaten [2006/11/02 08:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data [2012/10/20 01:52:47 | 000,000,000 | ---D | M] -- C:\ProgramData\AVG Secure Search [2010/11/15 12:26:01 | 000,000,000 | ---D | M] -- C:\ProgramData\AVG Security Toolbar [2012/10/20 01:53:50 | 000,000,000 | ---D | M] -- C:\ProgramData\AVG2013 [2010/11/05 09:04:50 | 000,000,000 | -H-D | M] -- C:\ProgramData\Common Files [2006/11/02 08:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop [2006/11/02 08:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents [2008/12/24 12:45:13 | 000,000,000 | -HSD | M] -- C:\ProgramData\Dokumente [2008/12/24 12:45:13 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favoriten [2006/11/02 08:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites [2012/12/24 12:30:55 | 000,000,000 | ---D | M] -- C:\ProgramData\MFAData [2010/04/15 13:04:31 | 000,000,000 | ---D | M] -- C:\ProgramData\PC Suite [2006/11/02 08:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu [2008/12/24 12:45:13 | 000,000,000 | -HSD | M] -- C:\ProgramData\Startmenü [2012/04/21 14:33:22 | 000,000,000 | ---D | M] -- C:\ProgramData\SweetIM [2006/11/02 08:02:04 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates [2009/12/31 07:00:35 | 000,000,000 | ---D | M] -- C:\ProgramData\TOSHIBA [2008/12/24 12:45:13 | 000,000,000 | -HSD | M] -- C:\ProgramData\Vorlagen [2010/02/03 12:51:16 | 000,000,000 | ---D | M] -- C:\ProgramData\WinZip [2012/12/21 01:54:23 | 000,032,534 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2012/12/24 12:30:53 | 000,000,414 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{90CDE50F-0716-4E45-AE05-284A9FF51040}.job ========== Purity Check ========== < End of report > anbei das Log |
26.12.2012, 21:14 | #12 |
/// Winkelfunktion /// TB-Süch-Tiger™ | GVU Trojaner Und wie ein Fix mit OTLPE mit diesem Script: Code:
ATTFilter :OTL SRV - [2012/12/21 11:43:46 | 000,212,480 | ---- | M] () [Auto] -- C:\Users\Tom\AppData\Local\Temp\wpbt0.dll -- (Winmgmt) O3 - HKU\Tom_ON_C\..\Toolbar\WebBrowser: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No CLSID value found. O3 - HKU\Tom_ON_C\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found. O3 - HKU\Tom_ON_C\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O3 - HKU\Tom_ON_C\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found. O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - File not found O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found. :Files C:\ProgramData\0tbpw.pad C:\ProgramData\0tbpw.js C:\Users\Tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk C:\Users\Tom\AppData\Local\Temp\wpbt0.dll
__________________ Logfiles bitte immer in CODE-Tags posten |
Themen zu GVU Trojaner |
abgesicherte, abgesicherten, abgesicherten modus, arten, bitte um hilfe, eigefangen, gen, gvu trojaner, meldung, modus, nicht mehr, starte, starten, troja, trojane, trojaner |