Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
GVU Trojaner auf Windows 7 Rechner

GVU Trojaner auf Windows 7 Rechner


Log-Analyse und Auswertung: GVU Trojaner auf Windows 7 Rechner

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 03.07.2013, 15:19   #1
hansi14
 
GVU Trojaner auf Windows 7 Rechner - Standard

GVU Trojaner auf Windows 7 Rechner


GVU Trojaner sperrt meinen Rechner. Habe mit OTLPE einen Scan durchgeführt. OTL.txt wurde erstellt. Kann mir bitte jemand weiterhelfen, was ich nun tun soll?
Gruß
Hansi


Code:
ATTFilter
OTL logfile created on: 7/3/2013 5:00:14 PM - Run 
OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE
64bit-Windows 7 Professional Service Pack 1 (Version = 6.1.7601) - Type = System
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 87.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 96.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = D: | %SystemRoot% = D:\Windows | %ProgramFiles% = D:\Program Files (x86)
Drive C: | 12.76 Gb Total Space | 5.30 Gb Free Space | 41.55% Space Free | Partition Type: NTFS
Drive D: | 285.29 Gb Total Space | 173.29 Gb Free Space | 60.74% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet003
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2012/09/11 09:32:12 | 000,158,720 | ---- | M] (Total Defense Inc.) [Auto] -- D:\Program Files\CA\SharedComponents\Agent\TDAgent.exe -- (TD Agent Service)
SRV:64bit: - [2012/09/11 03:24:36 | 000,240,640 | ---- | M] (Total Defense, Inc.) [Auto] -- D:\Program Files\CA\TotalDefense\EndPointClient\EndpointProtection\isafe.exe -- (isafe)
SRV:64bit: - [2012/09/11 03:24:32 | 000,413,776 | ---- | M] (Total Defense, Inc.) [Auto] -- D:\Program Files\CA\TotalDefense\EndPointClient\EndpointProtection\ccschedulersvc.exe -- (ccSchedulerSvc)
SRV:64bit: - [2012/09/11 03:24:31 | 000,320,080 | ---- | M] (Total Defense, Inc.) [Auto] -- D:\Program Files\CA\Entitlement\ccprovsp.exe -- (Total Defense Common Elevation Service)
SRV:64bit: - [2012/03/03 01:50:24 | 000,901,632 | ---- | M] (CA) [Auto] -- D:\Program Files\CA\SharedComponents\TMEngine\UmxEngine.exe -- (UmxEngine)
SRV:64bit: - [2011/09/12 16:26:08 | 000,291,656 | ---- | M] (CA) [Auto] -- D:\Program Files\CA\SharedComponents\AMS\win\x64\CAAMSvc.exe -- (CAAMSvc)
SRV:64bit: - [2011/08/24 17:17:34 | 002,279,320 | ---- | M] (Dell Inc.) [Auto] -- D:\Program Files\Dell\Feature Enhancement Pack\DFEPService.exe -- (DFEPService)
SRV:64bit: - [2011/07/01 14:52:32 | 001,600,000 | ---- | M] (Wave Systems Corp.) [Auto] -- D:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe -- (Wave Authentication Manager Service)
SRV:64bit: - [2011/05/27 18:46:56 | 003,792,240 | ---- | M] (Wave Systems Corp.) [Auto] -- D:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe -- (TdmService)
SRV:64bit: - [2011/05/24 16:42:08 | 002,154,888 | ---- | M] (Wave Systems Corp.) [On_Demand] -- D:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Secure Storage Manager\SecureStorageService.exe -- (SecureStorageService)
SRV:64bit: - [2011/05/13 11:10:44 | 001,043,872 | ---- | M] (Broadcom Corporation) [Auto] -- D:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe -- (Credential Vault Host Control Service)
SRV:64bit: - [2011/05/13 11:10:44 | 000,036,768 | ---- | M] (Broadcom Corporation) [Auto] -- D:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe -- (Credential Vault Host Storage)
SRV:64bit: - [2011/02/08 02:41:16 | 000,956,192 | ---- | M] (Broadcom Corporation.) [Auto] -- D:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2011/01/25 05:57:18 | 000,296,448 | ---- | M] (IDT, Inc.) [Auto] -- D:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
SRV:64bit: - [2010/12/23 15:23:48 | 001,515,792 | ---- | M] (Intel(R) Corporation) [Auto] -- D:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel(R)
SRV:64bit: - [2010/12/23 15:14:10 | 000,992,256 | ---- | M] (Intel(R) Corporation) [Auto] -- D:\Program Files\Intel\WiFi\bin\ZCfgSvc7.exe -- (ZcfgSvc7) Intel(R)
SRV:64bit: - [2010/12/23 15:07:12 | 000,845,584 | ---- | M] (Intel(R) Corporation) [Auto] -- D:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel(R)
SRV:64bit: - [2010/09/22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled] -- D:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/09/22 01:05:24 | 000,165,032 | ---- | M] (Intel Corporation) [Auto] -- D:\Windows\System32\IPROSetMonitor.exe -- (Intel(R) PROSet Monitoring Service) Intel(R)
SRV:64bit: - [2010/02/10 21:50:50 | 000,072,296 | ---- | M] (O2Micro International) [Auto] -- D:\Windows\System32\drivers\o2flash.exe -- (O2FLASH)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto] -- D:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Windows\System32\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009/03/03 06:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto] -- D:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)
SRV:64bit: - [2007/10/24 11:20:04 | 001,242,992 | ---- | M] (RealVNC Ltd.) [Auto] -- D:\Program Files\RealVNC\VNC4\WinVNC4.exe -- (WinVNC4)
SRV - [2013/06/03 10:21:54 | 000,162,408 | R--- | M] (Skype Technologies) [Auto] -- D:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/04/26 01:25:36 | 000,389,632 | ---- | M] (Apple Inc.) [Auto] -- D:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\mDNSResponder.exe -- (RIM MDNS)
SRV - [2013/04/26 01:25:18 | 001,235,456 | ---- | M] (Research In Motion Limited) [Auto] -- D:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\tunmgr.exe -- (RIM Tunnel Service)
SRV - [2013/02/06 06:23:14 | 000,585,728 | ---- | M] (Research In Motion Limited) [On_Demand] -- D:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe -- (BlackBerry Device Manager)
SRV - [2012/12/14 05:17:04 | 003,467,768 | ---- | M] (TeamViewer GmbH) [Auto] -- D:\Program Files (x86)\Teamviewer\Version8\TeamViewer_Service.exe -- (TeamViewer8)
SRV - [2012/09/23 15:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto] -- D:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/07/08 19:40:10 | 000,104,912 | ---- | M] (Microsoft Corporation) [Auto] -- D:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2011/08/08 23:46:06 | 002,656,536 | ---- | M] (Intel Corporation) [Auto] -- D:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2011/08/08 23:46:04 | 000,325,912 | ---- | M] (Intel Corporation) [Auto] -- D:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2011/06/07 13:25:12 | 000,191,752 | ---- | M] (Microsoft Corporation.) [On_Demand] -- D:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/05/12 17:59:00 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto] -- D:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2011/02/24 01:10:24 | 000,212,944 | ---- | M] (Intel Corporation) [Auto] -- D:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe -- (jhi_service) Intel(R)
SRV - [2011/02/17 10:08:52 | 001,633,280 | ---- | M] () [Auto] -- D:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe -- (tcsd_win32.exe)
SRV - [2010/11/25 06:34:18 | 000,219,632 | ---- | M] (Sonic Solutions) [Auto] -- D:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe -- (RoxWatch12)
SRV - [2010/11/25 06:33:18 | 001,116,656 | ---- | M] (Sonic Solutions) [On_Demand] -- D:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe -- (RoxMediaDB12OEM)
SRV - [2010/09/22 09:21:26 | 000,104,784 | ---- | M] (Ferrari electronic AG) [Auto] -- D:\Program Files (x86)\Common Files\FFUMS\ffmux32.exe -- (ffmux32)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled] -- D:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/06/16 03:39:58 | 000,064,000 | ---- | M] (Oracle Corporation) [Auto] -- D:\oracle\product\10.2.0\client_2\bin\omtsreco.exe -- (OracleMTSRecoveryService)
SRV - [2003/04/18 22:06:26 | 000,008,192 | ---- | M] () [Auto] -- D:\Windows\SysWOW64\srvany.exe -- (O2SDIOAssist)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013/04/26 01:23:00 | 000,017,920 | ---- | M] (Research in Motion Limited) [Kernel | On_Demand] -- D:\Windows\System32\drivers\rimvndis6_AMD64.sys -- (rimvndis)
DRV:64bit: - [2013/02/12 00:12:05 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\usb80236.sys -- (usbrndis6)
DRV:64bit: - [2013/01/03 07:50:48 | 000,078,336 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand] -- D:\Windows\System32\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV:64bit: - [2012/12/10 09:48:02 | 000,044,544 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand] -- D:\Windows\System32\drivers\RimSerial_AMD64.sys -- (RimVSerPort)
DRV:64bit: - [2012/03/03 01:55:04 | 000,126,544 | ---- | M] (CA) [File_System | System] -- D:\Windows\System32\drivers\KmxAgent.sys -- (KmxAgent)
DRV:64bit: - [2012/03/03 01:54:26 | 000,383,568 | ---- | M] (CA) [Kernel | System] -- D:\Windows\System32\drivers\KmxCfg.sys -- (KmxCfg)
DRV:64bit: - [2012/03/03 01:52:42 | 000,182,864 | ---- | M] (CA) [File_System | Boot] -- D:\Windows\System32\drivers\KmxAMRT.sys -- (KmxAMRT)
DRV:64bit: - [2011/08/01 10:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011/07/22 16:28:56 | 000,027,760 | ---- | M] (ST Microelectronics) [Kernel | On_Demand] -- D:\Windows\System32\drivers\accelern.sys -- (Acceler)
DRV:64bit: - [2011/07/19 18:24:20 | 000,020,424 | ---- | M] (Dell Inc.) [Kernel | On_Demand] -- D:\Windows\system32\drivers\HBtnKey.sys -- (HBtnKey)
DRV:64bit: - [2011/07/15 16:31:22 | 000,022,128 | ---- | M] (ST Microelectronics) [Kernel | Boot] -- D:\Windows\System32\drivers\stdcfltn.sys -- (stdcfltn)
DRV:64bit: - [2011/06/17 15:54:22 | 000,313,696 | ---- | M] (Microsoft Corporation) [File_System | Disabled] -- D:\Windows\System32\drivers\RsFx0151.sys -- (RsFx0151)
DRV:64bit: - [2011/06/10 15:16:08 | 012,230,912 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/05/26 14:55:02 | 000,368,464 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2011/05/10 15:05:48 | 000,038,504 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\cvusbdrv.sys -- (cvusbdrv)
DRV:64bit: - [2011/03/23 17:51:32 | 000,083,560 | ---- | M] (O2Micro ) [Kernel | On_Demand] -- D:\Windows\System32\drivers\o2sdjw7x64.sys -- (O2SDJRDR)
DRV:64bit: - [2011/01/25 05:57:18 | 000,520,192 | ---- | M] (IDT, Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2011/01/03 18:19:56 | 000,074,984 | ---- | M] (O2Micro ) [Kernel | On_Demand] -- D:\Windows\System32\drivers\O2MDRw7x64.sys -- (O2MDRRDR)
DRV:64bit: - [2011/01/03 16:04:44 | 000,072,808 | ---- | M] (O2Micro ) [Kernel | On_Demand] -- D:\Windows\system32\drivers\O2MDFw7x64.sys -- (O2MDFRDR)
DRV:64bit: - [2010/12/21 15:08:48 | 008,505,856 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\NETwNs64.sys -- (NETwNs64) ___ Intel(R)
DRV:64bit: - [2010/11/20 23:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 23:23:48 | 000,168,448 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\netvsc60.sys -- (netvsc)
DRV:64bit: - [2010/11/20 23:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\system32\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/11/20 23:23:48 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\VMBusVideoM.sys -- (SynthVid)
DRV:64bit: - [2010/11/20 23:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\system32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/10/28 11:42:32 | 000,315,568 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\e1c62x64.sys -- (e1cexpress) Intel(R)
DRV:64bit: - [2010/10/19 22:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\HECIx64.sys -- (MEIx64) Intel(R)
DRV:64bit: - [2010/10/15 05:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)
DRV:64bit: - [2010/07/21 14:13:40 | 000,032,240 | ---- | M] (Dell Inc) [Kernel | Boot] -- D:\Windows\System32\drivers\PBADRV.SYS -- (PBADRV)
DRV:64bit: - [2010/03/19 04:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot] -- D:\Windows\System32\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2010/02/26 20:32:14 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- D:\Windows\system32\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009/09/16 17:08:48 | 000,172,960 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2009/07/13 20:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\rootmdm.sys -- (ROOTMODEM)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- D:\Windows\system32\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- D:\Windows\system32\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\b57nd60a.sys -- (b57nd60a)
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\Administrator.TH-HOEFT_ON_D\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/USREL/8
IE - HKU\Administrator.TH-HOEFT_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/USREL/8
IE - HKU\Administrator.TH-HOEFT_ON_D\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\administrator_ON_D\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/USREL/8
IE - HKU\administrator_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/USREL/8
IE - HKU\administrator_ON_D\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\hoeft.TUGDOM_ON_D\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/USREL/8
IE - HKU\hoeft.TUGDOM_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.thomashilfen.com/
IE - HKU\hoeft.TUGDOM_ON_D\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\Hoeft_ON_D\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/USREL/8
IE - HKU\Hoeft_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/USREL/8
IE - HKU\Hoeft_ON_D\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: D:\Windows\System32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: D:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: D:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: D:\Program Files\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/ShockwavePlayer: D:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: D:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: D:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: D:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: D:\Program Files (x86)\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: D:\Program Files (x86)\Microsoft Office\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: D:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: D:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: D:\Program Files (x86)\Common Files\Research in Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\Adobe Reader: D:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
 
[2013/02/08 09:29:12 | 000,000,000 | ---D | M] (No name found) -- D:\Program Files (x86)\Mozilla Firefox\extensions
 
O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - D:\Windows\System32\drivers\etc\hosts
O2:64bit: - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - D:\Program Files (x86)\TechSmith\SnagIt 8\DLLx64\SnagItBHO64.dll (TechSmith Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - D:\Program Files (x86)\TechSmith\SnagIt 8\SnagItBHO.dll (TechSmith Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - D:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Softonic Helper Object) - {E87806B5-E908-45FD-AF5E-957D83E58E68} - D:\Program Files (x86)\Softonic\Softonic\1.8.8.11\bh\Softonic.dll (Softonic.com)
O3:64bit: - HKLM\..\Toolbar: (SnagIt) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - D:\Program Files (x86)\TechSmith\SnagIt 8\DLLx64\SnagItIEAddin64.dll (TechSmith Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Softonic Toolbar) - {5018CFD2-804D-4C99-9F81-25EAEA2769DE} - D:\Program Files (x86)\Softonic\Softonic\1.8.8.11\SoftonicTlbr.dll (Softonic.com)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - D:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (SnagIt) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - D:\Program Files (x86)\TechSmith\SnagIt 8\SnagItIEAddin.dll (TechSmith Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\administrator_ON_D\..\Toolbar\WebBrowser: (no name) - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No CLSID value found.
O3 - HKU\hoeft.TUGDOM_ON_D\..\Toolbar\WebBrowser: (no name) - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Apoint] D:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [CATM] D:\Program Files\CA\TotalDefense\EndPointClient\EndpointProtection\catm.exe (Total Defense, Inc.)
O4:64bit: - HKLM..\Run: [DBRMTray] D:\dell\DBRM\Reminder\DbrmTrayicon.exe (Dell Computer Corporation)
O4:64bit: - HKLM..\Run: [DFEPApplication] D:\Program Files\Dell\Feature Enhancement Pack\DFEPApplication.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [EventMgt] D:\Program Files\CA\TotalDefense\EndPointClient\EndpointProtection\ccEvtMgr.exe (Total Defense, Inc.)
O4:64bit: - HKLM..\Run: [FreeFallProtection] D:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe ()
O4:64bit: - HKLM..\Run: [IntelliPoint] D:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [IntelPROSet] D:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
O4:64bit: - HKLM..\Run: [pdfFactory Dispatcher v3] D:\Windows\System32\spool\DRIVERS\x64\3\fppdis3a.exe (FinePrint Software, LLC)
O4:64bit: - HKLM..\Run: [SysTrayApp] D:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4:64bit: - HKLM..\Run: [TdmNotify] D:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe (Wave Systems Corp.)
O4:64bit: - HKLM..\Run: [UpdateOnStartUp] D:\Program Files\CA\TotalDefense\EndPointClient\EndpointProtection\catm.exe (Total Defense, Inc.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Dell Webcam Central] D:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [IMSS] D:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe (Intel Corporation)
O4 - HKLM..\Run: [RIM PeerManager] D:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\PeerManager.exe (Research In Motion Limited)
O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] D:\Program Files (x86)\Common Files\Research in Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
O4 - HKU\hoeft.TUGDOM_ON_D..\Run: [qcgce2mrvjq91kk1e7pnbb19m52fx] D:\Users\hoeft.TUGDOM\AppData\Local\Temp\mkmemvfppwkisnljh.exe (NVIDIA Corporation)
O4 - HKU\hoeft.TUGDOM_ON_D..\Run: [wwomqhshfkkbwas]  File not found
O4 - HKU\LocalService_ON_D..\Run: [Sidebar] D:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_D..\Run: [Sidebar] D:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4:64bit: - HKLM..\RunOnce: [DBRMTray] D:\dell\DBRM\Reminder\TrayApp.exe (Microsoft)
O4 - HKU\LocalService_ON_D..\RunOnce: [mctadmin]  File not found
O4 - HKU\NetworkService_ON_D..\RunOnce: [mctadmin]  File not found
O4 - Startup: D:\Users\administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk ()
O4 - Startup: D:\Users\Administrator.TH-HOEFT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk ()
O4 - Startup: D:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk ()
O4 - Startup: D:\Users\Hoeft\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk ()
O4 - Startup: D:\Users\hoeft.TUGDOM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk ()
O4 - Startup: D:\Users\hoeft.TUGDOM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O7 - HKU\Administrator.TH-HOEFT_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\administrator_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\hoeft.TUGDOM_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\hoeft.TUGDOM_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoThumbnailCache = 1
O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - D:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - D:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - D:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - D:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - D:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - D:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - D:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - D:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 -  File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 -  File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000014 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - D:\Windows\SysWow64\VetRedir.dll (Total Defense, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - D:\Windows\SysWow64\VetRedir.dll (Total Defense, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - D:\Windows\SysWow64\VetRedir.dll (Total Defense, Inc.)
O13:64bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15:64bit: - administrator_ON_D\..Trusted Domains: localhost ([]http in Local intranet)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Reg Error: Value error.)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 10.9.2)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 10.9.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = tugnet.de
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} -  File not found
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} -  File not found
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} -  File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) -  File not found
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -  File not found
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -  File not found
O20 - HKLM Winlogon: UserInit - (userinit.exe) -  File not found
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -  File not found
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKU\hoeft.TUGDOM_ON_D Winlogon: Shell - (cmd.exe) -  File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - igfxdev.dll -  File not found
O20:64bit: - Winlogon\Notify\spba: DllName - C:\Program Files\Common Files\SPBA\homefus2.dll - D:\Program Files\Common Files\SPBA\homefus2.dll (UPEK Inc.)
O20 - Winlogon\Notify\PFW: DllName - UmxWnp.Dll -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O29:64bit: - HKLM SecurityProviders - (credssp.dll) -  File not found
O29 - HKLM SecurityProviders - (credssp.dll) -  File not found
O30:64bit: - LSA: Authentication Packages - (wvauth) - D:\Windows\System32\wvauth.dll (Wave Systems Corp.)
O30 - LSA: Authentication Packages - (wvauth) -  File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
64bit: O35 - HKLM\..comfile [open] -- "%1" %* File not found
64bit: O35 - HKLM\..exefile [open] -- "%1" %* File not found
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/06/20 16:33:38 | 000,096,768 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\mshtmled.dll
[2013/06/20 16:33:38 | 000,073,216 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\mshtmled.dll
[2013/06/20 16:33:37 | 000,176,640 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\ieui.dll
[2013/06/20 16:33:36 | 000,248,320 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\ieui.dll
[2013/06/20 16:33:36 | 000,237,056 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\url.dll
[2013/06/20 16:33:36 | 000,231,936 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\url.dll
[2013/06/20 16:33:36 | 000,173,056 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\ieUnatt.exe
[2013/06/20 16:33:36 | 000,142,848 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\ieUnatt.exe
[2013/06/20 16:33:35 | 002,312,704 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\jscript9.dll
[2013/06/20 16:33:35 | 001,494,528 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\inetcpl.cpl
[2013/06/20 16:33:35 | 001,427,968 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\inetcpl.cpl
[2013/06/20 16:33:35 | 000,729,088 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\msfeeds.dll
[2013/06/20 16:33:35 | 000,607,744 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\msfeeds.dll
[2013/06/20 16:33:34 | 001,800,704 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\jscript9.dll
[2013/06/20 16:33:34 | 000,816,640 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\jscript.dll
[2013/06/20 16:33:34 | 000,717,824 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\jscript.dll
[2013/06/20 16:33:34 | 000,599,040 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\vbscript.dll
[2013/06/14 02:00:06 | 000,751,104 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\win32spl.dll
[2013/06/14 02:00:06 | 000,492,544 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\win32spl.dll
[2013/06/14 02:00:04 | 001,464,320 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\crypt32.dll
[2013/06/14 02:00:04 | 001,192,448 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\certutil.exe
[2013/06/14 02:00:04 | 000,903,168 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\certutil.exe
[2013/06/14 02:00:04 | 000,139,776 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\cryptnet.dll
[2013/06/14 02:00:03 | 000,052,224 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\certenc.dll
[2013/06/14 02:00:03 | 000,043,008 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\certenc.dll
[1 D:\Windows\*.tmp files -> D:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/07/03 08:56:04 | 000,067,584 | --S- | M] () -- D:\Windows\bootstat.dat
[2013/07/03 08:56:01 | 3127,558,144 | -HS- | M] () -- D:\hiberfil.sys
[2013/07/02 17:55:33 | 000,083,452 | ---- | M] () -- D:\Windows\System32\drivers\KmxAgent.asc
[2013/07/02 17:55:33 | 000,032,093 | ---- | M] () -- D:\Windows\System32\drivers\kmxcfg.u2k0
[2013/07/02 17:55:33 | 000,000,085 | ---- | M] () -- D:\Windows\System32\drivers\kmxcfg.u2k7
[2013/07/02 17:55:33 | 000,000,085 | ---- | M] () -- D:\Windows\System32\drivers\kmxcfg.u2k6
[2013/07/02 17:55:33 | 000,000,085 | ---- | M] () -- D:\Windows\System32\drivers\kmxcfg.u2k5
[2013/07/02 17:55:33 | 000,000,085 | ---- | M] () -- D:\Windows\System32\drivers\kmxcfg.u2k4
[2013/07/02 17:55:33 | 000,000,085 | ---- | M] () -- D:\Windows\System32\drivers\kmxcfg.u2k3
[2013/07/02 17:55:33 | 000,000,085 | ---- | M] () -- D:\Windows\System32\drivers\kmxcfg.u2k2
[2013/07/02 17:55:33 | 000,000,085 | ---- | M] () -- D:\Windows\System32\drivers\kmxcfg.u2k1
[2013/07/02 17:55:33 | 000,000,049 | ---- | M] () -- D:\Windows\System32\drivers\kmxzone.u2k7
[2013/07/02 17:55:33 | 000,000,049 | ---- | M] () -- D:\Windows\System32\drivers\kmxzone.u2k6
[2013/07/02 17:55:33 | 000,000,049 | ---- | M] () -- D:\Windows\System32\drivers\kmxzone.u2k5
[2013/07/02 17:55:33 | 000,000,049 | ---- | M] () -- D:\Windows\System32\drivers\kmxzone.u2k4
[2013/07/02 17:55:33 | 000,000,049 | ---- | M] () -- D:\Windows\System32\drivers\kmxzone.u2k3
[2013/07/02 17:55:33 | 000,000,049 | ---- | M] () -- D:\Windows\System32\drivers\kmxzone.u2k2
[2013/07/02 17:55:33 | 000,000,049 | ---- | M] () -- D:\Windows\System32\drivers\kmxzone.u2k1
[2013/07/02 17:55:33 | 000,000,049 | ---- | M] () -- D:\Windows\System32\drivers\kmxzone.u2k0
[2013/07/02 17:48:10 | 000,021,088 | -H-- | M] () -- D:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/07/02 17:48:10 | 000,021,088 | -H-- | M] () -- D:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/07/02 17:30:45 | 001,084,731 | ---- | M] () -- D:\Users\hoeft.TUGDOM\AppData\Roaming\2433f433
[2013/07/02 17:30:45 | 001,084,686 | ---- | M] () -- D:\ProgramData\2433f433
[2013/07/02 17:30:45 | 001,084,677 | ---- | M] () -- D:\Users\hoeft.TUGDOM\AppData\Local\2433f433
[2013/06/26 17:16:57 | 000,101,714 | ---- | M] () -- D:\Users\hoeft.TUGDOM\Documents\de.delta.com_PCCOciWeb_selectBoardingPassNext.action.pdf
[2013/06/26 17:16:57 | 000,101,714 | ---- | M] () -- D:\Users\hoeft.TUGDOM\Documents\de.delta.com_PCCOciWeb_selectBoardingPassNext.action - Kopie.pdf
[2013/06/20 13:49:19 | 003,604,831 | ---- | M] () -- D:\Users\hoeft.TUGDOM\Documents\Kimba_neo_647G771-EN-05-1204p.pdf
[2013/06/20 13:42:39 | 003,862,637 | ---- | M] () -- D:\Users\hoeft.TUGDOM\Documents\Kimba-family-of-products-brochure.pdf
[2013/06/17 15:58:17 | 000,102,925 | ---- | M] () -- D:\Users\hoeft.TUGDOM\Documents\Internet-CheckIn-Boarding-Docs_18062013.pdf
[2013/06/17 15:35:52 | 000,221,221 | ---- | M] () -- D:\Users\hoeft.TUGDOM\Documents\Internet-CheckIn-Boarding-Docs.pdf
[2013/06/14 07:27:53 | 004,328,225 | ---- | M] () -- D:\Users\hoeft.TUGDOM\Documents\pic1.jpg
[1 D:\Windows\*.tmp files -> D:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/07/02 17:30:45 | 001,084,731 | ---- | C] () -- D:\Users\hoeft.TUGDOM\AppData\Roaming\2433f433
[2013/07/02 17:30:45 | 001,084,686 | ---- | C] () -- D:\ProgramData\2433f433
[2013/07/02 17:30:45 | 001,084,677 | ---- | C] () -- D:\Users\hoeft.TUGDOM\AppData\Local\2433f433
[2013/07/01 11:40:21 | 000,101,714 | ---- | C] () -- D:\Users\hoeft.TUGDOM\Documents\de.delta.com_PCCOciWeb_selectBoardingPassNext.action - Kopie.pdf
[2013/06/26 17:16:57 | 000,101,714 | ---- | C] () -- D:\Users\hoeft.TUGDOM\Documents\de.delta.com_PCCOciWeb_selectBoardingPassNext.action.pdf
[2013/06/26 15:51:57 | 000,150,102 | ---- | C] () -- D:\Users\hoeft.TUGDOM\Documents\Export2008 142 - Kopie.jpg
[2013/06/20 13:49:19 | 003,604,831 | ---- | C] () -- D:\Users\hoeft.TUGDOM\Documents\Kimba_neo_647G771-EN-05-1204p.pdf
[2013/06/20 13:42:38 | 003,862,637 | ---- | C] () -- D:\Users\hoeft.TUGDOM\Documents\Kimba-family-of-products-brochure.pdf
[2013/06/17 15:58:17 | 000,102,925 | ---- | C] () -- D:\Users\hoeft.TUGDOM\Documents\Internet-CheckIn-Boarding-Docs_18062013.pdf
[2013/06/14 07:27:11 | 004,328,225 | ---- | C] () -- D:\Users\hoeft.TUGDOM\Documents\pic1.jpg
[2012/02/02 05:00:25 | 000,007,168 | ---- | C] () -- D:\Users\hoeft.TUGDOM\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/11/17 09:13:20 | 000,000,225 | ---- | C] () -- D:\Windows\ODBC.INI
[2011/11/03 16:40:33 | 000,963,116 | ---- | C] () -- D:\Windows\SysWow64\igkrng600.bin
[2011/11/03 16:40:32 | 000,218,304 | ---- | C] () -- D:\Windows\SysWow64\igfcg600m.bin
[2011/11/03 16:40:31 | 000,056,832 | ---- | C] () -- D:\Windows\SysWow64\igdde32.dll
[2011/11/03 16:40:29 | 000,145,804 | ---- | C] () -- D:\Windows\SysWow64\igcompkrng600.bin
[2011/11/03 16:40:28 | 013,906,944 | ---- | C] () -- D:\Windows\SysWow64\ig4icd32.dll
[2011/11/03 14:22:52 | 000,080,368 | ---- | C] () -- D:\Windows\SysWow64\pbadrvdll.dll
[2011/11/03 14:19:51 | 000,032,256 | ---- | C] () -- D:\Windows\SysWow64\instsrv.exe
[2011/11/03 14:19:51 | 000,008,192 | ---- | C] () -- D:\Windows\SysWow64\srvany.exe
[2011/07/17 14:48:30 | 000,001,052 | R--- | C] () -- \reatogoMenu.ini
[2011/07/17 14:43:36 | 000,000,000 | R--- | C] () -- \WIN51IP.SP2
[2011/07/17 14:43:36 | 000,000,000 | R--- | C] () -- \WIN51IP
[2011/02/11 13:45:27 | 001,777,104 | ---- | C] () -- D:\Windows\SysWow64\PerfStringBackup.INI
[2010/11/20 23:24:49 | 000,252,928 | ---- | C] () -- D:\Windows\SysWow64\DShowRdpFilter.dll
[2010/10/29 08:56:58 | 000,100,352 | ---- | C] () -- D:\Windows\SysWow64\pg32conv.dll
[2010/10/29 08:56:58 | 000,036,360 | ---- | C] () -- D:\Windows\SysWow64\vcgantt.ini
[2010/10/29 08:56:55 | 000,003,964 | ---- | C] () -- D:\Windows\SysWow64\CONTBMP.DAT
[2010/08/19 18:18:20 | 001,008,640 | ---- | C] () -- D:\Windows\SysWow64\DemoLicense.dll
[2009/07/14 01:38:36 | 000,067,584 | --S- | C] () -- D:\Windows\bootstat.dat
[2009/07/13 22:35:51 | 000,000,741 | ---- | C] () -- D:\Windows\SysWow64\NOISE.DAT
[2009/07/13 22:34:42 | 000,215,943 | ---- | C] () -- D:\Windows\SysWow64\dssec.dat
[2009/07/13 20:10:29 | 000,043,131 | ---- | C] () -- D:\Windows\mib.bin
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- D:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 18:25:04 | 000,197,632 | ---- | C] () -- D:\Windows\SysWow64\ir32_32.dll
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- D:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- D:\Windows\SysWow64\mlang.dat
[2007/08/16 11:17:50 | 000,143,360 | ---- | C] () -- D:\Windows\SysWow64\nsldap32v50.dll
[2006/03/24 07:06:41 | 000,000,053 | R--- | C] () -- \AUTORUN.INF
[2005/12/21 12:57:04 | 000,024,576 | ---- | C] () -- D:\Windows\SysWow64\nsldappr32v50.dll
[2005/12/21 12:54:34 | 000,040,960 | ---- | C] () -- D:\Windows\SysWow64\nsldapssl32v50.dll
[2005/07/16 17:36:50 | 000,240,128 | R--- | C] () -- \reatogoMenu.exe
 
========== LOP Check ==========
 
[2011/07/17 14:50:33 | 000,000,000 | R--D | M] -- \I386
[2011/07/17 14:43:48 | 000,000,000 | R--D | M] -- \PROGRAMS
[2011/07/17 14:49:08 | 000,000,000 | R--D | M] -- \SFX
[2013/06/15 14:53:45 | 000,032,640 | ---- | M] () -- D:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
< End of report >

Alt 03.07.2013, 15:25   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
GVU Trojaner auf Windows 7 Rechner - Standard

GVU Trojaner auf Windows 7 Rechner




Zitat:
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = t**net.de
Firmenrechner werden hier eigentlich nicht bereinigt

Siehe => http://www.trojaner-board.de/108422-...-anfragen.html

Zitat:
3. Grundsätzlich bereinigen wir keine gewerblich genutzten Rechner. Dafür ist die IT Abteilung eurer Firma zuständig.

Bei Kleinunternehmen, welche keinen IT Support haben, machen wir da eine Ausnahme und helfen gerne ( kleine Spende hilft auch uns ).
Voraussetzung: Ihr teilt uns dies in eurer ersten Antwort mit.

Bedenkt jedoch, dass Logfiles viele heikle Informationen enthalten können ( Kundendaten, Bankdaten, etc ) sowie das Malware die Möglichkeit besitzt, diese auszuspähen und zu missbrauchen. Hier legen wir euch ein Formatieren und Neuaufsetzen nahe.
__________________

__________________
Alt 03.07.2013, 15:33   #3
hansi14
 
GVU Trojaner auf Windows 7 Rechner - Standard

GVU Trojaner auf Windows 7 Rechner


Natürlich würde ich mich für eine Hilfe gerne mit einer Spende bedanken. Ist doch gar keine Frage.
__________________
Alt 03.07.2013, 15:46   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
GVU Trojaner auf Windows 7 Rechner - Standard

GVU Trojaner auf Windows 7 Rechner


Es geht eher um den farbigen Text
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 03.07.2013, 16:23   #5
hansi14
 
GVU Trojaner auf Windows 7 Rechner - Standard

GVU Trojaner auf Windows 7 Rechner


Ok, wahrscheinlich hast du recht und ich sollte den Rechner lieber sofort platt machen. Trotzdem Danke für den Support.


Antwort

Themen zu GVU Trojaner auf Windows 7 Rechner
adobe, bho, bingbar, cdrom, defender, dell computer, error, explorer, explorer.exe, firefox, format, helper, ics, intranet, logfile, microsoft, monitor.exe, nvidia, object, plug-in, registry, scan, secure, software, temp, trojaner, tunnel, usb, webcam, windows, winlogon


« "Maleware Protection" Infektion - Nachprüfung | Weißer Bildschirm »


Ähnliche Themen: GVU Trojaner auf Windows 7 Rechner


  1. Unsichere Dateien von Ubuntu Rechner auf Windows Rechner übertragen
    Alles rund um Mac OSX & Linux - 17.11.2015 (10)
  2. Interpol-Trojaner (ukash) auf Windows XP-Rechner (32Bit)
    Plagegeister aller Art und deren Bekämpfung - 16.07.2014 (28)
  3. Windows 7 / DHL Trojaner / Langsamer Rechner
    Log-Analyse und Auswertung - 26.04.2014 (18)
  4. Mit BKA Trojaner auf Windows XP Rechner infiziert
    Log-Analyse und Auswertung - 21.04.2014 (11)
  5. Windows Vista Rechner mit Interpol Trojaner befallen
    Log-Analyse und Auswertung - 20.03.2014 (3)
  6. GVU-Trojaner auf Windows XP-Rechner, abgesicherter Modus nicht möglich
    Log-Analyse und Auswertung - 07.01.2014 (4)
  7. Windows 7: Interpol Virus/Trojaner, Rechner gesperrt
    Log-Analyse und Auswertung - 29.12.2013 (3)
  8. GVU Trojaner auf einem Windows XP Rechner
    Plagegeister aller Art und deren Bekämpfung - 06.08.2013 (11)
  9. GVU Trojaner auf Windows XP Rechner
    Log-Analyse und Auswertung - 25.07.2013 (17)
  10. GVU Virus/Trojaner auf Windows XP Rechner
    Plagegeister aller Art und deren Bekämpfung - 07.02.2013 (15)
  11. GVU Trojaner auf Windows Vista Rechner
    Log-Analyse und Auswertung - 31.01.2013 (1)
  12. GEMA-Trojaner auf Windows XP-Rechner
    Log-Analyse und Auswertung - 28.11.2012 (31)
  13. GVU Trojaner heute auf Rechner Windows XP
    Plagegeister aller Art und deren Bekämpfung - 12.10.2012 (17)
  14. Bundespolizei-Trojaner auf de Windows-Rechner meiner Schwester
    Plagegeister aller Art und deren Bekämpfung - 05.10.2012 (10)
  15. GEMA Trojaner auf Windows XP Rechner
    Plagegeister aller Art und deren Bekämpfung - 28.08.2012 (4)
  16. Windows Verschlüsselungs- Trojaner auf XP Rechner
    Plagegeister aller Art und deren Bekämpfung - 16.07.2012 (40)
  17. 100 Tan Trojaner auf meinem Rechner Windows 7
    Plagegeister aller Art und deren Bekämpfung - 08.09.2010 (19)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema GVU Trojaner auf Windows 7 Rechner - GVU Trojaner sperrt meinen Rechner. Habe mit OTLPE einen Scan durchgeführt. OTL.txt wurde erstellt. Kann mir bitte jemand weiterhelfen, was ich nun tun soll? Gruß Hansi Code: Alles auswählen Aufklappen - GVU Trojaner auf Windows 7 Rechner...
Archiv
Du betrachtest: GVU Trojaner auf Windows 7 Rechner auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130