| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Wie GVU-Trojaner entfernen?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
11.06.2013, 19:47
| #1 |
 |  Wie GVU-Trojaner entfernen? Hallo ihr, leider habe ich seit heute einen Virus, wie ich in der Recherche herausgefunden habe, der sogenannte GVU-Trojaner. Und zwar zeigt mein Laptop nur das Bild der "Gesellschaft zur Verfügung von Urheberrechtsverletzung e.V." an. Zusätzlich ist sogar ein Bild von mir zu sehen, beängstigend. Zu meiner Frage, wie werde ich den wieder los? Hier schon mal meine logfile aus OTL: Vielen Dank schon mal  OTL logfile created on: 11.06.2013 20:37:52 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\karinmarc\Downloads Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16576) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 984,60 Mb Total Physical Memory | 101,19 Mb Available Physical Memory | 10,28% Memory free 1,96 Gb Paging File | 1,11 Gb Available in Paging File | 56,78% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files Drive C: | 187,67 Gb Total Space | 129,23 Gb Free Space | 68,86% Space Free | Partition Type: NTFS Drive D: | 30,25 Gb Total Space | 29,54 Gb Free Space | 97,68% Space Free | Partition Type: NTFS Drive E: | 5,93 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: KARINMARC-PC | User Name: karinmarc | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.06.07 14:57:42 | 000,770,608 | ---- | M] (Microsoft Corporation) -- C:\Programme\Internet Explorer\iexplore.exe PRC - [2013.05.07 16:18:50 | 006,425,984 | ---- | M] (Enigma Software Group USA, LLC.) -- C:\Programme\Enigma Software Group\SpyHunter\SpyHunter4.exe PRC - [2012.11.01 12:35:45 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\karinmarc\Downloads\OTL.exe PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe ========== Modules (No Company Name) ========== ========== Services (SafeList) ========== SRV - [2013.05.15 17:52:38 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.05.13 14:30:40 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2013.05.13 14:30:11 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2013.05.07 16:18:42 | 000,770,432 | ---- | M] (Enigma Software Group USA, LLC.) [Auto | Stopped] -- C:\Programme\Enigma Software Group\SpyHunter\SH4Service.exe -- (SpyHunter 4 Service) SRV - [2012.05.29 13:09:52 | 001,528,672 | ---- | M] (TuneUp Software) [Auto | Stopped] -- C:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc) SRV - [2011.07.20 06:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2010.12.10 19:30:50 | 000,086,880 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter) SRV - [2010.12.10 19:29:30 | 029,293,408 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$MSSMLBIZ) SRV - [2010.12.10 19:29:30 | 000,238,944 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- c:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser) SRV - [2010.12.10 19:29:30 | 000,044,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Programme\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper) SRV - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2009.09.22 20:16:32 | 000,579,400 | ---- | M] (Lenovo Group Limited) [On_Demand | Stopped] -- C:\Programme\Lenovo\ReadyComm\ConnSvc.exe -- (Lenovo ReadyComm ConnSvc) SRV - [2009.08.14 16:22:48 | 000,509,192 | ---- | M] (Lenovo Group Limited) [On_Demand | Stopped] -- C:\Programme\Lenovo\ReadyComm\AppSvc.exe -- (Lenovo ReadyComm AppSvc) SRV - [2009.07.16 05:12:42 | 000,276,296 | ---- | M] (Lenovo Group Limited) [On_Demand | Stopped] -- C:\Programme\Lenovo\ReadyComm\PS_MDP.dll -- (PS_MDP) SRV - [2009.07.14 16:27:26 | 000,038,152 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Programme\Lenovo\ReadyComm\common\IGRS.exe -- (IGRS) SRV - [2009.07.14 16:27:20 | 000,103,688 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Programme\Lenovo\ReadyComm\common\router.dll -- (ReadyComm.DirectRouter) SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2009.06.04 21:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) SRV - [2008.01.16 11:51:44 | 000,030,312 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc) SRV - [2007.05.28 18:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) [Auto | Stopped] -- C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE) SRV - [2006.10.26 16:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- D:\test\ECECECEC\WinRing0.sys -- (WinRing0_1_2_0) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\RtsUCcid.sys -- (USBCCID) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\Rts516xIR.sys -- (RtsUIR) DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\RtsUStor.sys -- (RSUSBSTOR) DRV - [2013.05.13 14:30:57 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2013.05.13 14:30:57 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2013.05.13 14:30:56 | 000,135,136 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2013.05.13 14:30:56 | 000,084,744 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2012.06.22 12:01:32 | 000,019,984 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\EsgScanner.sys -- (EsgScanner) DRV - [2012.05.08 15:21:42 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Stopped] -- C:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv) DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010.04.27 10:51:55 | 000,722,416 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd) DRV - [2009.12.23 13:08:25 | 000,054,800 | ---- | M] () [Kernel | System | Stopped] -- C:\windows\System32\drivers\funfrm.sys -- (funfrm) DRV - [2009.09.14 20:04:28 | 000,217,136 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService) DRV - [2009.07.28 23:09:36 | 000,063,240 | ---- | M] (Lenovo) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wdbridge.sys -- (Bridge0) DRV - [2009.07.21 23:14:58 | 000,081,704 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wsvd.sys -- (wsvd) DRV - [2009.07.16 14:37:14 | 000,011,792 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WDMirror.sys -- (wdmirror) DRV - [2009.07.14 00:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\k57nd60x.sys -- (k57nd60x) DRV - [2009.06.26 00:12:18 | 001,168,880 | ---- | M] (Bison Electronics. Inc. ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BisonC07.sys -- (Cam5607) DRV - [2009.06.15 04:46:22 | 000,475,648 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService) DRV - [2009.05.19 15:43:08 | 000,021,520 | ---- | M] (Lenovo Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AcpiVpc.sys -- (ACPIVPC) DRV - [2009.05.14 02:40:38 | 004,231,680 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (netw5v32) DRV - [2009.04.29 15:37:26 | 000,025,088 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\KMWDFILTER.sys -- (KMWDFILTERx86) DRV - [2008.08.06 14:34:16 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://www.google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\..\SearchScopes,bProtectorDefaultScope = {7C330050-6BE3-450A-9ECC-E81F45A3919F} IE - HKCU\..\SearchScopes,DefaultScope = {7C330050-6BE3-450A-9ECC-E81F45A3919F} IE - HKCU\..\SearchScopes\{7C330050-6BE3-450A-9ECC-E81F45A3919F}: "URL" = hxxp://www.google.de/search?q={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) [2012.10.26 16:00:47 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [Energy Management] C:\Programme\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited) O4 - HKLM..\Run: [EnergyUtility] C:\Programme\Lenovo\Energy Management\utility.exe (Lenovo(beijing) Limited) O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) O4 - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe () O4 - HKLM..\Run: [UpdateP2GShortCut] C:\Program Files\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\RunOnce: [GrpConv] C:\windows\System32\grpconv.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\windows\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\karinmarc\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{62197E85-84AE-4249-86CA-DBE422890DB0}: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (c:\progra~2\browse~1\23796~1.11\{16cdf~1\browse~1.dll) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.06.11 19:19:32 | 000,000,000 | ---D | C] -- C:\Users\karinmarc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter [2013.06.11 19:19:31 | 000,000,000 | ---D | C] -- C:\sh4ldr [2013.06.11 19:19:31 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group [2013.06.11 19:19:16 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard [2013.05.27 09:36:13 | 000,000,000 | ---D | C] -- C:\Users\karinmarc\Desktop\LMZ [2013.05.15 21:14:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PRD [2013.05.15 21:13:35 | 000,000,000 | ---D | C] -- C:\ProgramData\PRD [2013.05.13 17:41:59 | 000,000,000 | ---D | C] -- C:\Users\karinmarc\AppData\Roaming\Avira [2013.05.13 17:38:10 | 000,066,656 | ---- | C] (Avira GmbH) -- C:\windows\System32\drivers\avnetflt.sys [2013.05.13 17:36:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2013.05.13 17:36:02 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\windows\System32\drivers\ssmdrv.sys [2013.05.13 17:35:58 | 000,135,136 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\windows\System32\drivers\avipbb.sys [2013.05.13 17:35:58 | 000,037,352 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\windows\System32\drivers\avkmgr.sys [2013.05.13 17:35:57 | 000,084,744 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\windows\System32\drivers\avgntflt.sys [2013.05.13 17:35:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2013.05.13 17:35:37 | 000,000,000 | ---D | C] -- C:\Program Files\Avira [2013.05.13 13:42:40 | 000,031,584 | ---- | C] (TuneUp Software) -- C:\windows\System32\TURegOpt.exe [2013.05.13 13:42:39 | 000,021,344 | ---- | C] (TuneUp Software) -- C:\windows\System32\authuitu.dll [2013.05.13 13:42:20 | 000,000,000 | ---D | C] -- C:\Users\karinmarc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2012 [2013.05.13 13:41:49 | 000,000,000 | ---D | C] -- C:\Users\karinmarc\AppData\Roaming\TuneUp Software [2013.05.13 13:41:26 | 000,000,000 | ---D | C] -- C:\Program Files\TuneUp Utilities 2012 [2013.05.13 13:38:17 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software [2013.05.13 13:38:05 | 000,000,000 | -HSD | C] -- C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936} [2013.05.13 13:38:05 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files [1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.06.11 19:19:32 | 000,002,254 | ---- | M] () -- C:\Users\karinmarc\Desktop\SpyHunter.lnk [2013.06.11 19:15:03 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2013.06.11 19:14:55 | 774,316,032 | -HS- | M] () -- C:\hiberfil.sys [2013.06.11 19:12:50 | 000,000,004 | ---- | M] () -- C:\Users\karinmarc\AppData\Roaming\skype.ini [2013.06.11 19:02:47 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job [2013.06.11 09:51:55 | 000,009,696 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.06.11 09:51:54 | 000,009,696 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.06.07 14:57:39 | 000,025,185 | ---- | M] () -- C:\windows\System32\ieuinit.inf [2013.06.05 07:42:21 | 000,701,108 | ---- | M] () -- C:\windows\System32\perfh007.dat [2013.06.05 07:42:21 | 000,662,950 | ---- | M] () -- C:\windows\System32\perfh009.dat [2013.06.05 07:42:21 | 000,147,762 | ---- | M] () -- C:\windows\System32\perfc007.dat [2013.06.05 07:42:21 | 000,124,144 | ---- | M] () -- C:\windows\System32\perfc009.dat [2013.06.04 21:56:28 | 000,005,454 | ---- | M] () -- C:\Users\karinmarc\.recently-used.xbel [2013.05.17 11:04:06 | 000,438,800 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT [2013.05.15 21:14:14 | 000,002,189 | ---- | M] () -- C:\Users\Public\Desktop\Small- und XL-Talker-Emulation Pro 5.09.lnk [2013.05.13 17:37:54 | 000,066,656 | ---- | M] (Avira GmbH) -- C:\windows\System32\drivers\avnetflt.sys [2013.05.13 17:36:21 | 000,001,940 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2013.05.13 14:30:57 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\windows\System32\drivers\avkmgr.sys [2013.05.13 14:30:57 | 000,028,520 | ---- | M] (Avira GmbH) -- C:\windows\System32\drivers\ssmdrv.sys [2013.05.13 14:30:56 | 000,135,136 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\windows\System32\drivers\avipbb.sys [2013.05.13 14:30:56 | 000,084,744 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\windows\System32\drivers\avgntflt.sys [1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.06.11 19:19:32 | 000,002,254 | ---- | C] () -- C:\Users\karinmarc\Desktop\SpyHunter.lnk [2013.06.11 11:43:58 | 000,000,004 | ---- | C] () -- C:\Users\karinmarc\AppData\Roaming\skype.ini [2013.06.07 14:57:39 | 000,025,185 | ---- | C] () -- C:\windows\System32\ieuinit.inf [2013.06.04 21:56:28 | 000,005,454 | ---- | C] () -- C:\Users\karinmarc\.recently-used.xbel [2013.05.15 21:14:14 | 000,002,189 | ---- | C] () -- C:\Users\Public\Desktop\Small- und XL-Talker-Emulation Pro 5.09.lnk [2013.05.13 17:36:21 | 000,001,940 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2013.05.13 13:42:20 | 000,002,169 | ---- | C] () -- C:\Users\karinmarc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2012.lnk [2012.06.22 12:01:32 | 000,019,984 | ---- | C] () -- C:\windows\System32\ESGScanner.sys [2012.06.22 12:01:32 | 000,019,984 | ---- | C] () -- C:\windows\System32\drivers\EsgScanner.sys [2012.01.11 22:48:21 | 000,069,120 | ---- | C] () -- C:\Users\karinmarc\AppData\Roaming\skype.dat [2011.02.18 17:04:54 | 000,015,872 | ---- | C] () -- C:\Users\karinmarc\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.12.03 21:01:35 | 000,071,773 | ---- | C] () -- C:\Users\karinmarc\AppData\Roaming\mdbu.bin [2010.08.17 18:24:38 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010.08.09 22:31:04 | 000,000,085 | -HS- | C] () -- C:\ProgramData\.zreglib ========== ZeroAccess Check ========== [2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] "ThreadingModel" = Both "" = C:\$Recycle.Bin\S-1-5-21-3508115285-3927607865-4197888768-1003\$1edae7e152561aaadab148fb9fbb8e52\n. [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2012.04.23 20:38:44 | 000,000,000 | ---D | M] -- C:\Users\karinmarc\AppData\Roaming\Audacity [2013.04.02 20:11:23 | 000,000,000 | ---D | M] -- C:\Users\karinmarc\AppData\Roaming\Daiwi [2012.04.21 20:40:22 | 000,000,000 | ---D | M] -- C:\Users\karinmarc\AppData\Roaming\DVDVideoSoft [2012.04.21 20:39:58 | 000,000,000 | ---D | M] -- C:\Users\karinmarc\AppData\Roaming\DVDVideoSoftIEHelpers [2010.03.31 18:16:37 | 000,000,000 | ---D | M] -- C:\Users\karinmarc\AppData\Roaming\EasyCapture [2012.07.06 20:29:37 | 000,000,000 | ---D | M] -- C:\Users\karinmarc\AppData\Roaming\Eendsoft [2013.02.26 20:04:32 | 000,000,000 | ---D | M] -- C:\Users\karinmarc\AppData\Roaming\gtk-2.0 [2012.10.26 16:01:03 | 000,000,000 | ---D | M] -- C:\Users\karinmarc\AppData\Roaming\PDFReaderPackages [2012.10.26 16:01:10 | 000,000,000 | ---D | M] -- C:\Users\karinmarc\AppData\Roaming\SumatraPDF [2013.05.13 13:41:49 | 000,000,000 | ---D | M] -- C:\Users\karinmarc\AppData\Roaming\TuneUp Software [2013.04.02 16:40:18 | 000,000,000 | ---D | M] -- C:\Users\karinmarc\AppData\Roaming\Ucqyu [2013.03.23 10:37:10 | 000,000,000 | ---D | M] -- C:\Users\karinmarc\AppData\Roaming\Ynha ========== Purity Check ========== < End of report > |
|
11.06.2013, 19:52
| #2 |
| /// the machine /// TB-Ausbilder    | Wie GVU-Trojaner entfernen? hi,
__________________[indent] Scan mit Farbar's Recovery Scan Tool (Recovery Mode - Windows Vista, 7, 8) Hinweise für Windows 8-Nutzer: Anleitung 1 (FRST-Variante) und Anleitung 2 (zweiter Teil)
__________________ |
|
11.06.2013, 20:39
| #3 |
| | Wie GVU-Trojaner entfernen? FRST Logfile:
__________________FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-06-2013 03
Ran by SYSTEM on 11-06-2013 21:34:49
Running from G:\
Windows 7 Home Premium (X86) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Recovery
The current controlset is ControlSet001
ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and Addition.txt log.
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-04] (Intel Corporation)
HKLM\...\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t [307768 2009-07-15] ()
HKLM\...\Run: [UpdateP2GShortCut] "C:\Program Files\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0" [x]
HKLM\...\Run: [EnergyUtility] C:\Program Files\Lenovo\Energy Management\utility.exe [4114288 2009-09-29] (Lenovo(beijing) Limited)
HKLM\...\Run: [Energy Management] C:\Program Files\Lenovo\Energy Management\Energy Management.exe [5064560 2009-09-29] (Lenovo (Beijing) Limited)
HKLM\...\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min [345312 2013-05-13] (Avira Operations GmbH & Co. KG)
HKLM\...\Runonce: [GrpConv] grpconv -o [x]
HKU\Default\...\RunOnce: [WLStart] "C:\Program Files\Windows Live\Installer\wlstart.exe" /nosearch /nohomepage [ 2009-07-26] (Microsoft Corporation)
HKU\Default User\...\RunOnce: [WLStart] "C:\Program Files\Windows Live\Installer\wlstart.exe" /nosearch /nohomepage [ 2009-07-26] (Microsoft Corporation)
========================== Services (Whitelisted) =================
S2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [86752 2013-05-13] (Avira Operations GmbH & Co. KG)
S2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [110816 2013-05-13] (Avira Operations GmbH & Co. KG)
S2 IGRS; C:\Program Files\Lenovo\ReadyComm\common\IGRS.exe [38152 2009-07-14] (Lenovo Group Limited)
S3 Lenovo ReadyComm AppSvc; C:\Program Files\Lenovo\ReadyComm\AppSvc.exe [509192 2009-08-14] (Lenovo Group Limited)
S3 Lenovo ReadyComm ConnSvc; C:\Program Files\Lenovo\ReadyComm\ConnSvc.exe [579400 2009-09-22] (Lenovo Group Limited)
S3 MSSQL$MSSMLBIZ; c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)
S3 PS_MDP; C:\Program Files\Lenovo\ReadyComm\PS_MDP.dll [276296 2009-07-15] (Lenovo Group Limited)
S2 ReadyComm.DirectRouter; C:\Program Files\Lenovo\ReadyComm\common\router.dll [103688 2009-07-14] (Lenovo Group Limited)
S2 SpyHunter 4 Service; C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE [770432 2013-05-07] (Enigma Software Group USA, LLC.)
S2 StarWindServiceAE; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [275968 2007-05-28] (Rocket Division Software)
S2 TuneUp.UtilitiesSvc; C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe [1528672 2012-05-29] (TuneUp Software)
==================== Drivers (Whitelisted) ====================
S3 ACPIVPC; C:\Windows\System32\DRIVERS\AcpiVpc.sys [21520 2009-05-19] (Lenovo Corporation)
S2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [84744 2013-05-13] (Avira Operations GmbH & Co. KG)
S1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135136 2013-05-13] (Avira Operations GmbH & Co. KG)
S1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-05-13] (Avira Operations GmbH & Co. KG)
S3 Bridge0; C:\Windows\System32\drivers\WDBridge.sys [63240 2009-07-28] (Lenovo)
S3 Cam5607; C:\Windows\System32\Drivers\BisonC07.sys [1168880 2009-06-25] (Bison Electronics. Inc. )
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [19984 2012-06-22] ()
S1 funfrm; C:\Windows\System32\Drivers\funfrm.sys [54800 2009-12-23] ()
S3 KMWDFILTERx86; C:\Windows\System32\DRIVERS\KMWDFILTER.sys [25088 2009-04-29] (Windows (R) Codename Longhorn DDK provider)
S0 sptd; C:\Windows\System32\Drivers\sptd.sys [722416 2010-04-27] (Duplex Secure Ltd.)
S1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-05-13] (Avira GmbH)
S3 TuneUpUtilitiesDrv; C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys [10064 2012-05-08] (TuneUp Software)
S3 wdmirror; C:\Windows\System32\DRIVERS\WDMirror.sys [11792 2009-07-16] (Windows (R) Codename Longhorn DDK provider)
S3 wsvd; C:\Windows\System32\DRIVERS\wsvd.sys [81704 2009-07-21] (CyberLink)
S3 RSUSBSTOR; System32\Drivers\RtsUStor.sys [x]
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [x]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [x]
S3 WinRing0_1_2_0; \??\D:\test\ECECECEC\WinRing0.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-06-11 21:34 - 2013-06-11 21:34 - 00000000 ____D C:\FRST
2013-06-11 10:47 - 2013-06-11 10:47 - 00049446 ____A C:\Users\karinmarc\Downloads\OTL11.06.Txt
2013-06-11 09:19 - 2013-06-11 09:19 - 00002254 ____A C:\Users\karinmarc\Desktop\SpyHunter.lnk
2013-06-11 09:19 - 2013-06-11 09:19 - 00000000 ____D C:\Windows\4941BFEB62C047A2801E998FC469CC2C.TMP
2013-06-11 09:19 - 2013-06-11 09:19 - 00000000 ____D C:\sh4ldr
2013-06-11 09:19 - 2013-06-11 09:19 - 00000000 ____D C:\Program Files\Enigma Software Group
2013-06-11 09:19 - 2013-06-11 09:19 - 00000000 ____D C:\Program Files\Common Files\Wise Installation Wizard
2013-06-11 09:17 - 2013-06-11 09:18 - 00728960 ____A (Enigma Software Group USA, LLC.) C:\Users\karinmarc\Downloads\SpyHunter-Installer.exe
2013-06-11 01:43 - 2013-06-11 09:12 - 00000004 ____A C:\Users\karinmarc\AppData\Roaming\skype.ini
2013-06-07 04:57 - 2013-06-07 04:57 - 14323712 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-07 04:57 - 2013-06-07 04:57 - 13760512 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-07 04:57 - 2013-06-07 04:57 - 02877440 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-07 04:57 - 2013-06-07 04:57 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-07 04:57 - 2013-06-07 04:57 - 02046976 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-07 04:57 - 2013-06-07 04:57 - 01767424 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-07 04:57 - 2013-06-07 04:57 - 01441280 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-06-07 04:57 - 2013-06-07 04:57 - 01400416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2013-06-07 04:57 - 2013-06-07 04:57 - 01130496 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-07 04:57 - 2013-06-07 04:57 - 00745472 ____A (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2013-06-07 04:57 - 2013-06-07 04:57 - 00719360 ____A (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2013-06-07 04:57 - 2013-06-07 04:57 - 00690688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-06-07 04:57 - 2013-06-07 04:57 - 00629248 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2013-06-07 04:57 - 2013-06-07 04:57 - 00523264 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-06-07 04:57 - 2013-06-07 04:57 - 00493056 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-07 04:57 - 2013-06-07 04:57 - 00391168 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-07 04:57 - 2013-06-07 04:57 - 00361984 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2013-06-07 04:57 - 2013-06-07 04:57 - 00357888 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2013-06-07 04:57 - 2013-06-07 04:57 - 00242200 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2013-06-07 04:57 - 2013-06-07 04:57 - 00232960 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-06-07 04:57 - 2013-06-07 04:57 - 00226816 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2013-06-07 04:57 - 2013-06-07 04:57 - 00204800 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2013-06-07 04:57 - 2013-06-07 04:57 - 00185344 ____A (Microsoft Corporation) C:\Windows\System32\elshyph.dll
2013-06-07 04:57 - 2013-06-07 04:57 - 00163840 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2013-06-07 04:57 - 2013-06-07 04:57 - 00158720 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2013-06-07 04:57 - 2013-06-07 04:57 - 00150528 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2013-06-07 04:57 - 2013-06-07 04:57 - 00138752 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2013-06-07 04:57 - 2013-06-07 04:57 - 00137216 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-06-07 04:57 - 2013-06-07 04:57 - 00125440 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2013-06-07 04:57 - 2013-06-07 04:57 - 00117248 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2013-06-07 04:57 - 2013-06-07 04:57 - 00110592 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2013-06-07 04:57 - 2013-06-07 04:57 - 00109056 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-06-07 04:57 - 2013-06-07 04:57 - 00082432 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2013-06-07 04:57 - 2013-06-07 04:57 - 00079872 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-06-07 04:57 - 2013-06-07 04:57 - 00073728 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2013-06-07 04:57 - 2013-06-07 04:57 - 00071680 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-06-07 04:57 - 2013-06-07 04:57 - 00069120 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2013-06-07 04:57 - 2013-06-07 04:57 - 00061952 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2013-06-07 04:57 - 2013-06-07 04:57 - 00061440 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-06-07 04:57 - 2013-06-07 04:57 - 00057344 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2013-06-07 04:57 - 2013-06-07 04:57 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2013-06-07 04:57 - 2013-06-07 04:57 - 00042496 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-06-07 04:57 - 2013-06-07 04:57 - 00041984 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2013-06-07 04:57 - 2013-06-07 04:57 - 00039424 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-06-07 04:57 - 2013-06-07 04:57 - 00038400 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2013-06-07 04:57 - 2013-06-07 04:57 - 00033280 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-06-07 04:57 - 2013-06-07 04:57 - 00023040 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2013-06-07 04:57 - 2013-06-07 04:57 - 00012800 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2013-06-07 04:57 - 2013-06-07 04:57 - 00011776 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2013-06-07 04:55 - 2013-06-07 05:00 - 00010529 ____A C:\Windows\IE10_main.log
2013-06-04 11:56 - 2013-06-04 11:56 - 00005454 ____A C:\Users\karinmarc\.recently-used.xbel
2013-05-30 09:38 - 2013-06-11 09:02 - 00003472 ____A C:\Windows\setupact.log
2013-05-26 23:36 - 2013-06-10 11:12 - 00000000 ____D C:\Users\karinmarc\Desktop\LMZ
2013-05-16 05:34 - 2013-04-09 21:18 - 00728424 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
2013-05-16 05:34 - 2013-04-09 21:18 - 00218984 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgmms1.sys
2013-05-16 05:34 - 2013-04-09 19:14 - 02347520 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-05-16 05:34 - 2013-03-18 20:53 - 00186368 ____A (Microsoft Corporation) C:\Windows\System32\wwansvc.dll
2013-05-16 05:34 - 2013-03-18 19:33 - 00040960 ____A (Microsoft Corporation) C:\Windows\System32\wwanprotdim.dll
2013-05-16 05:32 - 2013-02-26 21:05 - 00101720 ____A (Microsoft Corporation) C:\Windows\System32\consent.exe
2013-05-16 05:32 - 2013-02-26 20:55 - 12872704 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2013-05-16 05:32 - 2013-02-26 20:55 - 00180224 ____A (Microsoft Corporation) C:\Windows\System32\shdocvw.dll
2013-05-16 05:32 - 2013-02-26 20:49 - 01796096 ____A (Microsoft Corporation) C:\Windows\System32\authui.dll
2013-05-16 05:32 - 2013-02-26 20:49 - 00047104 ____A (Microsoft Corporation) C:\Windows\System32\appinfo.dll
2013-05-15 11:14 - 2013-05-15 11:14 - 00002189 ____A C:\Users\Public\Desktop\Small- und XL-Talker-Emulation Pro 5.09.lnk
2013-05-15 11:13 - 2013-05-15 11:13 - 00000000 ____D C:\ProgramData\PRD
2013-05-13 07:41 - 2013-05-13 07:41 - 00000000 ____D C:\Users\karinmarc\AppData\Roaming\Avira
2013-05-13 07:38 - 2013-05-13 07:37 - 00066656 ____A (Avira GmbH) C:\Windows\System32\Drivers\avnetflt.sys
2013-05-13 07:36 - 2013-05-13 07:36 - 00001940 ____A C:\Users\Public\Desktop\Avira Control Center.lnk
2013-05-13 07:36 - 2013-05-13 04:30 - 00028520 ____A (Avira GmbH) C:\Windows\System32\Drivers\ssmdrv.sys
2013-05-13 07:35 - 2013-05-13 07:35 - 00000000 ____D C:\ProgramData\Avira
2013-05-13 07:35 - 2013-05-13 07:35 - 00000000 ____D C:\Program Files\Avira
2013-05-13 07:35 - 2013-05-13 04:30 - 00135136 ____A (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avipbb.sys
2013-05-13 07:35 - 2013-05-13 04:30 - 00084744 ____A (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avgntflt.sys
2013-05-13 07:35 - 2013-05-13 04:30 - 00037352 ____A (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avkmgr.sys
2013-05-13 03:42 - 2012-05-29 03:09 - 00031584 ____A (TuneUp Software) C:\Windows\System32\TURegOpt.exe
2013-05-13 03:42 - 2012-05-29 03:09 - 00021344 ____A (TuneUp Software) C:\Windows\System32\authuitu.dll
2013-05-13 03:41 - 2013-06-09 03:47 - 00000000 ____D C:\Program Files\TuneUp Utilities 2012
2013-05-13 03:41 - 2013-05-13 03:41 - 00000000 ____D C:\Users\karinmarc\AppData\Roaming\TuneUp Software
2013-05-13 03:38 - 2013-05-13 03:42 - 00000000 ____D C:\ProgramData\TuneUp Software
2013-05-13 03:38 - 2013-05-13 03:38 - 00000000 __SHD C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936}
2013-05-13 03:37 - 2013-05-13 03:37 - 27565488 ____A (TuneUp Software) C:\Users\karinmarc\Downloads\TuneUpUtilities2012_de-DE.exe
==================== One Month Modified Files and Folders ========
2013-06-11 21:34 - 2013-06-11 21:34 - 00000000 ____D C:\FRST
2013-06-11 10:47 - 2013-06-11 10:47 - 00049446 ____A C:\Users\karinmarc\Downloads\OTL11.06.Txt
2013-06-11 10:42 - 2012-11-01 02:48 - 00049446 ____A C:\Users\karinmarc\Downloads\OTL.Txt
2013-06-11 09:19 - 2013-06-11 09:19 - 00002254 ____A C:\Users\karinmarc\Desktop\SpyHunter.lnk
2013-06-11 09:19 - 2013-06-11 09:19 - 00000000 ____D C:\Windows\4941BFEB62C047A2801E998FC469CC2C.TMP
2013-06-11 09:19 - 2013-06-11 09:19 - 00000000 ____D C:\sh4ldr
2013-06-11 09:19 - 2013-06-11 09:19 - 00000000 ____D C:\Program Files\Enigma Software Group
2013-06-11 09:19 - 2013-06-11 09:19 - 00000000 ____D C:\Program Files\Common Files\Wise Installation Wizard
2013-06-11 09:18 - 2013-06-11 09:17 - 00728960 ____A (Enigma Software Group USA, LLC.) C:\Users\karinmarc\Downloads\SpyHunter-Installer.exe
2013-06-11 09:12 - 2013-06-11 01:43 - 00000004 ____A C:\Users\karinmarc\AppData\Roaming\skype.ini
2013-06-11 09:02 - 2013-05-30 09:38 - 00003472 ____A C:\Windows\setupact.log
2013-06-11 09:02 - 2012-04-23 22:10 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-06-11 09:02 - 2009-12-23 03:00 - 01441469 ____A C:\Windows\WindowsUpdate.log
2013-06-10 23:51 - 2009-07-13 20:34 - 00009696 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-06-10 23:51 - 2009-07-13 20:34 - 00009696 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-06-10 23:44 - 2009-07-13 20:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-10 11:12 - 2013-05-26 23:36 - 00000000 ____D C:\Users\karinmarc\Desktop\LMZ
2013-06-10 01:14 - 2012-10-23 12:17 - 00000000 ____D C:\Users\karinmarc\Desktop\Prüfungen,zusammenfassungen,schriftliche Arbeit
2013-06-09 03:48 - 2010-04-25 03:41 - 00000000 ____D C:\Program Files\Sony
2013-06-09 03:47 - 2013-05-13 03:41 - 00000000 ____D C:\Program Files\TuneUp Utilities 2012
2013-06-09 03:46 - 2010-04-01 00:36 - 00000000 ____D C:\Program Files\Common Files\Apple
2013-06-09 03:46 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\DriverStore
2013-06-08 04:04 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\de-DE
2013-06-07 05:00 - 2013-06-07 04:55 - 00010529 ____A C:\Windows\IE10_main.log
2013-06-07 04:57 - 2013-06-07 04:57 - 14323712 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-07 04:57 - 2013-06-07 04:57 - 13760512 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-07 04:57 - 2013-06-07 04:57 - 02877440 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-07 04:57 - 2013-06-07 04:57 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-07 04:57 - 2013-06-07 04:57 - 02046976 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-07 04:57 - 2013-06-07 04:57 - 01767424 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-07 04:57 - 2013-06-07 04:57 - 01441280 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-06-07 04:57 - 2013-06-07 04:57 - 01400416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2013-06-07 04:57 - 2013-06-07 04:57 - 01130496 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-07 04:57 - 2013-06-07 04:57 - 00745472 ____A (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2013-06-07 04:57 - 2013-06-07 04:57 - 00719360 ____A (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2013-06-07 04:57 - 2013-06-07 04:57 - 00690688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-06-07 04:57 - 2013-06-07 04:57 - 00629248 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2013-06-07 04:57 - 2013-06-07 04:57 - 00523264 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-06-07 04:57 - 2013-06-07 04:57 - 00493056 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-07 04:57 - 2013-06-07 04:57 - 00391168 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-07 04:57 - 2013-06-07 04:57 - 00361984 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2013-06-07 04:57 - 2013-06-07 04:57 - 00357888 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2013-06-07 04:57 - 2013-06-07 04:57 - 00242200 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2013-06-07 04:57 - 2013-06-07 04:57 - 00232960 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-06-07 04:57 - 2013-06-07 04:57 - 00226816 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2013-06-07 04:57 - 2013-06-07 04:57 - 00204800 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2013-06-07 04:57 - 2013-06-07 04:57 - 00185344 ____A (Microsoft Corporation) C:\Windows\System32\elshyph.dll
2013-06-07 04:57 - 2013-06-07 04:57 - 00163840 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2013-06-07 04:57 - 2013-06-07 04:57 - 00158720 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2013-06-07 04:57 - 2013-06-07 04:57 - 00150528 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2013-06-07 04:57 - 2013-06-07 04:57 - 00138752 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2013-06-07 04:57 - 2013-06-07 04:57 - 00137216 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-06-07 04:57 - 2013-06-07 04:57 - 00125440 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2013-06-07 04:57 - 2013-06-07 04:57 - 00117248 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2013-06-07 04:57 - 2013-06-07 04:57 - 00110592 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2013-06-07 04:57 - 2013-06-07 04:57 - 00109056 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-06-07 04:57 - 2013-06-07 04:57 - 00082432 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2013-06-07 04:57 - 2013-06-07 04:57 - 00079872 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-06-07 04:57 - 2013-06-07 04:57 - 00073728 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2013-06-07 04:57 - 2013-06-07 04:57 - 00071680 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-06-07 04:57 - 2013-06-07 04:57 - 00069120 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2013-06-07 04:57 - 2013-06-07 04:57 - 00061952 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2013-06-07 04:57 - 2013-06-07 04:57 - 00061440 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-06-07 04:57 - 2013-06-07 04:57 - 00057344 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2013-06-07 04:57 - 2013-06-07 04:57 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2013-06-07 04:57 - 2013-06-07 04:57 - 00042496 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-06-07 04:57 - 2013-06-07 04:57 - 00041984 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2013-06-07 04:57 - 2013-06-07 04:57 - 00039424 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-06-07 04:57 - 2013-06-07 04:57 - 00038400 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2013-06-07 04:57 - 2013-06-07 04:57 - 00033280 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-06-07 04:57 - 2013-06-07 04:57 - 00023040 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2013-06-07 04:57 - 2013-06-07 04:57 - 00012800 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2013-06-07 04:57 - 2013-06-07 04:57 - 00011776 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2013-06-06 11:13 - 2012-04-18 10:22 - 00000000 ____D C:\ProgramData\firebird
2013-06-04 21:42 - 2009-11-16 04:06 - 01629916 ____A C:\Windows\System32\PerfStringBackup.INI
2013-06-04 12:27 - 2010-04-19 11:37 - 00000000 ____D C:\Users\karinmarc\.gimp-2.6
2013-06-04 12:08 - 2012-12-26 12:42 - 00000000 ____D C:\Users\karinmarc\Desktop\Ronja Räubertochter
2013-06-04 11:56 - 2013-06-04 11:56 - 00005454 ____A C:\Users\karinmarc\.recently-used.xbel
2013-06-04 11:56 - 2010-03-31 08:06 - 00000000 ____D C:\users\karinmarc
2013-05-30 09:09 - 2009-11-16 04:09 - 00000000 ____D C:\Program Files\Lenovo
2013-05-30 09:04 - 2010-08-09 12:30 - 00000000 ____D C:\Program Files\Elaborate Bytes
2013-05-30 09:04 - 2010-04-01 00:55 - 00000000 ____D C:\Program Files\DVDVideoSoft
2013-05-30 09:04 - 2010-04-01 00:55 - 00000000 ____D C:\Program Files\Common Files\DVDVideoSoft
2013-05-30 09:02 - 2010-08-24 12:27 - 00000000 ____D C:\Windows\Minidump
2013-05-30 08:50 - 2009-12-23 03:11 - 23923828 ____A C:\FaceProv.log
2013-05-26 23:40 - 2010-03-31 08:08 - 00116520 ____A C:\Users\karinmarc\AppData\Local\GDIPFONTCACHEV1.DAT
2013-05-17 01:45 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\Microsoft.NET
2013-05-17 01:04 - 2009-07-13 20:33 - 00438800 ____A C:\Windows\System32\FNTCACHE.DAT
2013-05-17 00:43 - 2009-11-16 04:01 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-05-17 00:16 - 2010-04-05 00:07 - 72607752 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-05-15 11:14 - 2013-05-15 11:14 - 00002189 ____A C:\Users\Public\Desktop\Small- und XL-Talker-Emulation Pro 5.09.lnk
2013-05-15 11:13 - 2013-05-15 11:13 - 00000000 ____D C:\ProgramData\PRD
2013-05-15 07:52 - 2012-04-23 22:10 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2013-05-15 07:52 - 2011-08-18 10:32 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2013-05-14 06:23 - 2010-03-31 08:06 - 00000000 ____D C:\Users\karinmarc\AppData\Local\VirtualStore
2013-05-13 07:41 - 2013-05-13 07:41 - 00000000 ____D C:\Users\karinmarc\AppData\Roaming\Avira
2013-05-13 07:37 - 2013-05-13 07:38 - 00066656 ____A (Avira GmbH) C:\Windows\System32\Drivers\avnetflt.sys
2013-05-13 07:36 - 2013-05-13 07:36 - 00001940 ____A C:\Users\Public\Desktop\Avira Control Center.lnk
2013-05-13 07:35 - 2013-05-13 07:35 - 00000000 ____D C:\ProgramData\Avira
2013-05-13 07:35 - 2013-05-13 07:35 - 00000000 ____D C:\Program Files\Avira
2013-05-13 04:30 - 2013-05-13 07:36 - 00028520 ____A (Avira GmbH) C:\Windows\System32\Drivers\ssmdrv.sys
2013-05-13 04:30 - 2013-05-13 07:35 - 00135136 ____A (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avipbb.sys
2013-05-13 04:30 - 2013-05-13 07:35 - 00084744 ____A (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avgntflt.sys
2013-05-13 04:30 - 2013-05-13 07:35 - 00037352 ____A (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avkmgr.sys
2013-05-13 03:42 - 2013-05-13 03:38 - 00000000 ____D C:\ProgramData\TuneUp Software
2013-05-13 03:41 - 2013-05-13 03:41 - 00000000 ____D C:\Users\karinmarc\AppData\Roaming\TuneUp Software
2013-05-13 03:38 - 2013-05-13 03:38 - 00000000 __SHD C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936}
2013-05-13 03:37 - 2013-05-13 03:37 - 27565488 ____A (TuneUp Software) C:\Users\karinmarc\Downloads\TuneUpUtilities2012_de-DE.exe
ZeroAccess:
C:\$Recycle.Bin\S-1-5-21-3508115285-3927607865-4197888768-1003\$1edae7e152561aaadab148fb9fbb8e52
Files to move or delete:
====================
C:\Users\karinmarc\AppData\Roaming\skype.dat
C:\Users\karinmarc\AppData\Roaming\skype.ini
==================== Known DLLs (Whitelisted) ============
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
==================== Restore Points =========================
Restore point made on: 2013-05-17 00:10:10
Restore point made on: 2013-05-21 09:02:20
Restore point made on: 2013-05-30 09:05:08
Restore point made on: 2013-05-30 09:07:09
Restore point made on: 2013-05-30 09:10:47
Restore point made on: 2013-06-04 11:50:06
Restore point made on: 2013-06-07 04:55:04
Restore point made on: 2013-06-09 03:28:46
Restore point made on: 2013-06-09 03:45:39
Restore point made on: 2013-06-09 03:47:13
Restore point made on: 2013-06-09 04:18:20
Restore point made on: 2013-06-09 04:59:30
==================== Memory info ===========================
Percentage of memory in use: 41%
Total physical RAM: 984.6 MB
Available physical RAM: 575.14 MB
Total Pagefile: 984.6 MB
Available Pagefile: 578.74 MB
Total Virtual: 2047.88 MB
Available Virtual: 1932.76 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:187.67 GB) (Free:129.17 GB) NTFS
Drive d: (Lenovo) (Fixed) (Total:30.25 GB) (Free:29.54 GB) NTFS
Drive f: (Ronja Räubertochter) (CDROM) (Total:5.93 GB) (Free:0 GB) UDF
Drive g: () (Removable) (Total:3.73 GB) (Free:1.89 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: () (Fixed) (Total:0.2 GB) (Free:0.16 GB) NTFS ==>[System with boot components (obtained from reading drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 233 GB) (Disk ID: 2051D46A)
Partition 1: (Active) - (Size=200 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=188 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=30 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=15 GB) - (Type=12)
========================================================
Disk: 1 (Size: 4 GB) (Disk ID: 04030201)
Partition 1: (Not Active) - (Size=4 GB) - (Type=0B)
LastRegBack: 2013-05-14 09:06
==================== End Of Log ============================
--- --- --- |
|
12.06.2013, 06:43
| #4 |
| /// the machine /// TB-Ausbilder | Wie GVU-Trojaner entfernen? Drücke bitte die  + R Taste und schreibe notepad in das Ausführen Fenster.Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter 2013-06-11 01:43 - 2013-06-11 09:12 - 00000004 ____A C:\Users\karinmarc\AppData\Roaming\skype.ini
ZeroAccess:
C:\$Recycle.Bin\S-1-5-21-3508115285-3927607865-4197888768-1003\$1edae7e152561aaadab148fb9fbb8e52
C:\Users\karinmarc\AppData\Roaming\skype.dat
C:\Users\karinmarc\AppData\Roaming\skype.ini
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
12.06.2013, 07:59
| #5 |
| | Wie GVU-Trojaner entfernen?Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 11-06-2013 03
Ran by SYSTEM at 2013-06-12 08:57:32 Run:1
Running from G:\
Boot Mode: Recovery
==============================================
C:\Users\karinmarc\AppData\Roaming\skype.ini => Moved successfully.
C:\$Recycle.Bin\S-1-5-21-3508115285-3927607865-4197888768-1003\$1edae7e152561aaadab148fb9fbb8e52 => Moved successfully.
C:\Users\karinmarc\AppData\Roaming\skype.dat => Moved successfully.
C:\Users\karinmarc\AppData\Roaming\skype.ini => File/Directory not found.
==== End of Fixlog ====
|
|
12.06.2013, 12:02
| #6 |
| /// the machine /// TB-Ausbilder | Wie GVU-Trojaner entfernen? Rechner normal booten? 
__________________ --> Wie GVU-Trojaner entfernen? |
|
12.06.2013, 12:23
| #7 |
| | Wie GVU-Trojaner entfernen? das wars schon? er startet auf jeden Fall normal, läuft auch sonst ist alles sauber? Und weiss man, woher dieser Virus kam? Vielen, vielen Dank aber schon mal !! |
|
12.06.2013, 15:03
| #8 |
| /// the machine /// TB-Ausbilder | Wie GVU-Trojaner entfernen? Nee, fertig sind wir noch nicht ab jetzt alle Arbeiten im normalen Windows. Lade bitte OTL neu und lass es laufen, poste das Logfile.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
12.06.2013, 15:23
| #9 |
| | Wie GVU-Trojaner entfernen?Code:
ATTFilter OTL logfile created on: 12.06.2013 16:10:56 - Run 3 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\karinmarc\Downloads Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16576) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 984,60 Mb Total Physical Memory | 243,61 Mb Available Physical Memory | 24,74% Memory free 1,96 Gb Paging File | 0,95 Gb Available in Paging File | 48,40% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files Drive C: | 187,67 Gb Total Space | 128,99 Gb Free Space | 68,73% Space Free | Partition Type: NTFS Drive D: | 30,25 Gb Total Space | 29,54 Gb Free Space | 97,68% Space Free | Partition Type: NTFS Drive E: | 5,93 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: KARINMARC-PC | User Name: karinmarc | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.05.13 14:30:40 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2013.05.13 14:30:15 | 000,079,584 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2013.05.13 14:30:11 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2013.05.13 14:30:10 | 000,345,312 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.11.23 04:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2012.11.01 12:35:45 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\karinmarc\Downloads\OTL.exe PRC - [2012.05.29 13:09:52 | 001,528,672 | ---- | M] (TuneUp Software) -- C:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe PRC - [2012.05.29 13:09:52 | 001,220,960 | ---- | M] (TuneUp Software) -- C:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2010.12.10 19:29:30 | 000,238,944 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe PRC - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2009.08.12 10:09:32 | 000,683,576 | ---- | M] (Conexant Systems, Inc) -- C:\Programme\CONEXANT\SAII\SmartAudio.exe PRC - [2009.07.14 16:27:26 | 000,038,152 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\ReadyComm\common\IGRS.exe PRC - [2009.07.14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IgrsSvcs.exe PRC - [2007.05.28 18:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) -- C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe ========== Modules (No Company Name) ========== MOD - [2013.05.17 11:07:49 | 014,340,608 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\af525b4bec3b9941b7be8ffbf813da80\PresentationFramework.ni.dll MOD - [2013.05.17 11:07:22 | 012,436,480 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\30e3a21202000677d0a9270572251477\System.Windows.Forms.ni.dll MOD - [2013.05.17 11:07:10 | 012,237,824 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7eac0dbe9aa20b55e37235f8ee030e6b\PresentationCore.ni.dll MOD - [2013.05.17 11:06:53 | 003,347,968 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\716959df79685a1eae0fc14275a32b0f\WindowsBase.ni.dll MOD - [2013.05.17 11:06:47 | 000,971,264 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\764f15e86c82662e977bd418bd6318c1\System.Configuration.ni.dll MOD - [2013.02.16 10:56:30 | 000,240,128 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\78967b28f748b8807eaa97c1cb454adc\WindowsFormsIntegration.ni.dll MOD - [2013.02.16 10:55:47 | 001,670,144 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\7366a39c36523a084bc11c230929ff92\Microsoft.VisualBasic.ni.dll MOD - [2013.01.11 16:20:01 | 000,220,672 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\5baea82888a13fa558004b24e3b107cf\CustomMarshalers.ni.dll MOD - [2013.01.10 22:40:51 | 000,368,128 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\d7d20811a7ce7cc589153648cbb1ce5c\PresentationFramework.Aero.ni.dll MOD - [2013.01.10 22:40:01 | 000,771,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll MOD - [2013.01.10 22:38:16 | 001,592,832 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll MOD - [2013.01.10 22:37:46 | 005,453,312 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll MOD - [2013.01.10 22:37:38 | 007,989,760 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll MOD - [2013.01.10 22:37:29 | 011,493,376 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll MOD - [2010.11.13 02:02:21 | 000,315,392 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2010.11.05 03:57:39 | 000,069,120 | ---- | M] () -- C:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll ========== Services (SafeList) ========== SRV - [2013.05.15 17:52:38 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.05.13 14:30:40 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2013.05.13 14:30:11 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.05.29 13:09:52 | 001,528,672 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc) SRV - [2011.07.20 06:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2010.12.10 19:30:50 | 000,086,880 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter) SRV - [2010.12.10 19:29:30 | 029,293,408 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$MSSMLBIZ) SRV - [2010.12.10 19:29:30 | 000,238,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser) SRV - [2010.12.10 19:29:30 | 000,044,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Programme\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper) SRV - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2009.09.22 20:16:32 | 000,579,400 | ---- | M] (Lenovo Group Limited) [On_Demand | Stopped] -- C:\Programme\Lenovo\ReadyComm\ConnSvc.exe -- (Lenovo ReadyComm ConnSvc) SRV - [2009.08.14 16:22:48 | 000,509,192 | ---- | M] (Lenovo Group Limited) [On_Demand | Stopped] -- C:\Programme\Lenovo\ReadyComm\AppSvc.exe -- (Lenovo ReadyComm AppSvc) SRV - [2009.07.16 05:12:42 | 000,276,296 | ---- | M] (Lenovo Group Limited) [On_Demand | Stopped] -- C:\Programme\Lenovo\ReadyComm\PS_MDP.dll -- (PS_MDP) SRV - [2009.07.14 16:27:26 | 000,038,152 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\ReadyComm\common\IGRS.exe -- (IGRS) SRV - [2009.07.14 16:27:20 | 000,103,688 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\ReadyComm\common\router.dll -- (ReadyComm.DirectRouter) SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2009.06.04 21:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) SRV - [2008.01.16 11:51:44 | 000,030,312 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc) SRV - [2007.05.28 18:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) [Auto | Running] -- C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE) SRV - [2006.10.26 16:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- D:\test\ECECECEC\WinRing0.sys -- (WinRing0_1_2_0) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\RtsUCcid.sys -- (USBCCID) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\Rts516xIR.sys -- (RtsUIR) DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\RtsUStor.sys -- (RSUSBSTOR) DRV - [2013.05.13 14:30:57 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2013.05.13 14:30:57 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2013.05.13 14:30:56 | 000,135,136 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2013.05.13 14:30:56 | 000,084,744 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2012.05.08 15:21:42 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv) DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010.04.27 10:51:55 | 000,722,416 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd) DRV - [2009.12.23 13:08:25 | 000,054,800 | ---- | M] () [Kernel | System | Running] -- C:\windows\System32\drivers\funfrm.sys -- (funfrm) DRV - [2009.09.14 20:04:28 | 000,217,136 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService) DRV - [2009.07.28 23:09:36 | 000,063,240 | ---- | M] (Lenovo) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wdbridge.sys -- (Bridge0) DRV - [2009.07.21 23:14:58 | 000,081,704 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wsvd.sys -- (wsvd) DRV - [2009.07.16 14:37:14 | 000,011,792 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WDMirror.sys -- (wdmirror) DRV - [2009.07.14 00:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\k57nd60x.sys -- (k57nd60x) DRV - [2009.06.26 00:12:18 | 001,168,880 | ---- | M] (Bison Electronics. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BisonC07.sys -- (Cam5607) DRV - [2009.06.15 04:46:22 | 000,475,648 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService) DRV - [2009.05.19 15:43:08 | 000,021,520 | ---- | M] (Lenovo Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AcpiVpc.sys -- (ACPIVPC) DRV - [2009.05.14 02:40:38 | 004,231,680 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (netw5v32) DRV - [2009.04.29 15:37:26 | 000,025,088 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\KMWDFILTER.sys -- (KMWDFILTERx86) DRV - [2008.08.06 14:34:16 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://www.google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\..\SearchScopes,bProtectorDefaultScope = {7C330050-6BE3-450A-9ECC-E81F45A3919F} IE - HKCU\..\SearchScopes,DefaultScope = {7C330050-6BE3-450A-9ECC-E81F45A3919F} IE - HKCU\..\SearchScopes\{7C330050-6BE3-450A-9ECC-E81F45A3919F}: "URL" = hxxp://www.google.de/search?q={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) [2012.10.26 16:00:47 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [Energy Management] C:\Programme\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited) O4 - HKLM..\Run: [EnergyUtility] C:\Programme\Lenovo\Energy Management\utility.exe (Lenovo(beijing) Limited) O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) O4 - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe () O4 - HKLM..\Run: [UpdateP2GShortCut] C:\Program Files\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\windows\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\karinmarc\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{62197E85-84AE-4249-86CA-DBE422890DB0}: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (c:\progra~2\browse~1\23796~1.11\{16cdf~1\browse~1.dll) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.06.12 07:34:39 | 000,000,000 | ---D | C] -- C:\FRST [2013.06.11 19:19:31 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group [2013.06.11 19:19:16 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard [2013.05.27 09:36:13 | 000,000,000 | ---D | C] -- C:\Users\karinmarc\Desktop\LMZ [2013.05.15 21:14:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PRD [2013.05.15 21:13:35 | 000,000,000 | ---D | C] -- C:\ProgramData\PRD [2013.05.13 17:41:59 | 000,000,000 | ---D | C] -- C:\Users\karinmarc\AppData\Roaming\Avira [2013.05.13 17:38:10 | 000,066,656 | ---- | C] (Avira GmbH) -- C:\windows\System32\drivers\avnetflt.sys [2013.05.13 17:36:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2013.05.13 17:36:02 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\windows\System32\drivers\ssmdrv.sys [2013.05.13 17:35:58 | 000,135,136 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\windows\System32\drivers\avipbb.sys [2013.05.13 17:35:58 | 000,037,352 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\windows\System32\drivers\avkmgr.sys [2013.05.13 17:35:57 | 000,084,744 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\windows\System32\drivers\avgntflt.sys [2013.05.13 17:35:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2013.05.13 17:35:37 | 000,000,000 | ---D | C] -- C:\Program Files\Avira [1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.06.12 16:10:10 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job [2013.06.12 16:09:56 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2013.06.12 13:26:03 | 000,009,696 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.06.12 13:26:03 | 000,009,696 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.06.12 13:16:21 | 774,316,032 | -HS- | M] () -- C:\hiberfil.sys [2013.06.07 14:57:39 | 000,025,185 | ---- | M] () -- C:\windows\System32\ieuinit.inf [2013.06.05 07:42:21 | 000,701,108 | ---- | M] () -- C:\windows\System32\perfh007.dat [2013.06.05 07:42:21 | 000,662,950 | ---- | M] () -- C:\windows\System32\perfh009.dat [2013.06.05 07:42:21 | 000,147,762 | ---- | M] () -- C:\windows\System32\perfc007.dat [2013.06.05 07:42:21 | 000,124,144 | ---- | M] () -- C:\windows\System32\perfc009.dat [2013.06.04 21:56:28 | 000,005,454 | ---- | M] () -- C:\Users\karinmarc\.recently-used.xbel [2013.05.17 11:04:06 | 000,438,800 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT [2013.05.15 21:14:14 | 000,002,189 | ---- | M] () -- C:\Users\Public\Desktop\Small- und XL-Talker-Emulation Pro 5.09.lnk [2013.05.13 17:37:54 | 000,066,656 | ---- | M] (Avira GmbH) -- C:\windows\System32\drivers\avnetflt.sys [2013.05.13 17:36:21 | 000,001,940 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.06.07 14:57:39 | 000,025,185 | ---- | C] () -- C:\windows\System32\ieuinit.inf [2013.06.04 21:56:28 | 000,005,454 | ---- | C] () -- C:\Users\karinmarc\.recently-used.xbel [2013.05.15 21:14:14 | 000,002,189 | ---- | C] () -- C:\Users\Public\Desktop\Small- und XL-Talker-Emulation Pro 5.09.lnk [2013.05.13 17:36:21 | 000,001,940 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2011.02.18 17:04:54 | 000,015,872 | ---- | C] () -- C:\Users\karinmarc\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.12.03 21:01:35 | 000,071,773 | ---- | C] () -- C:\Users\karinmarc\AppData\Roaming\mdbu.bin [2010.08.17 18:24:38 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010.08.09 22:31:04 | 000,000,085 | -HS- | C] () -- C:\ProgramData\.zreglib ========== ZeroAccess Check ========== [2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] "ThreadingModel" = Both "" = C:\$Recycle.Bin\S-1-5-21-3508115285-3927607865-4197888768-1003\$1edae7e152561aaadab148fb9fbb8e52\n. [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2012.04.23 20:38:44 | 000,000,000 | ---D | M] -- C:\Users\karinmarc\AppData\Roaming\Audacity [2013.04.02 20:11:23 | 000,000,000 | ---D | M] -- C:\Users\karinmarc\AppData\Roaming\Daiwi [2012.04.21 20:40:22 | 000,000,000 | ---D | M] -- C:\Users\karinmarc\AppData\Roaming\DVDVideoSoft [2012.04.21 20:39:58 | 000,000,000 | ---D | M] -- C:\Users\karinmarc\AppData\Roaming\DVDVideoSoftIEHelpers [2010.03.31 18:16:37 | 000,000,000 | ---D | M] -- C:\Users\karinmarc\AppData\Roaming\EasyCapture [2012.07.06 20:29:37 | 000,000,000 | ---D | M] -- C:\Users\karinmarc\AppData\Roaming\Eendsoft [2013.02.26 20:04:32 | 000,000,000 | ---D | M] -- C:\Users\karinmarc\AppData\Roaming\gtk-2.0 [2012.10.26 16:01:03 | 000,000,000 | ---D | M] -- C:\Users\karinmarc\AppData\Roaming\PDFReaderPackages [2012.10.26 16:01:10 | 000,000,000 | ---D | M] -- C:\Users\karinmarc\AppData\Roaming\SumatraPDF [2013.05.13 13:41:49 | 000,000,000 | ---D | M] -- C:\Users\karinmarc\AppData\Roaming\TuneUp Software [2013.04.02 16:40:18 | 000,000,000 | ---D | M] -- C:\Users\karinmarc\AppData\Roaming\Ucqyu [2013.03.23 10:37:10 | 000,000,000 | ---D | M] -- C:\Users\karinmarc\AppData\Roaming\Ynha ========== Purity Check ========== < End of report > |
|
12.06.2013, 15:50
| #10 | |
| /// the machine /// TB-Ausbilder | Wie GVU-Trojaner entfernen?Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!Downloade dir bitte Combofix vom folgenden Downloadspiegel Link 1 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
12.06.2013, 16:12
| #11 |
| | Wie GVU-Trojaner entfernen?Code:
ATTFilter ComboFix 13-06-08.02 - karinmarc 12.06.2013 16:58:01.1.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.985.116 [GMT 2:00]
ausgeführt von:: c:\users\karinmarc\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-05-12 bis 2013-06-12 ))))))))))))))))))))))))))))))
.
.
2013-06-12 15:05 . 2013-06-12 15:06 -------- d-----w- c:\users\karinmarc\AppData\Local\temp
2013-06-12 15:05 . 2013-06-12 15:05 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-06-12 05:34 . 2013-06-12 05:34 -------- d-----w- C:\FRST
2013-06-11 17:19 . 2013-06-11 17:19 -------- d-----w- c:\program files\Enigma Software Group
2013-06-11 17:19 . 2013-06-12 11:32 -------- d-----w- c:\windows\4941BFEB62C047A2801E998FC469CC2C.TMP
2013-06-11 17:19 . 2013-06-11 17:19 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2013-06-08 12:04 . 2013-06-08 12:04 -------- d-----w- c:\windows\system32\wbem\en-US
2013-05-16 13:34 . 2013-04-10 03:14 2347520 ----a-w- c:\windows\system32\win32k.sys
2013-05-16 13:34 . 2013-03-19 04:53 186368 ----a-w- c:\windows\system32\wwansvc.dll
2013-05-16 13:34 . 2013-03-19 03:33 40960 ----a-w- c:\windows\system32\wwanprotdim.dll
2013-05-16 13:34 . 2013-04-10 05:18 728424 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-05-16 13:34 . 2013-04-10 05:18 218984 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2013-05-16 13:32 . 2013-02-27 05:05 101720 ----a-w- c:\windows\system32\consent.exe
2013-05-16 13:32 . 2013-02-27 04:49 1796096 ----a-w- c:\windows\system32\authui.dll
2013-05-16 13:32 . 2013-02-27 04:49 47104 ----a-w- c:\windows\system32\appinfo.dll
2013-05-15 19:13 . 2013-05-15 19:13 -------- d-----w- c:\programdata\PRD
2013-05-13 15:41 . 2013-05-13 15:41 -------- d-----w- c:\users\karinmarc\AppData\Roaming\Avira
2013-05-13 15:38 . 2013-05-13 15:37 66656 ----a-w- c:\windows\system32\drivers\avnetflt.sys
2013-05-13 15:35 . 2013-05-13 12:30 37352 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2013-05-13 15:35 . 2013-05-13 12:30 135136 ----a-w- c:\windows\system32\drivers\avipbb.sys
2013-05-13 15:35 . 2013-05-13 12:30 84744 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2013-05-13 15:35 . 2013-05-13 15:35 -------- d-----w- c:\programdata\Avira
2013-05-13 15:35 . 2013-05-13 15:35 -------- d-----w- c:\program files\Avira
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-15 15:52 . 2012-04-24 06:10 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-05-15 15:52 . 2011-08-18 18:32 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-05-02 00:06 . 2010-06-04 13:40 238872 ------w- c:\windows\system32\MpSigStub.exe
2013-04-13 04:45 . 2013-05-16 13:34 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-16 13:34 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-04-12 13:45 . 2013-04-24 14:47 1211752 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-10 03:08 . 2013-05-12 20:24 6906960 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4C77DBAE-C708-48C9-BFF9-5F83A80F5381}\mpengine.dll
2013-04-02 14:09 . 2013-04-02 14:09 4550656 ----a-w- c:\windows\system32\GPhotos.scr
2013-03-19 05:04 . 2013-04-10 16:38 3968856 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-03-19 05:04 . 2013-04-10 16:38 3913560 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-19 04:48 . 2013-04-10 16:38 38912 ----a-w- c:\windows\system32\csrsrv.dll
2013-03-19 02:49 . 2013-04-10 16:38 69632 ----a-w- c:\windows\system32\smss.exe
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-04 186904]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-18 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-18 174104]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-18 150552]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2009-07-16 307768]
"UpdateP2GShortCut"="c:\program files\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408]
"EnergyUtility"="c:\program files\Lenovo\Energy Management\utility.exe" [2009-09-29 4114288]
"Energy Management"="c:\program files\Lenovo\Energy Management\Energy Management.exe" [2009-09-29 5064560]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2013-05-13 345312]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"WLStart"="c:\program files\Windows Live\Installer\wlstart.exe" [2009-07-26 786760]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Users^karinmarc^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk]
path=c:\users\karinmarc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
backup=c:\windows\pss\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-07-11 19:00 919008 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-07-31 11:20 38872 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-17 19:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-18 12:02 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
R3 Bridge0;Bridge0;c:\windows\system32\drivers\WDBridge.sys [2009-07-28 63240]
R3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [2009-07-13 229888]
R3 KMWDFILTERx86;HIDServiceDesc;c:\windows\system32\DRIVERS\KMWDFILTER.sys [2009-04-29 25088]
R3 Lenovo ReadyComm AppSvc;Lenovo ReadyComm AppSvc;c:\program files\Lenovo\ReadyComm\AppSvc.exe [2009-08-14 509192]
R3 Lenovo ReadyComm ConnSvc;Lenovo ReadyComm ConnSvc;c:\program files\Lenovo\ReadyComm\ConnSvc.exe [2009-09-22 579400]
R3 PS_MDP;ReadyComm Presentation Space Helper Service;c:\windows\System32\IgrsSvcs.exe [2009-07-14 20992]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WinRing0_1_2_0;WinRing0_1_2_0;d:\test\ECECECEC\WinRing0.sys [x]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys [2009-07-21 81704]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-04-27 722416]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2013-05-13 37352]
S1 funfrm;funfrm; [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2013-05-13 86752]
S2 IGRS;IGRS;c:\program files\Lenovo\ReadyComm\common\IGRS.exe [2009-07-14 38152]
S2 ReadyComm.DirectRouter;ReadyComm.DirectRouter;c:\windows\System32\IgrsSvcs.exe [2009-07-14 20992]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe [2012-05-29 1528672]
S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys [2009-05-19 21520]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-05-14 4231680]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys [2012-05-08 10064]
S3 wdmirror;wdmirror;c:\windows\system32\DRIVERS\WDMirror.sys [2009-07-16 11792]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS fdrespub AppIDSvc QWAVE wcncsvc SensrSvc Mcx2Svc
IgrsSvcs REG_MULTI_SZ ReadyComm.DirectRouter PS_MDP
.
Inhalt des "geplante Tasks" Ordners
.
2013-06-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-24 15:52]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Free YouTube to Mp3 Converter - c:\users\karinmarc\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
SafeBoot-mcmscsvc
SafeBoot-MCODS
MSConfigStartUp-iTunesHelper - c:\program files\iTunes\iTunesHelper.exe
MSConfigStartUp-msnmsgr - c:\program files\Windows Live\Messenger\msnmsgr.exe
MSConfigStartUp-VeriFaceManager - c:\program files\Lenovo\VeriFace\PManage.exe
AddRemove-PDF Reader - c:\program files\PDFReader\Uninstall\Uninstall.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-06-12 17:08:20
ComboFix-quarantined-files.txt 2013-06-12 15:08
.
Vor Suchlauf: 8 Verzeichnis(se), 138.512.236.544 Bytes frei
Nach Suchlauf: 12 Verzeichnis(se), 138.138.673.152 Bytes frei
.
- - End Of File - - 2043A695F7E675521447E10FC08588B4
A36C5E4F47E84449FF07ED3517B43A31
|
|
12.06.2013, 19:37
| #12 |
| /// the machine /// TB-Ausbilder | Wie GVU-Trojaner entfernen? Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
ESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches OTL log bitte. Noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
13.06.2013, 08:31
| #13 |
| | Wie GVU-Trojaner entfernen?Code:
ATTFilter # AdwCleaner v2.303 - Datei am 13/06/2013 um 09:24:30 erstellt
# Aktualisiert am 08/06/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (32 bits)
# Benutzer : karinmarc - KARINMARC-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\karinmarc\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Ordner Gelöscht : C:\Program Files\Common Files\DVDVideoSoft\TB
Ordner Gelöscht : C:\Users\karinmarc\AppData\Roaming\dvdvideosoftiehelpers
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\f57dcdfb239ee47
Schlüssel Gelöscht : HKCU\Software\InstallCore
Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Features\6207E55EA2FE71A4AA7ABD89AEF31D1B
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Products\6207E55EA2FE71A4AA7ABD89AEF31D1B
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FD8F79A0-D2E2-4FA2-AEAF-393EAC8064F7}
Schlüssel Gelöscht : HKLM\SOFTWARE\f57dcdfb239ee47
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Giant Savings_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Giant Savings_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1DA5BD2D3CA2D6943A1A233CD3F88CE7
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\45FC9EFC5C3366B4DB850DAB49330C52
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4B2468513CA2D6943A1A233CD3F88CE7
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7E98451C7CA808F47AFE467BDABD02FA
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BFD11FD45FC7B9E46A8F4B69F3A66E35
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D5979AD63CA2D6943A1A233CD3F88CE7
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DF9BD2952384A9C49B4A5D3D95329890
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FABA2A33488410A4AA40489BD2224282
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\6207E55EA2FE71A4AA7ABD89AEF31D1B
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Main [bprotector start page]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]
***** [Internet Browser] *****
-\\ Internet Explorer v10.0.9200.16576
[OK] Die Registrierungsdatenbank ist sauber.
*************************
AdwCleaner[R1].txt - [9567 octets] - [02/11/2012 20:19:24]
AdwCleaner[S1].txt - [9270 octets] - [05/11/2012 21:12:31]
AdwCleaner[S2].txt - [3227 octets] - [13/06/2013 09:24:30]
########## EOF - C:\AdwCleaner[S2].txt - [3287 octets] ##########
JRL Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows 7 Home Premium x86
Ran by karinmarc on 13.06.2013 at 9:35:03,71
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
Successfully deleted: [File] "C:\windows\system32\turegopt.exe"
~~~ Folders
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 13.06.2013 at 9:37:26,13
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=41e93ddf1d9f0a42a3c57b781a64ccfb
# engine=14059
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-06-13 08:53:22
# local_time=2013-06-13 10:53:22 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 97 5499 192411000 0 0
# compatibility_mode=5893 16776574 100 94 2723324 122744793 0 0
# scanned=177534
# found=2
# cleaned=0
# scan_time=4062
sh=9CFC7C0CB34A8A0265982AAF810F294EF31C9C81 ft=1 fh=3d9aebcff489c9ff vn="a variant of Win32/Kryptik.BDII trojan" ac=I fn="C:\FRST\Quarantine\skype.dat"
sh=5EA8D49B79EEC0DD3A5C512D4AC9D256EEB8D110 ft=0 fh=0000000000000000 vn="Java/Exploit.Agent.OOB trojan" ac=I fn="C:\Users\karinmarc\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52\6b55cdf4-46c8a4f2"
Wie weiter? Geändert von eric_oiseau (13.06.2013 um 08:39 Uhr) |
|
13.06.2013, 11:08
| #14 |
| /// the machine /// TB-Ausbilder | Wie GVU-Trojaner entfernen? Downloade Dir bitte TFC ( von Oldtimer ) und speichere die Datei auf dem Desktop. Schließe nun alle offenen Programme und trenne Dich von dem Internet. Doppelklick auf die TFC.exe und drücke auf Start. Sollte TFC nicht alle Dateien löschen können wird es einen Neustart verlangen. Dies bitte zulassen. Frisches OTL log bitte. Noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
13.06.2013, 15:05
| #15 |
| | Wie GVU-Trojaner entfernen? Das einzige Problem, das mir aufgefallen ist, war einfach das Ausgangsproblem ansonsten läuft alles topp. oder wie schauts aus in der logfile? Code:
ATTFilter OTL logfile created on: 13.06.2013 15:52:28 - Run 4 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\karinmarc\Downloads Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16614) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 984,60 Mb Total Physical Memory | 387,07 Mb Available Physical Memory | 39,31% Memory free 1,96 Gb Paging File | 1,09 Gb Available in Paging File | 55,54% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files Drive C: | 187,67 Gb Total Space | 128,31 Gb Free Space | 68,37% Space Free | Partition Type: NTFS Drive D: | 30,25 Gb Total Space | 29,54 Gb Free Space | 97,68% Space Free | Partition Type: NTFS Drive E: | 5,93 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: KARINMARC-PC | User Name: karinmarc | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.05.13 14:30:40 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2013.05.13 14:30:15 | 000,079,584 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2013.05.13 14:30:11 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2013.05.13 14:30:10 | 000,345,312 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.11.01 12:35:45 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\karinmarc\Downloads\OTL.exe PRC - [2012.05.29 13:09:52 | 001,528,672 | ---- | M] (TuneUp Software) -- C:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe PRC - [2012.05.29 13:09:52 | 001,220,960 | ---- | M] (TuneUp Software) -- C:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2010.12.10 19:29:30 | 000,238,944 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe PRC - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2009.07.14 16:27:26 | 000,038,152 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\ReadyComm\common\IGRS.exe PRC - [2009.07.14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IgrsSvcs.exe PRC - [2007.05.28 18:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) -- C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe ========== Modules (No Company Name) ========== ========== Services (SafeList) ========== SRV - [2013.05.15 17:52:38 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.05.13 14:30:40 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2013.05.13 14:30:11 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.05.29 13:09:52 | 001,528,672 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc) SRV - [2011.07.20 06:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2010.12.10 19:30:50 | 000,086,880 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter) SRV - [2010.12.10 19:29:30 | 029,293,408 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$MSSMLBIZ) SRV - [2010.12.10 19:29:30 | 000,238,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser) SRV - [2010.12.10 19:29:30 | 000,044,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Programme\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper) SRV - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2009.09.22 20:16:32 | 000,579,400 | ---- | M] (Lenovo Group Limited) [On_Demand | Stopped] -- C:\Programme\Lenovo\ReadyComm\ConnSvc.exe -- (Lenovo ReadyComm ConnSvc) SRV - [2009.08.14 16:22:48 | 000,509,192 | ---- | M] (Lenovo Group Limited) [On_Demand | Stopped] -- C:\Programme\Lenovo\ReadyComm\AppSvc.exe -- (Lenovo ReadyComm AppSvc) SRV - [2009.07.16 05:12:42 | 000,276,296 | ---- | M] (Lenovo Group Limited) [On_Demand | Stopped] -- C:\Programme\Lenovo\ReadyComm\PS_MDP.dll -- (PS_MDP) SRV - [2009.07.14 16:27:26 | 000,038,152 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\ReadyComm\common\IGRS.exe -- (IGRS) SRV - [2009.07.14 16:27:20 | 000,103,688 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\ReadyComm\common\router.dll -- (ReadyComm.DirectRouter) SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2009.06.04 21:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) SRV - [2008.01.16 11:51:44 | 000,030,312 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc) SRV - [2007.05.28 18:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) [Auto | Running] -- C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE) SRV - [2006.10.26 16:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- D:\test\ECECECEC\WinRing0.sys -- (WinRing0_1_2_0) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\RtsUCcid.sys -- (USBCCID) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\Rts516xIR.sys -- (RtsUIR) DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\RtsUStor.sys -- (RSUSBSTOR) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\KARINM~1\AppData\Local\Temp\catchme.sys -- (catchme) DRV - [2013.05.13 14:30:57 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2013.05.13 14:30:57 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2013.05.13 14:30:56 | 000,135,136 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2013.05.13 14:30:56 | 000,084,744 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2012.05.08 15:21:42 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv) DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010.04.27 10:51:55 | 000,722,416 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd) DRV - [2009.12.23 13:08:25 | 000,054,800 | ---- | M] () [Kernel | System | Running] -- C:\windows\System32\drivers\funfrm.sys -- (funfrm) DRV - [2009.09.14 20:04:28 | 000,217,136 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService) DRV - [2009.07.28 23:09:36 | 000,063,240 | ---- | M] (Lenovo) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wdbridge.sys -- (Bridge0) DRV - [2009.07.21 23:14:58 | 000,081,704 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wsvd.sys -- (wsvd) DRV - [2009.07.16 14:37:14 | 000,011,792 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WDMirror.sys -- (wdmirror) DRV - [2009.07.14 00:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\k57nd60x.sys -- (k57nd60x) DRV - [2009.06.26 00:12:18 | 001,168,880 | ---- | M] (Bison Electronics. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BisonC07.sys -- (Cam5607) DRV - [2009.06.15 04:46:22 | 000,475,648 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService) DRV - [2009.05.19 15:43:08 | 000,021,520 | ---- | M] (Lenovo Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AcpiVpc.sys -- (ACPIVPC) DRV - [2009.05.14 02:40:38 | 004,231,680 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (netw5v32) DRV - [2009.04.29 15:37:26 | 000,025,088 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\KMWDFILTER.sys -- (KMWDFILTERx86) DRV - [2008.08.06 14:34:16 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\..\SearchScopes,DefaultScope = {7C330050-6BE3-450A-9ECC-E81F45A3919F} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\..\SearchScopes\{7C330050-6BE3-450A-9ECC-E81F45A3919F}: "URL" = hxxp://www.google.de/search?q={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) [2012.10.26 16:00:47 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [Energy Management] C:\Programme\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited) O4 - HKLM..\Run: [EnergyUtility] C:\Programme\Lenovo\Energy Management\utility.exe (Lenovo(beijing) Limited) O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) O4 - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe () O4 - HKLM..\Run: [UpdateP2GShortCut] C:\Program Files\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\windows\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\karinmarc\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{62197E85-84AE-4249-86CA-DBE422890DB0}: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.06.13 09:34:42 | 000,000,000 | ---D | C] -- C:\windows\ERUNT [2013.06.13 09:34:31 | 000,000,000 | ---D | C] -- C:\JRT [2013.06.12 17:08:32 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2013.06.12 17:08:23 | 000,000,000 | ---D | C] -- C:\windows\temp [2013.06.12 17:05:57 | 000,000,000 | ---D | C] -- C:\Users\karinmarc\AppData\Local\temp [2013.06.12 16:56:01 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe [2013.06.12 16:56:01 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe [2013.06.12 16:56:01 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe [2013.06.12 16:55:46 | 000,000,000 | ---D | C] -- C:\Qoobox [2013.06.12 16:55:14 | 000,000,000 | ---D | C] -- C:\windows\erdnt [2013.06.12 07:34:39 | 000,000,000 | ---D | C] -- C:\FRST [2013.06.11 19:19:31 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group [2013.06.11 19:19:16 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard [2013.05.27 09:36:13 | 000,000,000 | ---D | C] -- C:\Users\karinmarc\Desktop\LMZ [2013.05.15 21:14:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PRD [2013.05.15 21:13:35 | 000,000,000 | ---D | C] -- C:\ProgramData\PRD ========== Files - Modified Within 30 Days ========== [2013.06.13 15:52:01 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job [2013.06.13 15:42:53 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2013.06.13 11:41:35 | 000,009,696 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.06.13 11:41:35 | 000,009,696 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.06.13 11:33:04 | 774,316,032 | -HS- | M] () -- C:\hiberfil.sys [2013.06.07 14:57:39 | 000,025,185 | ---- | M] () -- C:\windows\System32\ieuinit.inf [2013.06.05 07:42:21 | 000,701,108 | ---- | M] () -- C:\windows\System32\perfh007.dat [2013.06.05 07:42:21 | 000,662,950 | ---- | M] () -- C:\windows\System32\perfh009.dat [2013.06.05 07:42:21 | 000,147,762 | ---- | M] () -- C:\windows\System32\perfc007.dat [2013.06.05 07:42:21 | 000,124,144 | ---- | M] () -- C:\windows\System32\perfc009.dat [2013.06.04 21:56:28 | 000,005,454 | ---- | M] () -- C:\Users\karinmarc\.recently-used.xbel [2013.05.17 11:04:06 | 000,438,800 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT [2013.05.15 21:14:14 | 000,002,189 | ---- | M] () -- C:\Users\Public\Desktop\Small- und XL-Talker-Emulation Pro 5.09.lnk ========== Files Created - No Company Name ========== [2013.06.12 16:56:01 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe [2013.06.12 16:56:01 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe [2013.06.12 16:56:01 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe [2013.06.12 16:56:01 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe [2013.06.12 16:56:01 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe [2013.06.07 14:57:39 | 000,025,185 | ---- | C] () -- C:\windows\System32\ieuinit.inf [2013.06.04 21:56:28 | 000,005,454 | ---- | C] () -- C:\Users\karinmarc\.recently-used.xbel [2013.05.15 21:14:14 | 000,002,189 | ---- | C] () -- C:\Users\Public\Desktop\Small- und XL-Talker-Emulation Pro 5.09.lnk [2011.02.18 17:04:54 | 000,015,872 | ---- | C] () -- C:\Users\karinmarc\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.12.03 21:01:35 | 000,071,773 | ---- | C] () -- C:\Users\karinmarc\AppData\Roaming\mdbu.bin [2010.08.17 18:24:38 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010.08.09 22:31:04 | 000,000,085 | -HS- | C] () -- C:\ProgramData\.zreglib ========== ZeroAccess Check ========== [2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2012.04.23 20:38:44 | 000,000,000 | ---D | M] -- C:\Users\karinmarc\AppData\Roaming\Audacity [2013.04.02 20:11:23 | 000,000,000 | ---D | M] -- C:\Users\karinmarc\AppData\Roaming\Daiwi [2012.04.21 20:40:22 | 000,000,000 | ---D | M] -- C:\Users\karinmarc\AppData\Roaming\DVDVideoSoft [2010.03.31 18:16:37 | 000,000,000 | ---D | M] -- C:\Users\karinmarc\AppData\Roaming\EasyCapture [2012.07.06 20:29:37 | 000,000,000 | ---D | M] -- C:\Users\karinmarc\AppData\Roaming\Eendsoft [2013.02.26 20:04:32 | 000,000,000 | ---D | M] -- C:\Users\karinmarc\AppData\Roaming\gtk-2.0 [2012.10.26 16:01:03 | 000,000,000 | ---D | M] -- C:\Users\karinmarc\AppData\Roaming\PDFReaderPackages [2012.10.26 16:01:10 | 000,000,000 | ---D | M] -- C:\Users\karinmarc\AppData\Roaming\SumatraPDF [2013.05.13 13:41:49 | 000,000,000 | ---D | M] -- C:\Users\karinmarc\AppData\Roaming\TuneUp Software [2013.04.02 16:40:18 | 000,000,000 | ---D | M] -- C:\Users\karinmarc\AppData\Roaming\Ucqyu [2013.03.23 10:37:10 | 000,000,000 | ---D | M] -- C:\Users\karinmarc\AppData\Roaming\Ynha ========== Purity Check ========== < End of report > |
|
| Themen zu Wie GVU-Trojaner entfernen? |
| adobe, antivir, autorun, avira, bho, converter, defender, desktop, entfernen, error, esgscanner.sys, firefox, flash player, format, frage, home, installation, logfile, mp3, plug-in, recycle.bin, registry, scan, senden, server, software, virus, windows |
Linear-Darstellung
