Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: GVU Trojaner inkl. rundll-Probleme beim Systemstart

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 15.07.2012, 16:56   #1
Hans D.
 
GVU Trojaner inkl. rundll-Probleme beim Systemstart - Standard

GVU Trojaner inkl. rundll-Probleme beim Systemstart



Hallo,
mich hat es auch mit dem Trojaner erwischt.
Ich habe dann Avira DE Cleaner drüberlaufen lassen.
Jetzt zeigt es beim Systemstart folgendes Problem an:

RUNDLL:
Fehler beim Laden ..../glom0_og.exe

und

Fehler beim Laden C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\msonem.dll

Habe nun OTL installiert und wollte einen Qick-Scan machen, der bleibt aber beim Manuel File Scan hängen.

Was kann man nun tun? Welche Daten fehlen noch zum besseren Verständnis?

P.S. Für mich sind das alles spanische Dörfer, also bitte "kindgerecht" antworten!

Vielen Dank schon im Voraus!
Gruß
Hans D.

Alt 15.07.2012, 17:40   #2
t'john
/// Helfer-Team
 
GVU Trojaner inkl. rundll-Probleme beim Systemstart - Standard

GVU Trojaner inkl. rundll-Probleme beim Systemstart





1. Schritt

Neue Version! Bitte neu runterladen!
Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Malwarebytes Anti-Malware
- Anwendbar auf Windows 2000, XP, Vista und 7.
- Installiere das Programm in den vorgegebenen Pfad.
- Aktiviere "Komplett Scan durchführen" => Scan.
- Wähle alle verfügbaren Laufwerke (ausser CD/DVD) aus und starte den Scan.
- Funde bitte löschen lassen oder in Quarantäne.
- Wenn der Scan beendet ist, klicke auf "Zeige Resultate".

2. Schritt
Systemscan mit OTL (bebilderte Anleitung)

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden)- Doppelklick auf die OTL.exe
- Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
- Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
- Unter Extra Registry, wähle bitte Use SafeList
- Klicke nun auf Run Scan links oben
- Wenn der Scan beendet wurde werden 2 Logfiles erstellt
- Poste die Logfiles hier in den Thread.
__________________

__________________

Alt 17.07.2012, 06:09   #3
Hans D.
 
GVU Trojaner inkl. rundll-Probleme beim Systemstart - Standard

GVU Trojaner inkl. rundll-Probleme beim Systemstart



Hallo und Danke schonmal vorab!
Anbei der Scan von Malwarebytes

Code:
ATTFilter
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.07.16.09

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Besitzer :: MEIER [Administrator]

16.07.2012 19:59:53
mbam-log-2012-07-17 (06-58-31).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 424413
Laufzeit: 2 Stunde(n), 36 Minute(n), 50 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Dokumente und Einstellungen\Besitzer\Startmenü\Programme\Autostart\ctfmon.lnk (Trojan.Ransom.Gen) -> Keine Aktion durchgeführt.

(Ende)
         
OTL Quick-Scan (ist doch irgendwann gegangen)
Code:
ATTFilter
OTL logfile created on: 15.07.2012 18:25:53 - Run 1
OTL by OldTimer - Version 3.2.54.0     Folder = C:\Dokumente und Einstellungen\Besitzer\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,98 Gb Total Physical Memory | 1,44 Gb Available Physical Memory | 72,66% Memory free
3,83 Gb Paging File | 3,17 Gb Available in Paging File | 82,84% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 232,88 Gb Total Space | 45,12 Gb Free Space | 19,38% Space Free | Partition Type: NTFS
 
Computer Name: MEIER | User Name: Besitzer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.07.15 17:03:40 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Besitzer\Desktop\OTL.exe
PRC - [2012.06.30 17:00:09 | 000,935,008 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
PRC - [2012.06.30 17:00:06 | 001,107,552 | ---- | M] () -- C:\Programme\AVG Secure Search\vprot.exe
PRC - [2012.05.30 13:56:52 | 003,048,136 | ---- | M] (Skype Technologies S.A.) -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2012.05.03 18:37:54 | 001,226,096 | ---- | M] (Lavasoft Limited) -- C:\Programme\Ad-Aware Antivirus\AdAwareService.exe
PRC - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.02 00:31:35 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.04.24 02:11:55 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011.10.21 11:09:36 | 000,198,032 | ---- | M] (Lavasoft) -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ad-Aware Browsing Protection\adawarebp.exe
PRC - [2011.10.13 17:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft\BingBar\SeaPort.EXE
PRC - [2011.08.23 13:14:20 | 001,114,112 | ---- | M] (1&1 Internet AG) -- C:\Programme\1&1\1&1 EasyLogin\EasyLogin.exe
PRC - [2010.04.08 15:59:26 | 000,286,720 | ---- | M] (Deutsche Telekom AG, Marmiko IT-Solutions GmbH) -- C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToADiMon.exe
PRC - [2009.12.22 12:31:50 | 000,024,576 | ---- | M] () -- C:\Programme\LG Soft India\EasySetPackage\bin\TestDDCCI.exe
PRC - [2009.12.22 12:30:54 | 000,159,744 | ---- | M] () -- C:\Programme\LG Soft India\EasySetPackage\bin\EasySetPackage.exe
PRC - [2008.04.14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007.01.09 18:16:12 | 000,061,440 | ---- | M] (Deutsche Telekom AG, Marmiko IT-Solutions GmbH) -- C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe
PRC - [2006.03.09 15:30:34 | 000,630,905 | ---- | M] (Diskeeper® Corporation) -- C:\Programme\Diskeeper Corporation\Diskeeper\DkService.exe
PRC - [2005.12.18 18:26:54 | 000,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
PRC - [2004.12.13 04:34:32 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.06.30 17:00:09 | 000,935,008 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
MOD - [2012.06.30 17:00:09 | 000,132,704 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\AVG Secure Search\SiteSafetyInstaller\11.2.0\SiteSafety.dll
MOD - [2012.06.30 17:00:06 | 001,107,552 | ---- | M] () -- C:\Programme\AVG Secure Search\vprot.exe
MOD - [2012.06.14 14:43:55 | 011,817,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\dbc413807cb7360b3e26ef3ca1d54f9a\System.Web.ni.dll
MOD - [2012.06.13 09:22:58 | 012,433,920 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\01abbadafaf265d9f4ac9bbb247acb98\System.Windows.Forms.ni.dll
MOD - [2012.06.13 09:22:35 | 001,592,320 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\d86f2038209a4cf0d0f5b30f6375c9b2\System.Drawing.ni.dll
MOD - [2012.05.10 08:22:11 | 000,771,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\92d58f840f549f9bd880783d43db7e3c\System.Runtime.Remoting.ni.dll
MOD - [2012.05.10 08:21:54 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\3d5b7368bde0f65aa15d9f46b498cc89\System.Configuration.ni.dll
MOD - [2012.05.10 08:21:32 | 000,025,600 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\016444dfc5f7e3d11c776f2fbc7a4594\Accessibility.ni.dll
MOD - [2012.05.10 07:28:16 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\3bba1b8b0b5ef0be238b011cc7a0575e\System.Xml.ni.dll
MOD - [2012.05.10 07:24:26 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll
MOD - [2012.05.10 07:24:10 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll
MOD - [2012.04.16 23:11:02 | 000,398,288 | ---- | M] () -- C:\Programme\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2012.04.05 21:53:26 | 000,270,336 | ---- | M] () -- C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
MOD - [2012.03.26 21:47:33 | 000,016,832 | ---- | M] () -- C:\Programme\Adobe\Reader 9.0\Reader\ViewerPS.dll
MOD - [2012.02.17 20:55:35 | 000,166,912 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll
MOD - [2011.07.29 10:32:58 | 000,013,824 | ---- | M] () -- C:\Programme\1&1\1&1 EasyLogin\MasterLoginLibrary.dll
MOD - [2010.03.16 12:22:12 | 000,014,848 | ---- | M] () -- C:\Programme\ATI Technologies\ATI.ACE\Core-Static\AxInterop.WBOCXLib.dll
MOD - [2009.12.22 12:31:50 | 000,024,576 | ---- | M] () -- C:\Programme\LG Soft India\EasySetPackage\bin\TestDDCCI.exe
MOD - [2009.12.22 12:30:54 | 000,159,744 | ---- | M] () -- C:\Programme\LG Soft India\EasySetPackage\bin\EasySetPackage.exe
MOD - [2009.12.22 12:30:36 | 000,057,344 | ---- | M] () -- C:\Programme\LG Soft India\EasySetPackage\bin\Hook.dll
MOD - [2009.12.22 12:30:34 | 000,065,536 | ---- | M] () -- C:\WINDOWS\system32\LGErrorHandler.dll
MOD - [2009.12.22 12:30:30 | 000,012,288 | ---- | M] () -- C:\Programme\LG Soft India\EasySetPackage\bin\GerRes.dll
MOD - [2009.02.27 17:41:26 | 000,311,296 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\pdfshell.DEU
MOD - [2001.10.28 17:42:30 | 000,116,224 | ---- | M] () -- C:\WINDOWS\system32\pdfcmnnt.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2012.07.12 10:16:20 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.06.30 17:00:09 | 000,935,008 | ---- | M] () [Auto | Running] -- C:\Programme\Gemeinsame Dateien\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe -- (vToolbarUpdater11.2.0)
SRV - [2012.06.15 00:17:46 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.06.05 15:17:44 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.05.30 13:56:52 | 003,048,136 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012.05.03 18:37:54 | 001,226,096 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Programme\Ad-Aware Antivirus\AdAwareService.exe -- (Ad-Aware Service)
SRV - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.12.19 13:20:06 | 003,289,032 | ---- | M] (GFI Software) [Auto | Stopped] -- C:\Programme\Ad-Aware Antivirus\SBAMSvc.exe -- (SBAMSvc)
SRV - [2011.10.21 15:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Programme\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011.10.13 17:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2011.07.20 06:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2010.01.26 12:41:08 | 000,652,800 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2007.11.26 14:50:04 | 000,294,912 | ---- | M] (T-Systems Enterprise Services GmbH) [Disabled | Stopped] -- C:\Programme\T-Online\DSL-Manager\DslMgrSvc.exe -- (TDslMgrService)
SRV - [2007.04.21 15:54:10 | 000,052,080 | ---- | M] () [On_Demand | Stopped] -- C:\Programme\IVT Corporation\BlueSoleil\StartSkysolSvc.exe -- (Start BT in service)
SRV - [2007.01.09 18:16:12 | 000,061,440 | ---- | M] (Deutsche Telekom AG, Marmiko IT-Solutions GmbH) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe -- (MZCCntrl)
SRV - [2006.10.26 15:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006.03.09 15:30:34 | 000,630,905 | ---- | M] (Diskeeper® Corporation) [Auto | Running] -- C:\Programme\Diskeeper Corporation\Diskeeper\DkService.exe -- (Diskeeper)
SRV - [2005.12.18 18:26:54 | 000,073,728 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe -- (LightScribeService)
SRV - [2005.07.08 16:24:46 | 000,871,424 | ---- | M] (Nero AG) [Disabled | Stopped] -- C:\Programme\Ahead\InCD\InCDsrv.exe -- (InCDsrv)
SRV - [2004.12.13 04:34:32 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\usbaapl.sys -- (USBAAPL)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [File_System | Boot | Stopped] -- system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - [2012.04.27 10:20:04 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.04.25 00:32:27 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012.04.16 21:17:40 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2012.04.06 07:16:18 | 007,746,048 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2012.02.23 14:31:22 | 000,099,856 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AtihdXP3.sys -- (AtiHDAudioService)
DRV - [2011.12.19 12:44:24 | 000,335,224 | ---- | M] (GFI Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SbFw.sys -- (SbFw)
DRV - [2011.12.19 12:44:24 | 000,217,976 | ---- | M] (GFI Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\sbtis.sys -- (sbtis)
DRV - [2011.12.19 12:44:24 | 000,093,816 | ---- | M] (GFI Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sbhips.sys -- (sbhips)
DRV - [2011.11.29 06:59:52 | 000,077,816 | ---- | M] (GFI Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\sbapifs.sys -- (sbapifs)
DRV - [2011.11.29 06:59:48 | 000,021,240 | ---- | M] (GFI Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\sbaphd.sys -- (sbaphd)
DRV - [2011.10.26 14:23:40 | 000,101,112 | ---- | M] (GFI Software) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\SBREDrv.sys -- (SBRE)
DRV - [2011.09.29 12:16:18 | 000,094,584 | ---- | M] (GFI Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SbFwIm.sys -- (SBFWIMCLMP)
DRV - [2011.09.29 12:16:18 | 000,094,584 | ---- | M] (GFI Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SbFwIm.sys -- (SBFWIMCL)
DRV - [2010.08.27 13:23:08 | 000,019,200 | ---- | M] (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH) [Kernel | On_Demand | Running] -- C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\MTOnlPktAlyx.sys -- (MTOnlPktAlyX)
DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.04.03 11:02:54 | 000,240,608 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\RsFx0150.sys -- (RsFx0150)
DRV - [2010.01.21 14:53:16 | 000,018,048 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2009.12.30 11:30:56 | 000,007,936 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2009.12.30 11:30:48 | 000,022,016 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2009.12.30 11:30:48 | 000,007,936 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2009.12.22 12:30:46 | 000,019,456 | ---- | M] (LG Soft India) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\LGPII2CDriver.sys -- (LGII2CDevice)
DRV - [2009.12.22 12:30:36 | 000,016,384 | ---- | M] (LG Soft India) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\LGI2CDriver.sys -- (LGDDCDevice)
DRV - [2009.08.05 23:48:42 | 000,054,752 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2008.08.26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008.07.02 21:38:14 | 000,089,600 | R--- | M] (ATI Research Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2008.04.13 20:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2007.09.12 17:24:00 | 000,026,816 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DslTestSp5.sys -- (dsltestSp5)
DRV - [2007.06.26 11:53:54 | 000,013,824 | ---- | M] (T-Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tsmpkt.sys -- (TSMPacket)
DRV - [2007.03.05 07:01:18 | 000,039,184 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btcusb.sys -- (Btcsrusb)
DRV - [2007.03.05 07:00:04 | 000,027,792 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BlueletSCOAudio.sys -- (BlueletSCOAudio)
DRV - [2007.03.05 06:59:04 | 000,018,320 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btnetdrv.sys -- (BT)
DRV - [2007.03.05 06:56:18 | 000,035,600 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\BTHidMgr.sys -- (BTHidMgr)
DRV - [2007.03.05 06:55:12 | 000,020,880 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\vbtenum.sys -- (BTHidEnum)
DRV - [2007.03.05 06:53:18 | 000,044,304 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VcommMgr.sys -- (VcommMgr)
DRV - [2007.03.05 06:52:18 | 000,034,448 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VComm.sys -- (VComm)
DRV - [2007.03.05 06:51:24 | 000,034,576 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\blueletaudio.sys -- (BlueletAudio)
DRV - [2006.11.21 23:41:18 | 000,022,416 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\Programme\IVT Corporation\BlueSoleil\device\Win2k\BTNetFilter.sys -- (BTNetFilter)
DRV - [2006.10.09 16:03:56 | 000,017,152 | ---- | M] (Deutsche Telekom AG, Marmiko IT-Solutions GmbH) [Kernel | On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Marmiko Shared\MInfraIS\MIINPazx.sys -- (MIINPazX)
DRV - [2006.10.04 10:14:26 | 000,017,280 | ---- | M] (Marmiko IT-Solutions GmbH) [Kernel | On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Marmiko Shared\MAcNdis5.sys -- (MACNDIS5)
DRV - [2006.06.01 14:43:56 | 000,043,264 | R--- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HECI.sys -- (HECI) Intel(R)
DRV - [2006.05.26 09:59:12 | 001,177,032 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2005.12.02 19:38:04 | 000,041,728 | ---- | M] (Sonic Focus, Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sfng32.sys -- (sfng32)
DRV - [2005.07.08 16:17:56 | 000,008,704 | ---- | M] (Nero AG) [Recognizer | System | Unknown] -- C:\WINDOWS\System32\drivers\InCDrec.sys -- (InCDrec)
DRV - [2005.07.08 16:17:54 | 000,099,584 | ---- | M] (Nero AG) [File_System | Disabled | Running] -- C:\WINDOWS\System32\drivers\InCDfs.sys -- (InCDfs)
DRV - [2005.07.08 16:17:36 | 000,029,696 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDpass.sys -- (InCDPass)
DRV - [2005.07.08 16:17:31 | 000,028,672 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\InCDrm.sys -- (incdrm)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://isearch.avg.com/?cid={32D669D0-2BC1-4B33-ACBD-84BFD72EC50C}&mid=4fbf632af4de47d09501d15f3026af7b-b36cc4c10a19fda1a6a37effe023b75cffea14f8&lang=en&ds=qw011&pr=sa&d=2012-06-30 17:00:12&v=11.1.0.12&sap=hp
IE - HKCU\..\URLSearchHook: {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\4.7\pdfforgeToolbarIE.dll (Spigot, Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKCU\..\SearchScopes\{0B7670F3-4BA8-4FD9-B9BE-92AB65FAE639}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms}
IE - HKCU\..\SearchScopes\{2529F95D-5CF1-45C2-9FAD-EA470BEEC9C4}: "URL" = hxxp://go.1und1.de/suchbox/1und1suche?su={searchTerms}
IE - HKCU\..\SearchScopes\{335F0779-FE9B-4F7D-A340-FED5EA191C7B}: "URL" = hxxp://search.live.com/results.aspx?FORM=IEFM1&q={searchTerms}&src=IE-SearchBox
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://go.web.de/suchbox/google?q={searchTerms}
IE - HKCU\..\SearchScopes\{6C34B1FE-7653-4092-B69A-C2658982CF44}: "URL" = hxxp://go.web.de/suchbox/ebay?query={searchTerms}
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = hxxp://isearch.avg.com/search?cid={32D669D0-2BC1-4B33-ACBD-84BFD72EC50C}&mid=4fbf632af4de47d09501d15f3026af7b-b36cc4c10a19fda1a6a37effe023b75cffea14f8&lang=en&ds=qw011&pr=sa&d=2012-06-30 17:00:12&v=11.1.0.12&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{CD00894A-82CD-4AC1-9A9C-81C1574EF54D}: "URL" = hxxp://go.1und1.de/suchbox/amazon?tag=1und1icon-21&field-keywords={searchTerms}
IE - HKCU\..\SearchScopes\{F57594AD-0F09-4A72-8650-E74B8D68576F}: "URL" = hxxp://go.web.de/suchbox/google?q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=827316&ilc=12"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.2.26
FF - prefs.js..extensions.enabledItems: pdfforge@mybrowserbar.com:4.7
FF - prefs.js..extensions.enabledItems: wtxpcom@mybrowserbar.com:4.7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:6.0.0.10201
FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=827316&p="
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Programme\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Programme\Gemeinsame Dateien\AVG Secure Search\SiteSafetyInstaller\11.2.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: C:\Programme\Picasa2\npPicasa2.dll File not found
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Programme\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Programme\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Programme\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Programme\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Programme\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Programme\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2010.04.18 18:03:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\avg@toolbar: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVG Secure Search\11.1.0.12\ [2012.06.30 17:00:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.07.13 13:19:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012.07.13 13:19:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Programme\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2010.04.18 18:03:13 | 000,000,000 | ---D | M]
 
[2011.02.02 10:28:04 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Mozilla\Extensions
[2012.06.26 13:04:29 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Mozilla\Firefox\Profiles\xbw050n0.default\extensions
[2011.02.05 16:28:30 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Mozilla\Firefox\Profiles\xbw050n0.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012.07.13 13:19:20 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.06.12 08:51:40 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.06.15 00:19:07 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2011.10.03 06:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\mozilla firefox\plugins\npdeployJava1.dll
[2012.06.15 00:46:57 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.06.30 17:00:03 | 000,003,750 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\avg-secure-search.xml
[2012.06.15 00:46:56 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2012.06.15 00:46:57 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.15 00:46:57 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.15 00:46:57 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.15 00:46:56 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: 1und1 Suche ()
CHR - default_search_provider: search_url = hxxp://go.1und1.de/suchbox/1und1suche?su={searchTerms}
CHR - default_search_provider: suggest_url = 
CHR - homepage: hxxp://www.google.com
 
O1 HOSTS File: ([2011.12.23 13:13:18 | 000,440,018 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: 127.0.0.1	www.007guard.com
O1 - Hosts: 127.0.0.1	007guard.com
O1 - Hosts: 127.0.0.1	008i.com
O1 - Hosts: 127.0.0.1	www.008k.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	www.00hq.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	010402.com
O1 - Hosts: 127.0.0.1	www.032439.com
O1 - Hosts: 127.0.0.1	032439.com
O1 - Hosts: 127.0.0.1	www.0scan.com
O1 - Hosts: 127.0.0.1	0scan.com
O1 - Hosts: 127.0.0.1	1000gratisproben.com
O1 - Hosts: 127.0.0.1	www.1000gratisproben.com
O1 - Hosts: 127.0.0.1	www.1001namen.com
O1 - Hosts: 127.0.0.1	1001namen.com
O1 - Hosts: 127.0.0.1	www.100888290cs.com
O1 - Hosts: 127.0.0.1	100888290cs.com
O1 - Hosts: 127.0.0.1	www.100sexlinks.com
O1 - Hosts: 127.0.0.1	100sexlinks.com
O1 - Hosts: 127.0.0.1	www.10sek.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	www.1-2005-search.com
O1 - Hosts: 127.0.0.1	1-2005-search.com
O1 - Hosts: 15128 more lines...
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Ad-Aware Security Toolbar) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Programme\adawaretb\adawareDx.dll ()
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Programme\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\4.7\pdfforgeToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (no name) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No CLSID value found.
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Programme\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (1&&1 Internet AG Browser Configuration by mquadr.at) - {D48FF4B4-E68F-47D1-8E25-81A0F0EEB341} - C:\WINDOWS\system32\ieconfig_1und1.dll (mquadr.at software engineering und consulting GmbH)
O3 - HKLM\..\Toolbar: (Ad-Aware Security Toolbar) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Programme\adawaretb\adawareDx.dll ()
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Programme\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Programme\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\4.7\pdfforgeToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4 - HKLM..\Run: [Ad-Aware Antivirus] C:\Programme\Ad-Aware Antivirus\AdAwareLauncher.exe (Lavasoft Limited)
O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [IntelAudioStudio] C:\Programme\Intel Audio Studio\IntelAudioStudio.exe (Intel Corporation)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [msonem] rundll32.exe "C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\msonem.dll",CleanupGlobalTempFiles File not found
O4 - HKLM..\Run: [SigmatelSysTrayApp] sttray.exe File not found
O4 - HKLM..\Run: [StartCCC] C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [ToADiMon.exe] C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToADiMon.exe (Deutsche Telekom AG, Marmiko IT-Solutions GmbH)
O4 - HKLM..\Run: [vProt] C:\Programme\AVG Secure Search\vprot.exe ()
O4 - HKCU..\Run: [PowerBar]  File not found
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\EasySetPackage.lnk = C:\Programme\LG Soft India\EasySetPackage\bin\EasySetPackage.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Add to Windows &Live Favorites - hxxp://favorites.live.com/quickadd.aspx File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O12 - Plugin for: .spop - C:\Programme\Internet Explorer\PLUGINS\NPDocBox.dll (Intertrust Technologies, Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {AED98630-0251-4E83-917D-43A23D66D507} hxxp://activex.microgaming.com/DLHelper/version7/DLHelper.cab (Download Helper Class)
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} hxxp://ax.emsisoft.com/asquared.cab (a-squared Scanner)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} hxxp://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx (CRLDownloadWrapper Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Programme\Gemeinsame Dateien\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll ()
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.30 20:12:42 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.07.15 17:03:34 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Besitzer\Desktop\OTL.exe
[2012.07.15 16:42:31 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Besitzer\Eigene Dateien\OTL.exe
[2012.07.15 16:02:18 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\CCleaner
[2012.07.15 16:01:59 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner
[2012.07.15 16:00:15 | 003,889,704 | ---- | C] (Piriform Ltd) -- C:\Dokumente und Einstellungen\Besitzer\Eigene Dateien\ccsetup320.exe
[2012.07.13 13:19:42 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Mozilla
[2012.07.13 13:19:41 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Maintenance Service
[2012.07.05 07:01:12 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Ad-Aware Antivirus
[2012.07.04 20:55:20 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Anwendungsdaten\adaware
[2012.07.04 16:50:08 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Ad-Aware Antivirus
[2012.07.04 16:50:07 | 000,093,816 | ---- | C] (GFI Software) -- C:\WINDOWS\System32\drivers\sbhips.sys
[2012.07.04 16:50:07 | 000,077,816 | ---- | C] (GFI Software) -- C:\WINDOWS\System32\drivers\sbapifs.sys
[2012.07.04 16:50:07 | 000,021,240 | ---- | C] (GFI Software) -- C:\WINDOWS\System32\drivers\sbaphd.sys
[2012.07.04 16:50:06 | 000,217,976 | ---- | C] (GFI Software) -- C:\WINDOWS\System32\drivers\sbtis.sys
[2012.07.04 16:49:47 | 000,094,584 | ---- | C] (GFI Software) -- C:\WINDOWS\System32\drivers\SbFwIm.sys
[2012.07.04 16:49:45 | 000,335,224 | ---- | C] (GFI Software) -- C:\WINDOWS\System32\drivers\SbFw.sys
[2012.07.04 16:49:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\VDD
[2012.07.04 16:49:39 | 000,000,000 | ---D | C] -- C:\Programme\Ad-Aware Antivirus
[2012.07.04 16:39:39 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Ad-Aware Antivirus
[2012.07.04 16:39:26 | 006,236,280 | ---- | C] (Lavasoft Limited) -- C:\Dokumente und Einstellungen\Besitzer\Eigene Dateien\Adaware_Installer.exe
[2012.06.30 17:01:10 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Besitzer\Eigene Dateien\Any Video Converter
[2012.06.30 17:00:52 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\AnvSoft
[2012.06.30 17:00:33 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Anwendungsdaten\AVG Secure Search
[2012.06.30 17:00:13 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\AVG Secure Search
[2012.06.30 17:00:10 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVG Secure Search
[2012.06.30 17:00:06 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\AVG Secure Search
[2012.06.30 17:00:05 | 000,000,000 | ---D | C] -- C:\Programme\AVG Secure Search
[2012.06.30 16:58:49 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Common Files
[2012.06.30 16:58:41 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\AnvSoft
[2012.06.30 16:58:27 | 000,000,000 | ---D | C] -- C:\Programme\AnvSoft
[2012.06.30 16:57:17 | 029,522,488 | ---- | C] (Any-Video-Converter.com                                     ) -- C:\Dokumente und Einstellungen\Besitzer\Eigene Dateien\avc-free.exe
[2012.06.21 17:16:51 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\QuickTime
[2012.06.21 17:16:31 | 000,000,000 | ---D | C] -- C:\Programme\QuickTime
[2012.06.21 17:14:27 | 000,000,000 | ---D | C] -- C:\Programme\Apple Software Update
[2012.06.06 09:58:51 | 033,269,216 | ---- | C] (RIB Software AG                                             ) -- C:\Dokumente und Einstellungen\Besitzer\avasign400.exe
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.07.15 20:19:34 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012.07.15 19:48:00 | 000,001,090 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012.07.15 17:03:40 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Besitzer\Desktop\OTL.exe
[2012.07.15 17:03:38 | 010,280,390 | ---- | M] () -- C:\Dokumente und Einstellungen\Besitzer\Eigene Dateien\vlc-0.8.6d-win32.exe
[2012.07.15 16:42:34 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Besitzer\Eigene Dateien\OTL.exe
[2012.07.15 16:33:42 | 000,004,096 | ---- | M] () -- C:\WINDOWS\System32\crash
[2012.07.15 16:29:34 | 000,000,756 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.07.15 16:24:04 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.07.15 16:21:41 | 000,001,587 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Ad-Aware Antivirus.lnk
[2012.07.15 16:21:31 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012.07.15 16:21:27 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.07.15 16:02:17 | 000,000,654 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\CCleaner.lnk
[2012.07.15 16:00:21 | 003,889,704 | ---- | M] (Piriform Ltd) -- C:\Dokumente und Einstellungen\Besitzer\Eigene Dateien\ccsetup320.exe
[2012.07.15 15:02:18 | 000,027,423 | ---- | M] () -- C:\Dokumente und Einstellungen\Besitzer\Desktop\Fenster-Zus-st._2012-07-15.pdf
[2012.07.15 15:02:13 | 000,089,199 | ---- | M] () -- C:\Dokumente und Einstellungen\Besitzer\Desktop\Fe-Detail-3_Müller_2012-07-14.pdf
[2012.07.15 15:02:10 | 000,150,405 | ---- | M] () -- C:\Dokumente und Einstellungen\Besitzer\Desktop\Fe-Detail-2_Müller_2012-07-14.pdf
[2012.07.15 15:02:05 | 000,177,689 | ---- | M] () -- C:\Dokumente und Einstellungen\Besitzer\Desktop\Fe-Detail-1_Müller_2012-07-14.pdf
[2012.07.15 13:19:00 | 000,001,044 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2012.07.15 12:00:02 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Antivirus Scheduled Scan.job
[2012.07.13 13:24:17 | 000,289,758 | ---- | M] () -- C:\Dokumente und Einstellungen\Besitzer\Desktop\geprüfte 1. ARE Fa. Meier.pdf
[2012.07.13 13:24:15 | 000,144,889 | ---- | M] () -- C:\Dokumente und Einstellungen\Besitzer\Desktop\Rechnungsprüfung 1. ARE Fa. Meier.pdf
[2012.07.13 13:19:46 | 000,000,696 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Mozilla Firefox.lnk
[2012.07.13 09:05:00 | 000,000,470 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2012.07.13 08:40:35 | 004,503,728 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\go_0molg.pad
[2012.07.12 22:43:33 | 000,001,904 | ---- | M] () -- C:\Dokumente und Einstellungen\Besitzer\Desktop\Entfernen des Avira DE-Cleaners.lnk
[2012.07.12 22:43:33 | 000,001,833 | ---- | M] () -- C:\Dokumente und Einstellungen\Besitzer\Desktop\Avira DE-Cleaner.lnk
[2012.07.12 22:43:19 | 000,883,840 | ---- | M] () -- C:\Dokumente und Einstellungen\Besitzer\Eigene Dateien\Avira-DE-Cleaner.exe
[2012.07.12 18:24:20 | 000,001,616 | ---- | M] () -- C:\Dokumente und Einstellungen\Besitzer\Startmenü\Programme\Autostart\ctfmon.lnk
[2012.07.12 11:41:40 | 000,002,243 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Skype.lnk
[2012.07.11 10:43:48 | 002,545,098 | ---- | M] () -- C:\Dokumente und Einstellungen\Besitzer\Desktop\S36C-112071109520.pdf
[2012.07.11 08:44:05 | 000,155,568 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012.07.11 08:26:45 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012.07.10 16:38:44 | 000,348,122 | ---- | M] () -- C:\Dokumente und Einstellungen\Besitzer\Desktop\Fensterverkleinert.bmp
[2012.07.10 10:47:36 | 000,018,436 | ---- | M] () -- C:\Dokumente und Einstellungen\Besitzer\Desktop\heid88113956.pdf
[2012.07.10 07:19:02 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012.07.06 18:21:21 | 003,294,778 | ---- | M] () -- C:\Dokumente und Einstellungen\Besitzer\Desktop\120130_Planung_FE_NW_10a.pdf
[2012.07.06 18:21:14 | 000,618,000 | ---- | M] () -- C:\Dokumente und Einstellungen\Besitzer\Desktop\120228_ANS_S+N.pdf
[2012.07.06 18:21:10 | 000,682,125 | ---- | M] () -- C:\Dokumente und Einstellungen\Besitzer\Desktop\120627_Angebotsanfr_FE_NW-10a.pdf
[2012.07.06 18:12:22 | 000,152,379 | ---- | M] () -- C:\Dokumente und Einstellungen\Besitzer\Desktop\Details BV Bennewitz.pdf
[2012.07.06 17:56:58 | 000,169,984 | ---- | M] () -- C:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.07.04 20:55:46 | 000,000,012 | ---- | M] () -- C:\Dokumente und Einstellungen\Besitzer\Eigene Dateien\FSSC.dat
[2012.07.04 16:39:35 | 006,236,280 | ---- | M] (Lavasoft Limited) -- C:\Dokumente und Einstellungen\Besitzer\Eigene Dateien\Adaware_Installer.exe
[2012.07.04 09:49:03 | 000,028,229 | ---- | M] () -- C:\Dokumente und Einstellungen\Besitzer\Desktop\LV Auszug Bürgerhaus ME Küchen.pdf
[2012.07.04 08:59:58 | 000,262,790 | ---- | M] () -- C:\Dokumente und Einstellungen\Besitzer\Desktop\Bürgerhaus ME Teeküche OG.pdf
[2012.07.04 08:59:18 | 000,385,603 | ---- | M] () -- C:\Dokumente und Einstellungen\Besitzer\Desktop\Bürgerhaus ME Küche DG.pdf
[2012.07.04 08:58:46 | 000,377,355 | ---- | M] () -- C:\Dokumente und Einstellungen\Besitzer\Desktop\Bürgerhaus ME Küche EG.pdf
[2012.07.04 07:43:19 | 000,158,182 | ---- | M] () -- C:\Dokumente und Einstellungen\Besitzer\Desktop\MerkblattThermischerSpannungsbruch_132089_DE.pdf
[2012.07.03 16:39:16 | 001,213,078 | ---- | M] () -- C:\Dokumente und Einstellungen\Besitzer\Desktop\Preisliste_2012 Cortex.pdf
[2012.07.03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012.07.03 09:08:00 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\rp_stats.dat
[2012.07.03 09:08:00 | 000,000,044 | ---- | M] () -- C:\WINDOWS\System32\rp_rules.dat
[2012.07.02 12:02:35 | 000,270,586 | ---- | M] () -- C:\Dokumente und Einstellungen\Besitzer\Desktop\133603.pdf
[2012.06.30 16:58:00 | 029,522,488 | ---- | M] (Any-Video-Converter.com                                     ) -- C:\Dokumente und Einstellungen\Besitzer\Eigene Dateien\avc-free.exe
[2012.06.28 17:26:00 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2012.06.21 17:16:51 | 000,001,584 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\QuickTime Player.lnk
[2012.06.21 16:58:38 | 000,156,107 | ---- | M] () -- C:\Dokumente und Einstellungen\Besitzer\Desktop\Angebot.pdf
[2012.06.20 12:53:41 | 000,073,653 | ---- | M] () -- C:\Dokumente und Einstellungen\Besitzer\Desktop\Aufheizprotokoll und CM Messung Caliebe.pdf
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.07.15 16:02:16 | 000,000,654 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\CCleaner.lnk
[2012.07.15 15:02:18 | 000,027,423 | ---- | C] () -- C:\Dokumente und Einstellungen\Besitzer\Desktop\Fenster-Zus-st._2012-07-15.pdf
[2012.07.15 15:02:13 | 000,089,199 | ---- | C] () -- C:\Dokumente und Einstellungen\Besitzer\Desktop\Fe-Detail-3_Müller_2012-07-14.pdf
[2012.07.15 15:02:09 | 000,150,405 | ---- | C] () -- C:\Dokumente und Einstellungen\Besitzer\Desktop\Fe-Detail-2_Müller_2012-07-14.pdf
[2012.07.15 15:02:02 | 000,177,689 | ---- | C] () -- C:\Dokumente und Einstellungen\Besitzer\Desktop\Fe-Detail-1_Müller_2012-07-14.pdf
[2012.07.13 13:24:17 | 000,289,758 | ---- | C] () -- C:\Dokumente und Einstellungen\Besitzer\Desktop\geprüfte 1. ARE Fa. Meier.pdf
[2012.07.13 13:24:13 | 000,144,889 | ---- | C] () -- C:\Dokumente und Einstellungen\Besitzer\Desktop\Rechnungsprüfung 1. ARE Fa. Meier.pdf
[2012.07.13 13:19:46 | 000,000,702 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Mozilla Firefox.lnk
[2012.07.12 22:43:33 | 000,001,904 | ---- | C] () -- C:\Dokumente und Einstellungen\Besitzer\Desktop\Entfernen des Avira DE-Cleaners.lnk
[2012.07.12 22:43:32 | 000,001,833 | ---- | C] () -- C:\Dokumente und Einstellungen\Besitzer\Desktop\Avira DE-Cleaner.lnk
[2012.07.12 22:43:18 | 000,883,840 | ---- | C] () -- C:\Dokumente und Einstellungen\Besitzer\Eigene Dateien\Avira-DE-Cleaner.exe
[2012.07.12 18:24:20 | 000,001,616 | ---- | C] () -- C:\Dokumente und Einstellungen\Besitzer\Startmenü\Programme\Autostart\ctfmon.lnk
[2012.07.12 18:24:19 | 004,503,728 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\go_0molg.pad
[2012.07.11 10:43:44 | 002,545,098 | ---- | C] () -- C:\Dokumente und Einstellungen\Besitzer\Desktop\S36C-112071109520.pdf
[2012.07.10 16:38:43 | 000,348,122 | ---- | C] () -- C:\Dokumente und Einstellungen\Besitzer\Desktop\Fensterverkleinert.bmp
[2012.07.10 10:47:35 | 000,018,436 | ---- | C] () -- C:\Dokumente und Einstellungen\Besitzer\Desktop\heid88113956.pdf
[2012.07.06 18:21:16 | 003,294,778 | ---- | C] () -- C:\Dokumente und Einstellungen\Besitzer\Desktop\120130_Planung_FE_NW_10a.pdf
[2012.07.06 18:21:13 | 000,618,000 | ---- | C] () -- C:\Dokumente und Einstellungen\Besitzer\Desktop\120228_ANS_S+N.pdf
[2012.07.06 18:21:09 | 000,682,125 | ---- | C] () -- C:\Dokumente und Einstellungen\Besitzer\Desktop\120627_Angebotsanfr_FE_NW-10a.pdf
[2012.07.06 18:12:22 | 000,152,379 | ---- | C] () -- C:\Dokumente und Einstellungen\Besitzer\Desktop\Details BV Bennewitz.pdf
[2012.07.05 07:03:11 | 000,001,086 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Antivirus Scheduled Scan.job
[2012.07.04 20:55:46 | 000,000,012 | ---- | C] () -- C:\Dokumente und Einstellungen\Besitzer\Eigene Dateien\FSSC.dat
[2012.07.04 16:50:09 | 000,001,587 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Ad-Aware Antivirus.lnk
[2012.07.04 09:48:59 | 000,028,229 | ---- | C] () -- C:\Dokumente und Einstellungen\Besitzer\Desktop\LV Auszug Bürgerhaus ME Küchen.pdf
[2012.07.04 08:59:58 | 000,262,790 | ---- | C] () -- C:\Dokumente und Einstellungen\Besitzer\Desktop\Bürgerhaus ME Teeküche OG.pdf
[2012.07.04 08:59:18 | 000,385,603 | ---- | C] () -- C:\Dokumente und Einstellungen\Besitzer\Desktop\Bürgerhaus ME Küche DG.pdf
[2012.07.04 08:58:46 | 000,377,355 | ---- | C] () -- C:\Dokumente und Einstellungen\Besitzer\Desktop\Bürgerhaus ME Küche EG.pdf
[2012.07.04 07:43:18 | 000,158,182 | ---- | C] () -- C:\Dokumente und Einstellungen\Besitzer\Desktop\MerkblattThermischerSpannungsbruch_132089_DE.pdf
[2012.07.03 16:39:14 | 001,213,078 | ---- | C] () -- C:\Dokumente und Einstellungen\Besitzer\Desktop\Preisliste_2012 Cortex.pdf
[2012.07.02 12:02:34 | 000,270,586 | ---- | C] () -- C:\Dokumente und Einstellungen\Besitzer\Desktop\133603.pdf
[2012.06.21 17:16:51 | 000,001,584 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\QuickTime Player.lnk
[2012.06.21 17:14:34 | 000,000,276 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012.06.21 17:14:29 | 000,001,830 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Apple Software Update.lnk
[2012.06.21 16:58:37 | 000,156,107 | ---- | C] () -- C:\Dokumente und Einstellungen\Besitzer\Desktop\Angebot.pdf
[2012.06.20 12:53:41 | 000,073,653 | ---- | C] () -- C:\Dokumente und Einstellungen\Besitzer\Desktop\Aufheizprotokoll und CM Messung Caliebe.pdf
[2012.04.26 12:19:53 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2012.04.26 12:19:51 | 000,601,728 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2012.04.26 12:19:51 | 000,000,003 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2012.04.12 07:59:02 | 000,000,037 | ---- | C] () -- C:\WINDOWS\System32\RBuilder.ini
[2012.02.16 08:07:43 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011.05.15 01:42:26 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2011.05.15 01:42:26 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
[2011.05.04 13:25:32 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\LGErrorHandler.dll
[2011.03.09 11:16:42 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2011.02.02 09:28:30 | 000,003,565 | ---- | C] () -- C:\Dokumente und Einstellungen\Besitzer\.recently-used.xbel
[2010.12.25 16:09:07 | 000,029,376 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010.04.14 13:52:15 | 000,000,616 | ---- | C] () -- C:\Dokumente und Einstellungen\Besitzer\BieterModul.ini
[2009.03.07 13:13:10 | 000,282,606 | ---- | C] () -- C:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Anwendungsdaten\mkici_nav.dat
[2009.03.07 13:12:40 | 000,003,021 | ---- | C] () -- C:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Anwendungsdaten\mkici.dat
[2009.03.07 13:12:40 | 000,001,920 | ---- | C] () -- C:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Anwendungsdaten\mkici_navps.dat
[2006.10.20 17:55:27 | 000,169,984 | ---- | C] () -- C:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006.10.06 07:05:24 | 000,000,141 | ---- | C] () -- C:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2006.10.02 19:07:17 | 000,040,960 | ---- | C] () -- C:\Programme\Uninstall_CDS.exe
[2006.09.30 21:32:18 | 000,000,305 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\addr_file.html
[2006.09.30 20:59:21 | 000,016,896 | ---- | C] () -- C:\Programme\Gemeinsame Dateien\so_icon_lib.dll
 
========== LOP Check ==========
 
[2012.07.04 20:55:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ad-Aware Browsing Protection
[2012.07.12 18:13:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVG Secure Search
[2007.11.21 18:33:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Bluetooth
[2010.12.23 08:50:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Buhl Data Service GmbH
[2012.06.30 16:58:49 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Common Files
[2009.03.03 18:53:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\IEConfiguration1und1
[2009.01.04 15:41:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\IsolatedStorage
[2007.10.10 16:15:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MGS
[2010.04.18 18:00:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\OviInstallerCache
[2010.04.18 18:09:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Suite
[2012.04.15 11:05:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\RavensburgerTipToi
[2009.03.30 12:11:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\T-Online
[2009.03.30 12:11:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\T-Online DSL-Manager
[2006.10.05 23:10:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ulead Systems
[2011.03.14 15:35:41 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{411234A5-A7C5-4628-A4D3-64C942F8C38C}
[2010.12.25 15:58:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2007.06.16 08:18:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\1&1
[2012.07.06 07:33:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Ad-Aware Antivirus
[2011.11.17 22:01:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\adawaretb
[2012.06.30 17:00:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\AnvSoft
[2012.06.30 17:00:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\AVG Secure Search
[2010.12.23 08:50:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Buhl Data Service
[2011.02.01 08:14:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Buhl Data Service GmbH
[2011.06.17 07:12:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Foxit Software
[2011.02.02 09:28:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\gtk-2.0
[2010.05.23 15:16:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Imaxel
[2006.10.02 23:33:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\InterTrust
[2006.09.30 20:59:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\InterVideo
[2009.03.27 12:14:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Leadertech
[2011.02.01 08:14:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\LetsTrade
[2010.04.18 18:10:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Nokia
[2011.04.18 16:46:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\ntr
[2011.09.10 14:27:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\PC Suite
[2011.03.11 12:20:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\pdfforge
[2012.04.12 10:28:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\RavensburgerTipToi
[2011.11.02 17:23:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Search Settings
[2009.01.04 15:42:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\sizling
[2009.04.01 07:01:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\T-Online
[2012.04.26 12:01:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\TeamViewer
[2012.07.15 12:00:02 | 000,001,086 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Antivirus Scheduled Scan.job
[2012.07.13 09:05:00 | 000,000,470 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
 
========== Purity Check ==========
 
 

< End of report >
         
Code:
ATTFilter
OTL Extras logfile created on: 15.07.2012 18:25:53 - Run 1
OTL by OldTimer - Version 3.2.54.0     Folder = C:\Dokumente und Einstellungen\Besitzer\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,98 Gb Total Physical Memory | 1,44 Gb Available Physical Memory | 72,66% Memory free
3,83 Gb Paging File | 3,17 Gb Available in Paging File | 82,84% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 232,88 Gb Total Space | 45,12 Gb Free Space | 19,38% Space Free | Partition Type: NTFS
 
Computer Name: MEIER | User Name: Besitzer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = htmlfile] -- c:\programme\t-online\t-online_software_6\browser\Browser.exe (Deutsche Telekom AG)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [open] -- c:\programme\t-online\t-online_software_6\browser\Browser.exe "%1" (Deutsche Telekom AG)
htmlfile [opennew] -- c:\programme\t-online\t-online_software_6\browser\Browser.exe "%1" (Deutsche Telekom AG)
http [open] -- c:\programme\t-online\t-online_software_6\browser\Browser.exe "%1" (Deutsche Telekom AG)
https [open] -- c:\programme\t-online\t-online_software_6\browser\Browser.exe "%1" (Deutsche Telekom AG)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1391:UDP" = 1391:UDP:*:Enabled:Windows Media Format SDK (BROWSER.EXE)
"1390:UDP" = 1390:UDP:*:Enabled:Windows Media Format SDK (BROWSER.EXE)
"1398:UDP" = 1398:UDP:*:Enabled:Windows Media Format SDK (BROWSER.EXE)
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\VectorWorks 11\VectorWorks.exe" = C:\Programme\VectorWorks 11\VectorWorks.exe:*:Disabled:VectorWorks Application -- (Nemetschek North America, Inc.)
"C:\Programme\eMule\emule.exe" = C:\Programme\eMule\emule.exe:*:Enabled:eMule
"C:\Programme\IVT Corporation\BlueSoleil\BlueSoleil.exe" = C:\Programme\IVT Corporation\BlueSoleil\BlueSoleil.exe:*:Enabled:BlueSoleil -- (IVT Corporation.)
"C:\Programme\TVUPlayer\TVUPlayer.exe" = C:\Programme\TVUPlayer\TVUPlayer.exe:*:Enabled:TVUPlayer Component
"C:\Programme\T-Online\T-Online_Software_6\Browser\dlman.exe" = C:\Programme\T-Online\T-Online_Software_6\Browser\dlman.exe:*:Enabled:T-Online Browser 6.0 Download Manager -- (Deutsche Telekom AG)
"C:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Temporary Internet Files\Content.IE5\0I9LGFTL\NTRsupport_99503[1].exe" = C:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Temporary Internet Files\Content.IE5\0I9LGFTL\NTRsupport_99503[1].exe:*:Enabled:NTRsupport
"C:\Programme\Google\Google Earth\client\googleearth.exe" = C:\Programme\Google\Google Earth\client\googleearth.exe:*:Disabled:Google Earth -- (Google)
"C:\Programme\Google\Google Earth\plugin\geplugin.exe" = C:\Programme\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth -- (Google)
"C:\Programme\adawaretb\dtUser.exe" = C:\Programme\adawaretb\dtUser.exe:*:Enabled:Ad-Aware Security Toolbar DTX Broker -- (Visicom Media Inc.)
"C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00DF228D-0F08-9C76-F2D9-2FB5000439EB}" = CCC Help Thai
"{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (CANTOR2005)
"{03D375B0-8750-5182-0F7A-2E7478EB53F6}" = CCC Help Finnish
"{03D4C700-2BFE-43E0-A0B4-9512B43C5B9F}" = Catalyst Control Center - Branding
"{04B7FE00-9D1E-FAB5-6AE3-9570CCF43058}" = CCC Help Japanese
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{07AC654E-38B1-410A-E655-7C7D975F9986}" = Catalyst Control Center InstallProxy
"{0A0873E1-D9BA-4994-B85D-A0A331EF1F0C}" = Intel(R) PRO Network Connections
"{0AF50818-4920-620E-C71B-7EE0440AE1EC}" = CCC Help Korean
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{11CF3ABC-DFB0-47DE-B31F-71CB995A12D7}_is1" = Mein Büro
"{13CEE5F4-1E7D-44F8-B77E-6B805680863F}" = Microsoft SQL Server 2008 R2 Native Client
"{1559D65C-9467-4CC7-B826-6CEFB73A6E45}" = Premium VoIP Offers
"{173C262F-8474-4118-8BF3-02BFDFA00AC9}" = UPE2009
"{18EC172E-2FBB-1C87-36D5-D87C3FF393D3}" = CCC Help French
"{1902A37F-C3F4-4984-AD67-81309B3B2E64}" = Diskeeper Home Edition
"{1962E9F3-7870-DA54-3A18-2669DF9DE216}" = ccc-utility
"{1C01FF9E-2267-4100-AD37-9162D698D160}" = Cantor 2010.2 Prerequisites
"{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Earth
"{1D9B22F5-D40C-38FA-46E4-11D8E0F0CB95}" = CCC Help Polish
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = Multimedia Launcher
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{21082652-1361-FA14-14C2-6048A6B30209}" = CCC Help Chinese Standard
"{2205E3A5-DCDC-461D-8ED6-D6F2341D3B64}" = Intel Audio Studio 2.0
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{22CFB202-3D2D-44E2-BB7C-6F703B99919B}" = pdfforge Toolbar v4.7
"{240D4AC7-F7BC-4B51-898E-E4CB86485ECE}" = Intel Audio Studio 2.0
"{24A4214B-819F-D5C8-3EB6-23098FD0E7E4}" = CCC Help Turkish
"{266725C1-716F-43AC-BBFB-4201131ED656}" = EasySetPackage
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 29
"{295C31E5-3F91-498E-9623-DA24D2FA2B6A}" = T-Online WLAN-Access Finder
"{29C699E7-103E-4DB0-BEBC-EEC36F24FDDC}" = UPE2011
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2D2B857A-2D9A-62EC-0C8B-143A67D44BAA}" = CCC Help Spanish
"{2EF095CE-24AF-4AAA-BB82-85F988EC51C0}" = 1und1 Internet Explorer Add-On
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{34F0D55F-C386-4195-9A5B-961D3F6ACD46}" = InterVideo MediaOne Gallery
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{356B2830-696A-888B-F501-9223ABF478FB}" = CCC Help Czech
"{3DECEA7E-BC27-5B1D-10CE-CB1BBA0DD4CA}" = Catalyst Control Center Graphics Previews Common
"{4112625F-2D38-49EF-924F-48511BC5CD34}" = SQL Server 2008 R2 Database Engine Services
"{41245369-03C6-873A-0E5A-F5296A1213B9}" = CCC Help Hungarian
"{41FADB1B-BCF0-4D97-8A6D-EC7A4A9E021E}" = Cantor Crystal Reports 10 Components
"{45EB96EE-AC25-5797-FAC5-78025043708F}" = Catalyst Control Center
"{47BE41E6-2F0F-4D17-9C2D-3850FFD9D405}" = Microsoft SQL Server VSS Writer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}" = Adobe® Photoshop® Album Starter Edition 3.0
"{4C9D82EB-9001-4E59-8F64-0BEEE5F4A30A}" = SQL Server 2008 R2 Database Engine Shared
"{4E1CD3D5-D4EE-4246-AE24-F0FD5A60390D}" = OviMPlatform
"{4FFD1AB4-54F0-4069-88D9-3A55B38F874B}" = Nokia Ovi Suite Software Updater
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{59CB0414-01D1-D394-5CD7-8A6845F45947}" = CCC Help Italian
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5A79D3F9-1EB9-424A-A4EB-721677E56740}" = Install Intel Desktop Utilities
"{60DED9C2-22BF-47A3-B6C8-6B141BA31DFD}" = Ovi Desktop Sync Engine
"{66615E72-0F55-4D4F-8320-DF89ABB39A95}" = Cantor Crystal Reports 11.5 Components
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6E0B6D9B-9C27-095E-33CE-057D2677C80F}" = CCC Help Russian
"{6FFC6CC9-56B4-428C-ADAF-AFEBF896EA22}" = Cantor Crystal Reports 11.5 Components V3
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{72DE3C67-FB48-450E-8BEA-4EB1B3B5355D}" = Microsoft SQL Server 2008 R2 Setup (English)
"{7397EDED-F38A-4654-B669-BF61065803D0}" = PC Connectivity Solution
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7803FC29-BB90-F52B-13F6-BC480DFB0ACD}" = CCC Help Swedish
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7ACCB284-D190-411B-B1B9-1DBD4BFDACE1}" = Unilux Partner EDV
"{7C8EAD2B-A954-4F73-AAFC-C3EC60D49ADA}" = Microsoft SQL Server 2008 R2 RsFx Driver
"{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent
"{841AEB60-5A7E-481E-93AD-F456065DE2F1}" = Cantor 2006.1 Prerequisites
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{881F5DE8-9367-4B81-A325-E91BBC6472F9}" = iTunes
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{8E9D738A-2C30-4574-90FE-E6B4F6065D48}" = Bluesoleil3.2.2.8 Release 070421
"{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders  (German) 12
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90A455A7-0FC8-4508-B7FA-8F135B8F041A}" = DSL-Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{911FEE13-483C-CABD-B024-993E97A07F18}" = CCC Help Dutch
"{93998800-1608-403F-9A51-420A77D23C25}" = Sql Server Customer Experience Improvement Program
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{986D042E-5211-3D34-0DB0-2FB3FFF00C39}" = CCC Help Danish
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A057B18B-71F3-7C99-5948-7727EC9C0923}" = CCC Help Portuguese
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{ABB2901A-3D0A-4F21-8324-2F13C3EFE163}" = LightScribe  1.4.62.1
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.1 - Deutsch
"{ACD8576E-C02F-0118-9D06-2E65BCEC3540}" = CCC Help English
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B1275E23-717A-4D52-997A-1AD1E24BC7F3}" = T-Online 6.0
"{B4089055-D468-45A4-A6BA-5A138DD715FC}" = Bing Bar
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{B8E9F8A1-9F4D-43D5-ABD6-1DF067FAA469}" = SQL Server 2008 R2 Database Engine Services
"{B97CF5C3-0487-11D8-A36E-0050BAE317E1}" = DVD Solution
"{B9C9DB4C-6D77-4AE9-AD1C-C708C23239A0}" = Nokia Connectivity Cable Driver
"{BBAAAD82-6242-420F-86D4-BD72BB5E6C86}" = Tools für Microsoft SQL Server 2005 Express Edition
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BF9BF038-FE03-429D-9B26-2FA0FD756052}" = Microsoft SQL Server Browser
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{CACEA8C8-3D38-4F51-953D-1E6FC3346FEF}" = SQL Server 2008 R2 Common Files
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CBBEDBF2-0095-A8BD-891E-E3245D388F90}" = CCC Help German
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D158588C-B6A4-636B-2A24-38C15EAD2D5C}" = Catalyst Control Center Localization All
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D441BD04-E548-4F8E-97A4-1B66135BAAA8}" = Microsoft SQL Server 2008 Setup Support Files 
"{D638323B-6AEF-4190-ABB4-AF2F4AFE75DB}" = Cantor 2008.2 Prerequisites
"{D67107F9-3DFB-9D54-434B-028CA4F1ADF2}" = AMD Catalyst Install Manager
"{DBBD6080-FB66-FD07-EE8B-7B0D5EA509A9}" = CCC Help Chinese Traditional
"{DEE1E2E5-B553-4F88-9DE7-23CBEA5D739C}" = Nokia Ovi Suite
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.9
"{EFCEF949-9821-4759-A573-3EB8C857DF46}" = Windows Live Family Safety
"{F021CC0C-21C3-4038-AA4A-6E3CBC669CE8}" = SQL Server 2008 R2 Database Engine Shared
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F46E21DF-5BE1-48E2-8390-5EEA8B25E36A}" = Microsoft SQL Server Native Client
"{F89FD8CD-FC96-4F75-8376-3C3C292907D5}" = Intel Special Offers
"{FB53C441-9BF0-30F4-6537-F7A3F26058C5}" = CCC Help Norwegian
"{fc8208f2-b1c1-4253-9e89-d518e983b7bb}" = Ad-Aware Antivirus
"{FC835376-FF3B-4CAA-83E0-2148B3FB7C98}" = SQL Server 2008 R2 Common Files
"{FF34CC98-7A5D-FDA1-3EE9-CF628A45EA4F}" = CCC Help Greek
"1&1 EasyLogin" = 1&1 EasyLogin
"1und1 Internet Explorer Add-On" = 1und1 Internet Explorer Add-On
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0)
"Ad-Aware Browsing Protection" = Ad-Aware Browsing Protection
"adawaretb" = Ad-Aware Security Toolbar
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Any Video Converter_is1" = Any Video Converter 3.3.9
"ava-sign 4.2.10.1919_is1" = ava-sign 4.2.10.1919                                        -
"ava-sign 4.2.7.1832_is1" = ava-sign 4.2.7.1832
"AVG Secure Search" = AVG Security Toolbar
"Avira AntiVir Desktop" = Avira Free Antivirus
"CadStd" = CadStd
"CCleaner" = CCleaner
"Fotobuchexpress24 - Fotobuch" = Fotobuchexpress24 - Fotobuch
"Google Updater" = Google Updater
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HECI" = Intel(R) Active Client Manager 2.0 HECI Driver
"Home Media Server 4.1.4.0067" = Home Media Server 4.1.4.0067
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InCD!UninstallKey" = InCD
"Installationsauswahl" = Installationsauswahl
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft SQL Server 10" = Microsoft SQL Server 2008 R2
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Microsoft SQL Server 2008 R2" = Microsoft SQL Server 2008 R2
"Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Nero - Burning Rom!UninstallKey" = Nero OEM
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Nokia Ovi Suite" = Nokia Ovi Suite
"Picasa 3" = Picasa 3
"SUPER ©" = SUPER © Version 2010.bld.37 (Jan 2, 2010)
"UPE 2000 5.3" = UPE 2000 5.3
"UPE 2000 5.3 Arbeitsplatz" = UPE 2000 5.3 Arbeitsplatz
"VectorWorks 11" = VectorWorks 11
"ventasoft Demo-Filme_is1" = Lernvideos für Bieter
"VLC media player" = VideoLAN VLC media player 0.8.6d
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinGimp-2.0_is1" = GIMP 2.6.4
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.11 (32-Bit)
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01007" = Microsoft User-Mode Driver Framework Feature Pack 1.7
"YASA VOB to MP4 Converter v3.9 (build 0059)" = YASA VOB to MP4 Converter v3.9 (build 0059)
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 13.07.2012 01:08:53 | Computer Name = MEIER | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung kernel.exe, Version 2.21.0.4, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 13.07.2012 01:09:13 | Computer Name = MEIER | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung kernel.exe, Version 2.21.0.4, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 13.07.2012 02:23:17 | Computer Name = MEIER | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung browser.exe, Version 6.7.0.4, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 13.07.2012 05:12:36 | Computer Name = MEIER | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung browser.exe, Version 6.7.0.4, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 15.07.2012 05:32:24 | Computer Name = MEIER | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung browser.exe, Version 6.13.150.3, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 15.07.2012 05:36:39 | Computer Name = MEIER | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung browser.exe, Version 6.13.150.3, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 15.07.2012 11:02:23 | Computer Name = MEIER | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung OTL.exe, Version 3.2.54.0, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 15.07.2012 11:03:04 | Computer Name = MEIER | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung OTL.exe, Version 3.2.54.0, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 15.07.2012 11:03:14 | Computer Name = MEIER | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung OTL.exe, Version 3.2.54.0, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 15.07.2012 11:46:59 | Computer Name = MEIER | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung OTL.exe, Version 3.2.54.0, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
[ OSession Events ]
Error - 13.04.2010 05:40:40 | Computer Name = MEIER | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1160
 seconds with 1080 seconds of active time.  This session ended with a crash.
 
Error - 01.04.2011 10:57:31 | Computer Name = MEIER | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 904
 seconds with 780 seconds of active time.  This session ended with a crash.
 
Error - 14.01.2012 14:20:59 | Computer Name = MEIER | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1726
 seconds with 240 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 13.07.2012 03:36:50 | Computer Name = MEIER | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk1\D.
 
Error - 13.07.2012 03:36:54 | Computer Name = MEIER | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk1\D.
 
Error - 13.07.2012 03:36:59 | Computer Name = MEIER | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk1\D.
 
Error - 13.07.2012 03:37:03 | Computer Name = MEIER | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk1\D.
 
Error - 13.07.2012 03:37:07 | Computer Name = MEIER | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk1\D.
 
Error - 13.07.2012 04:17:36 | Computer Name = MEIER | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   Lbd
 
Error - 14.07.2012 04:16:52 | Computer Name = MEIER | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   Lbd
 
Error - 15.07.2012 05:19:06 | Computer Name = MEIER | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   Lbd
 
Error - 15.07.2012 09:32:53 | Computer Name = MEIER | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   Lbd
 
Error - 15.07.2012 10:23:12 | Computer Name = MEIER | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   Lbd
 
 
< End of report >
         
__________________

Alt 17.07.2012, 16:00   #4
t'john
/// Helfer-Team
 
GVU Trojaner inkl. rundll-Probleme beim Systemstart - Standard

GVU Trojaner inkl. rundll-Probleme beim Systemstart



Fixen mit OTL

Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).

  • Deaktiviere etwaige Virenscanner wie Avira, Kaspersky etc.
  • Starte die OTL.exe.
    Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
  • Kopiere folgendes Skript in das Textfeld unterhalb von Benuterdefinierte Scans/Fixes:


Code:
ATTFilter
:OTL
PRC - [2012.06.30 17:00:09 | 000,935,008 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe 
PRC - [2012.06.30 17:00:06 | 001,107,552 | ---- | M] () -- C:\Programme\AVG Secure Search\vprot.exe 
PRC - [2012.05.30 13:56:52 | 003,048,136 | ---- | M] (Skype Technologies S.A.) -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Skype\Toolbars\Skype C2C Service\c2c_service.exe 
PRC - [2011.10.21 11:09:36 | 000,198,032 | ---- | M] (Lavasoft) -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ad-Aware Browsing Protection\adawarebp.exe 
PRC - [2009.12.22 12:31:50 | 000,024,576 | ---- | M] () -- C:\Programme\LG Soft India\EasySetPackage\bin\TestDDCCI.exe 
PRC - [2009.12.22 12:30:54 | 000,159,744 | ---- | M] () -- C:\Programme\LG Soft India\EasySetPackage\bin\EasySetPackage.exe 
SRV - [2012.05.30 13:56:52 | 003,048,136 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service) 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} 
IE - HKCU\..\URLSearchHook: {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\4.7\pdfforgeToolbarIE.dll (Spigot, Inc.) 
IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233} 
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC 
IE - HKCU\..\SearchScopes\{0B7670F3-4BA8-4FD9-B9BE-92AB65FAE639}: "URL" = http://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms} 
IE - HKCU\..\SearchScopes\{2529F95D-5CF1-45C2-9FAD-EA470BEEC9C4}: "URL" = http://go.1und1.de/suchbox/1und1suche?su={searchTerms} 
IE - HKCU\..\SearchScopes\{335F0779-FE9B-4F7D-A340-FED5EA191C7B}: "URL" = http://search.live.com/results.aspx?FORM=IEFM1&q={searchTerms}&src=IE-SearchBox 
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://go.web.de/suchbox/google?q={searchTerms} 
IE - HKCU\..\SearchScopes\{6C34B1FE-7653-4092-B69A-C2658982CF44}: "URL" = http://go.web.de/suchbox/ebay?query={searchTerms} 
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={32D669D0-2BC1-4B33-ACBD-84BFD72EC50C}&mid=4fbf632af4de47d09501d15f3026af7b-b36cc4c10a19fda1a6a37effe023b75cffea14f8&lang=en&ds=qw011&pr=sa&d=2012-06-30 17:00:12&v=11.1.0.12&sap=dsp&q={searchTerms} 
IE - HKCU\..\SearchScopes\{CD00894A-82CD-4AC1-9A9C-81C1574EF54D}: "URL" = http://go.1und1.de/suchbox/amazon?tag=1und1icon-21&field-keywords={searchTerms} 
IE - HKCU\..\SearchScopes\{F57594AD-0F09-4A72-8650-E74B8D68576F}: "URL" = http://go.web.de/suchbox/google?q={searchTerms} 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search" 
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=827316&ilc=12" 
FF - prefs.js..browser.search.selectedEngine: "Google" 
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 
FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.2.26 
FF - prefs.js..extensions.enabledItems: pdfforge@mybrowserbar.com:4.7 
FF - prefs.js..extensions.enabledItems: wtxpcom@mybrowserbar.com:4.7 
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26 
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29 
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:6.0.0.10201 
FF - prefs.js..keyword.URL: "http://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=827316&p=" 
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) 
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) 
O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\4.7\pdfforgeToolbarIE.dll (Spigot, Inc.) 
O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\4.7\pdfforgeToolbarIE.dll (Spigot, Inc.) 
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found. 
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. 
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No CLSID value found. 
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found. 
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found. 
O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft) 
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found 
O4 - HKLM..\Run: [msonem] rundll32.exe "C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\msonem.dll",CleanupGlobalTempFiles File not found 
O4 - HKLM..\Run: [SigmatelSysTrayApp] sttray.exe File not found 
O4 - HKCU..\Run: [PowerBar] File not found 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Reg Error: Key error.) 
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Reg Error: Key error.) 
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.) 
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.) 
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.) 
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) 
O32 - HKLM CDRom: AutoRun - 1 

[2012.07.13 08:40:35 | 004,503,728 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\go_0molg.pad 
[2012.07.12 18:24:20 | 000,001,616 | ---- | M] () -- C:\Dokumente und Einstellungen\Besitzer\Startmenü\Programme\Autostart\ctfmon.lnk 
[2012.07.12 18:24:20 | 000,001,616 | ---- | C] () -- C:\Dokumente und Einstellungen\Besitzer\Startmenü\Programme\Autostart\ctfmon.lnk 
[2012.07.12 18:24:19 | 004,503,728 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\go_0molg.pad 

:Files

ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[emptyflash]
         
  • Schließe alle Programme.
  • Klicke auf den Fix Button.
  • Wenn OTL einen Neustart verlangt, bitte zulassen.
  • Kopiere den Inhalt des Logfiles hier in Code-Tags in Deinen Thread.
    Nachträglich kannst Du das Logfile hier einsehen => C:\_OTL\MovedFiles\

Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!
__________________
Mfg, t'john
Das TB unterstützen

Alt 17.07.2012, 17:56   #5
Hans D.
 
GVU Trojaner inkl. rundll-Probleme beim Systemstart - Standard

GVU Trojaner inkl. rundll-Probleme beim Systemstart



Hallo, wiederum nochmals Danke.

Anbei der Inhalt des Logfiles

Code:
ATTFilter
All processes killed
========== OTL ==========
No active process named ToolbarUpdater.exe was found!
No active process named vprot.exe was found!
No active process named c2c_service.exe was found!
No active process named adawarebp.exe was found!
No active process named TestDDCCI.exe was found!
No active process named EasySetPackage.exe was found!
Service Skype C2C Service stopped successfully!
Service Skype C2C Service deleted successfully!
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Skype\Toolbars\Skype C2C Service\c2c_service.exe moved successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{B922D405-6D13-4A2B-AE89-08A030DA4402} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ deleted successfully.
C:\Programme\pdfforge Toolbar\IE\4.7\pdfforgeToolbarIE.dll moved successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0B7670F3-4BA8-4FD9-B9BE-92AB65FAE639}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B7670F3-4BA8-4FD9-B9BE-92AB65FAE639}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2529F95D-5CF1-45C2-9FAD-EA470BEEC9C4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2529F95D-5CF1-45C2-9FAD-EA470BEEC9C4}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{335F0779-FE9B-4F7D-A340-FED5EA191C7B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{335F0779-FE9B-4F7D-A340-FED5EA191C7B}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6C34B1FE-7653-4092-B69A-C2658982CF44}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6C34B1FE-7653-4092-B69A-C2658982CF44}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CD00894A-82CD-4AC1-9A9C-81C1574EF54D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CD00894A-82CD-4AC1-9A9C-81C1574EF54D}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{F57594AD-0F09-4A72-8650-E74B8D68576F}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F57594AD-0F09-4A72-8650-E74B8D68576F}\ not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
Prefs.js: "AVG Secure Search" removed from browser.search.defaultenginename
Prefs.js: "chr-greentree_ff&type=827316&ilc=12" removed from browser.search.param.yahoo-fr
Prefs.js: "Google" removed from browser.search.selectedEngine
Prefs.js: jqs@sun.com:1.0 removed from extensions.enabledItems
Prefs.js: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.2.26 removed from extensions.enabledItems
Prefs.js: pdfforge@mybrowserbar.com:4.7 removed from extensions.enabledItems
Prefs.js: wtxpcom@mybrowserbar.com:4.7 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29 removed from extensions.enabledItems
Prefs.js: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:6.0.0.10201 removed from extensions.enabledItems
Prefs.js: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=827316&p=" removed from keyword.URL
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=3\ deleted successfully.
C:\Programme\Google\Update\1.3.21.115\npGoogleUpdate3.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=9\ deleted successfully.
File C:\Programme\Google\Update\1.3.21.115\npGoogleUpdate3.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ not found.
File C:\Programme\pdfforge Toolbar\IE\4.7\pdfforgeToolbarIE.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{B922D405-6D13-4A2B-AE89-08A030DA4402} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ not found.
File C:\Programme\pdfforge Toolbar\IE\4.7\pdfforgeToolbarIE.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C4069E3A-68F1-403E-B40E-20066696354B}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Ad-Aware Browsing Protection deleted successfully.
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ad-Aware Browsing Protection\adawarebp.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\KernelFaultCheck deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\msonem deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SigmatelSysTrayApp deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\PowerBar deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\HonorAutoRunSetting deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\WINDOWS\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\go_0molg.pad moved successfully.
C:\Dokumente und Einstellungen\Besitzer\Startmenü\Programme\Autostart\ctfmon.lnk moved successfully.
File C:\Dokumente und Einstellungen\Besitzer\Startmenü\Programme\Autostart\ctfmon.lnk not found.
File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\go_0molg.pad not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Auflösungscache wurde geleert.
C:\Dokumente und Einstellungen\Besitzer\Desktop\cmd.bat deleted successfully.
C:\Dokumente und Einstellungen\Besitzer\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Besitzer
->Temp folder emptied: 1046053854 bytes
->Temporary Internet Files folder emptied: 43265757 bytes
->Java cache emptied: 28645182 bytes
->FireFox cache emptied: 59872344 bytes
->Flash cache emptied: 1891179 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 83 bytes
 
User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 4482442 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2134333 bytes
%systemroot%\System32 .tmp files removed: 2951 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 5704129 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 1.137,00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: Besitzer
->Flash cache emptied: 0 bytes
 
User: Default User
->Flash cache emptied: 0 bytes
 
User: LocalService
 
User: NetworkService
 
Total Flash Files Cleaned = 0,00 mb
 
 
OTL by OldTimer - Version 3.2.54.0 log created on 07172012_184626

Files\Folders moved on Reboot...
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_7a8.dat not found!

PendingFileRenameOperations files...
File C:\WINDOWS\temp\Perflib_Perfdata_7a8.dat not found!

Registry entries deleted on Reboot...
         


Alt 17.07.2012, 19:36   #6
t'john
/// Helfer-Team
 
GVU Trojaner inkl. rundll-Probleme beim Systemstart - Standard

GVU Trojaner inkl. rundll-Probleme beim Systemstart



Sehr gut!

Wie laeuft der Rechner?

Downloade Dir bitte AdwCleaner auf deinen Desktop.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Search.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.
__________________
--> GVU Trojaner inkl. rundll-Probleme beim Systemstart

Alt 18.07.2012, 06:10   #7
Hans D.
 
GVU Trojaner inkl. rundll-Probleme beim Systemstart - Standard

GVU Trojaner inkl. rundll-Probleme beim Systemstart



Hallo,
der Rechner läuft jetzt wieder wie ein Schnitzel!

Anbei die Logdatei!

Code:
ATTFilter
Folder Found : C:\Programme\Gemeinsame Dateien\spigot
File Found : C:\Programme\Mozilla Firefox\extensions\pdfforge@mybrowserbar.com
File Found : C:\Programme\Mozilla Firefox\extensions\wtxpcom@mybrowserbar.com
File Found : C:\Programme\Mozilla Firefox\searchplugins\avg-secure-search.xml

***** [Registry] *****

Key Found : HKCU\Software\AppDataLow\Software\pdfforge
Key Found : HKCU\Software\AppDataLow\Software\Search Settings
Key Found : HKCU\Software\AVG Secure Search
Key Found : HKCU\Software\IGearSettings
Key Found : HKLM\SOFTWARE\Application Updater
Key Found : HKLM\SOFTWARE\AVG Secure Search
Key Found : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Found : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Key Found : HKLM\SOFTWARE\Classes\S
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Key Found : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Found : HKLM\SOFTWARE\pdfforge
Key Found : HKLM\SOFTWARE\Search Settings
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]

***** [Registre - GUID] *****

Key Found : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A3F2A195-0D11-463b-96BB-D2FF1B7490A1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{ECD0ECC6-DCA4-4013-A915-12355AB70999}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2D5E2D34-BED5-4B9F-9793-A31E26E6806E}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://isearch.avg.com/?cid={32D669D0-2BC1-4B33-ACBD-84BFD72EC50C}&mid=4fbf632af4de47d09501d15f3026af7b-b36cc4c10a19fda1a6a37effe023b75cffea14f8&lang=en&ds=qw011&pr=sa&d=2012-06-30 17:00:12&v=11.1.0.12&sap=hp
[HKCU\Software\Microsoft\Internet Explorer\Main - Secondary Start Pages] = hxxp://isearch.avg.com/?cid={32D669D0-2BC1-4B33-ACBD-84BFD72EC50C}&mid=4fbf632af4de47d09501d15f3026af7b-b36cc4c10a19fda1a6a37effe023b75cffea14f8&lang=en&ds=qw011&pr=sa&d=2012-06-30 17:00:12&v=11.1.0.12&sap=hp
hxxp://isearch.avg.com/?cid={32D669D0-2BC1-4B33-ACBD-84BFD72EC50C}&mid=4fbf632af4de47d09501d15f3026af7b-b36cc4c10a19fda1a6a37effe023b75cffea14f8&lang=en&ds=qw011&pr=sa&d=2012-06-30 17:00:12&v=11.1.0.12&sap=hp
hxxp://isearch.avg.com/?cid={32D669D0-2BC1-4B33-ACBD-84BFD72EC50C}&mid=4fbf632af4de47d09501d15f3026af7b-b36cc4c10a19fda1a6a37effe023b75cffea14f8&lang=en&ds=qw011&pr=sa&d=2012-06-30 17:00:12&v=11.1.0.12&sap=hp
hxxp://isearch.avg.com/?cid={32D669D0-2BC1-4B33-ACBD-84BFD72EC50C}&mid=4fbf632af4de47d09501d15f3026af7b-b36cc4c10a19fda1a6a37effe023b75cffea14f8&lang=en&ds=qw011&pr=sa&d=2012-06-30 17:00:12&v=11.1.0.12&sap=hp
hxxp://isearch.avg.com/?cid={32D669D0-2BC1-4B33-ACBD-84BFD72EC50C}&mid=4fbf632af4de47d09501d15f3026af7b-b36cc4c10a19fda1a6a37effe023b75cffea14f8&lang=en&ds=qw011&pr=sa&d=2012-06-30 17:00:12&v=11.1.0.12&sap=hp
hxxp://isearch.avg.com/?cid={32D669D0-2BC1-4B33-ACBD-84BFD72EC50C}&mid=4fbf632af4de47d09501d15f3026af7b-b36cc4c10a19fda1a6a37effe023b75cffea14f8&lang=en&ds=qw011&pr=sa&d=2012-06-30 17:00:12&v=11.1.0.12&sap=hp
hxxp://isearch.avg.com/?cid={32D669D0-2BC1-4B33-ACBD-84BFD72EC50C}&mid=4fbf632af4de47d09501d15f3026af7b-b36cc4c10a19fda1a6a37effe023b75cffea14f8&lang=en&ds=qw011&pr=sa&d=2012-06-30 17:00:12&v=11.1.0.12&sap=hp
hxxp://isearch.avg.com/?cid={32D669D0-2BC1-4B33-ACBD-84BFD72EC50C}&mid=4fbf632af4de47d09501d15f3026af7b-b36cc4c10a19fda1a6a37effe023b75cffea14f8&lang=en&ds=qw011&pr=sa&d=2012-06-30 17:00:12&v=11.1.0.12&sap=hp
hxxp://www.1und1.de
[HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://isearch.avg.com/tab?cid={32D669D0-2BC1-4B33-ACBD-84BFD72EC50C}&mid=4fbf632af4de47d09501d15f3026af7b-b36cc4c10a19fda1a6a37effe023b75cffea14f8&lang=en&ds=qw011&pr=sa&d=2012-06-30 17:00:12&v=11.1.0.12&sap=nt

*************************

AdwCleaner[R1].txt - [7488 octets] - [18/07/2012 07:05:50]

########## EOF - C:\AdwCleaner[R1].txt - [7616 octets] ##########
         

Alt 18.07.2012, 08:13   #8
t'john
/// Helfer-Team
 
GVU Trojaner inkl. rundll-Probleme beim Systemstart - Standard

GVU Trojaner inkl. rundll-Probleme beim Systemstart



Sehr gut!

  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Delete.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.



danach:

Malware-Scan mit Emsisoft Anti-Malware

Lade die Gratisversion von => Emsisoft Anti-Malware herunter und installiere das Programm.
Lade über Jetzt Updaten die aktuellen Signaturen herunter.
Wähle den Freeware-Modus aus.

Wähle Detail Scan und starte über den Button Scan die Überprüfung des Computers.
Am Ende des Scans nichts loeschen lassen!. Mit Klick auf Bericht speichern das Logfile auf dem Desktop speichern und hier in den Thread posten.

Anleitung: http://www.trojaner-board.de/103809-...i-malware.html
__________________
Mfg, t'john
Das TB unterstützen

Alt 18.07.2012, 18:33   #9
Hans D.
 
GVU Trojaner inkl. rundll-Probleme beim Systemstart - Standard

GVU Trojaner inkl. rundll-Probleme beim Systemstart



Hallo,
anbei die gewünschten Logdateien.

Code:
ATTFilter
# AdwCleaner v1.702 - Logfile created 07/18/2012 at 15:10:28
# Updated 13/07/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Besitzer - MEIER
# Running from : C:\Dokumente und Einstellungen\Besitzer\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\AVG Secure Search
Folder Deleted : C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\pdfforge
Folder Deleted : C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Search Settings
Folder Deleted : C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVG Secure Search
Folder Deleted : C:\Programme\Application Updater
Folder Deleted : C:\Programme\AVG Secure Search
Folder Deleted : C:\Programme\pdfforge Toolbar
Deleted on reboot : C:\Programme\Gemeinsame Dateien\AVG Secure Search
Folder Deleted : C:\Programme\Gemeinsame Dateien\spigot
File Deleted : C:\Programme\Mozilla Firefox\extensions\pdfforge@mybrowserbar.com
File Deleted : C:\Programme\Mozilla Firefox\extensions\wtxpcom@mybrowserbar.com
File Deleted : C:\Programme\Mozilla Firefox\searchplugins\avg-secure-search.xml

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\pdfforge
Key Deleted : HKCU\Software\AppDataLow\Software\Search Settings
Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKCU\Software\IGearSettings
Key Deleted : HKLM\SOFTWARE\Application Updater
Key Deleted : HKLM\SOFTWARE\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SOFTWARE\pdfforge
Key Deleted : HKLM\SOFTWARE\Search Settings
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]

***** [Registre - GUID] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A3F2A195-0D11-463b-96BB-D2FF1B7490A1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{ECD0ECC6-DCA4-4013-A915-12355AB70999}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2D5E2D34-BED5-4B9F-9793-A31E26E6806E}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://isearch.avg.com/?cid={32D669D0-2BC1-4B33-ACBD-84BFD72EC50C}&mid=4fbf632af4de47d09501d15f3026af7b-b36cc4c10a19fda1a6a37effe023b75cffea14f8&lang=en&ds=qw011&pr=sa&d=2012-06-30 17:00:12&v=11.1.0.12&sap=hp --> hxxp://www.google.com
Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Secondary Start Pages] = hxxp://isearch.avg.com/?cid={32D669D0-2BC1-4B33-ACBD-84BFD72EC50C}&mid=4fbf632af4de47d09501d15f3026af7b-b36cc4c10a19fda1a6a37effe023b75cffea14f8&lang=en&ds=qw011&pr=sa&d=2012-06-30 17:00:12&v=11.1.0.12&sap=hp
hxxp://isearch.avg.com/?cid={32D669D0-2BC1-4B33-ACBD-84BFD72EC50C}&mid=4fbf632af4de47d09501d15f3026af7b-b36cc4c10a19fda1a6a37effe023b75cffea14f8&lang=en&ds=qw011&pr=sa&d=2012-06-30 17:00:12&v=11.1.0.12&sap=hp
hxxp://isearch.avg.com/?cid={32D669D0-2BC1-4B33-ACBD-84BFD72EC50C}&mid=4fbf632af4de47d09501d15f3026af7b-b36cc4c10a19fda1a6a37effe023b75cffea14f8&lang=en&ds=qw011&pr=sa&d=2012-06-30 17:00:12&v=11.1.0.12&sap=hp
hxxp://isearch.avg.com/?cid={32D669D0-2BC1-4B33-ACBD-84BFD72EC50C}&mid=4fbf632af4de47d09501d15f3026af7b-b36cc4c10a19fda1a6a37effe023b75cffea14f8&lang=en&ds=qw011&pr=sa&d=2012-06-30 17:00:12&v=11.1.0.12&sap=hp
hxxp://isearch.avg.com/?cid={32D669D0-2BC1-4B33-ACBD-84BFD72EC50C}&mid=4fbf632af4de47d09501d15f3026af7b-b36cc4c10a19fda1a6a37effe023b75cffea14f8&lang=en&ds=qw011&pr=sa&d=2012-06-30 17:00:12&v=11.1.0.12&sap=hp
hxxp://isearch.avg.com/?cid={32D669D0-2BC1-4B33-ACBD-84BFD72EC50C}&mid=4fbf632af4de47d09501d15f3026af7b-b36cc4c10a19fda1a6a37effe023b75cffea14f8&lang=en&ds=qw011&pr=sa&d=2012-06-30 17:00:12&v=11.1.0.12&sap=hp
hxxp://isearch.avg.com/?cid={32D669D0-2BC1-4B33-ACBD-84BFD72EC50C}&mid=4fbf632af4de47d09501d15f3026af7b-b36cc4c10a19fda1a6a37effe023b75cffea14f8&lang=en&ds=qw011&pr=sa&d=2012-06-30 17:00:12&v=11.1.0.12&sap=hp
hxxp://isearch.avg.com/?cid={32D669D0-2BC1-4B33-ACBD-84BFD72EC50C}&mid=4fbf632af4de47d09501d15f3026af7b-b36cc4c10a19fda1a6a37effe023b75cffea14f8&lang=en&ds=qw011&pr=sa&d=2012-06-30 17:00:12&v=11.1.0.12&sap=hp
hxxp://www.1und1.de --> hxxp://www.google.com
Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://isearch.avg.com/tab?cid={32D669D0-2BC1-4B33-ACBD-84BFD72EC50C}&mid=4fbf632af4de47d09501d15f3026af7b-b36cc4c10a19fda1a6a37effe023b75cffea14f8&lang=en&ds=qw011&pr=sa&d=2012-06-30 17:00:12&v=11.1.0.12&sap=nt --> hxxp://www.google.com

*************************

AdwCleaner[R1].txt - [7617 octets] - [18/07/2012 07:05:50]
AdwCleaner[S1].txt - [7784 octets] - [18/07/2012 15:10:28]

########## EOF - C:\AdwCleaner[S1].txt - [7912 octets] ##########
         


Code:
ATTFilter
Emsisoft Anti-Malware - Version 6.6
Letztes Update: 18.07.2012 15:28:52

Scan Einstellungen:

Scan Methode: Detail Scan
Objekte: Rootkits, Speicher, Traces, C:\
Archiv Scan: An
ADS Scan: An

Scan Beginn:	18.07.2012 15:29:23

C:\System Volume Information\_restore{09B6A9D9-D5C9-4C38-9F74-23241906A064}\RP1820\A0209842.exe 	gefunden: SoftwareBundler.Win32.KaZaA!E2
C:\Programme\T-Online\T-Online_Software_6\Messenger\Clean.exe 	gefunden: Trojan.SuspectCRC!E2
C:\Dokumente und Einstellungen\Besitzer\Desktop\Sicherung\Programme\MediaLoads\v1\ML.exe 	gefunden: AdWare.Win32.MediaLoads!E2
C:\Dokumente und Einstellungen\Besitzer\Desktop\Sicherung\Dokumente und Einstellungen\Klaus\Lokale Einstellungen\Temp\Temporary Internet Files\Content.IE5\GDE3OHYB\0518[1].htm 	gefunden: AdWare.JS.CountXES!E2

Gescannt	699161
Gefunden	4

Scan Ende:	18.07.2012 19:25:50
Scan Zeit:	3:56:27
         

Alt 18.07.2012, 20:49   #10
t'john
/// Helfer-Team
 
GVU Trojaner inkl. rundll-Probleme beim Systemstart - Standard

GVU Trojaner inkl. rundll-Probleme beim Systemstart



Sehr gut!

Lasse die Funde loeschen

danach:


Hinweis: ESET zeigt durchaus öfter ein paar Fehlalarme. Deswegen soll auch von ESET immer nur erst das Log gepostet und nichts entfernt werden.


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset





Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
         
__________________
Mfg, t'john
Das TB unterstützen

Alt 19.07.2012, 09:02   #11
Hans D.
 
GVU Trojaner inkl. rundll-Probleme beim Systemstart - Standard

GVU Trojaner inkl. rundll-Probleme beim Systemstart



Hallo,
die Funde von Emsisoft waren nicht mehr da.
Hab´s nochmal drüberlaufen lassen, hat nichts mehr gefunden!
Anbei der gewünschte Log

Code:
ATTFilter
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# BROWSER.EXE=6.13.150.3
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=d9438a796e00474ca529ae0aadb24d4c
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-07-19 07:49:20
# local_time=2012-07-19 09:49:20 (+0100, Westeuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1792 16777175 100 0 3000603 3000603 0 0
# compatibility_mode=8192 67108863 100 0 257 257 0 0
# scanned=275536
# found=1
# cleaned=0
# scan_time=9497
C:\_OTL\MovedFiles\07172012_184626\C_Programme\pdfforge Toolbar\IE\4.7\pdfforgeToolbarIE.dll	a variant of Win32/Toolbar.Widgi application (unable to clean)	00000000000000000000000000000000	I
         

Alt 19.07.2012, 09:28   #12
t'john
/// Helfer-Team
 
GVU Trojaner inkl. rundll-Probleme beim Systemstart - Standard

GVU Trojaner inkl. rundll-Probleme beim Systemstart



Sehr gut!

damit bist Du sauber und entlassen!


Tool-Bereinigung mit OTL


Wir werden nun die CleanUp!-Funktion von OTL nutzen, um die meisten Programme, die wir zur Bereinigung installiert haben, wieder von Deinem System zu löschen.
  • Bitte lade Dir (falls noch nicht vorhanden) OTL von OldTimer herunter.
  • Speichere es auf Deinem Desktop.
  • Doppelklick auf OTL.exe um das Programm auszuführen.
    Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
  • Klicke auf den Button "Bereinigung"
  • OTL fragt eventuell nach einem Neustart.
    Sollte es dies tun, so lasse dies bitte zu.
Anmerkung: Nach dem Neustart werden OTL und andere Helferprogramme, die Du im Laufe der Bereinigung heruntergeladen hast, nicht mehr vorhanden sein. Sie wurden entfernt. Es ist daher Ok, wenn diese Programme nicht mehr vorhanden sind. Sollten noch welche übrig geblieben sein, lösche sie manuell.



Lektuere zum abarbeiten:
http://www.trojaner-board.de/90880-d...tallation.html
http://www.trojaner-board.de/105213-...tellungen.html
PluginCheck
http://www.trojaner-board.de/96344-a...-rechners.html
Secunia Online Software Inspector
http://www.trojaner-board.de/71715-k...iendungen.html
http://www.trojaner-board.de/83238-a...sschalten.html
__________________
Mfg, t'john
Das TB unterstützen

Alt 20.07.2012, 06:07   #13
Hans D.
 
GVU Trojaner inkl. rundll-Probleme beim Systemstart - Standard

GVU Trojaner inkl. rundll-Probleme beim Systemstart



Ok, vielen Dank nochmals!

Antwort

Themen zu GVU Trojaner inkl. rundll-Probleme beim Systemstart
anwendungsdaten, avira, besitzer, bessere, cftmon.lnk, cleaner, dokumente, einstellungen, fehler beim laden glom0_og.exe, folgendes, go_0molg.pad, gvu trojaner, gvu trojaner entfernen, gvu trojaner entfernen windows xp, gvu trojaner mit webcam, hänge, laden, manuel, systems, systemstart, trojaner, webcam gvu trojaner, webcamfenster, worte




Ähnliche Themen: GVU Trojaner inkl. rundll-Probleme beim Systemstart


  1. RUNDLL Fehler nach Systemstart[2]
    Plagegeister aller Art und deren Bekämpfung - 02.02.2014 (13)
  2. RUNDLL Fehler nach Systemstart
    Plagegeister aller Art und deren Bekämpfung - 02.02.2014 (16)
  3. beim Systemstart Rundll fehler
    Plagegeister aller Art und deren Bekämpfung - 30.12.2013 (3)
  4. Fehlermeldung: RunDLL Meldung beim Systemstart
    Plagegeister aller Art und deren Bekämpfung - 29.11.2013 (7)
  5. RunDll Probleme beim Starten von C:\Users\xxxx\AppData\Roaming\Microsoft\Windows\unicode2.nls
    Log-Analyse und Auswertung - 10.12.2012 (1)
  6. Fehlermeldung bei Systemstart (RUNDLL)
    Plagegeister aller Art und deren Bekämpfung - 25.11.2012 (2)
  7. GVU Trojaner-Infizierung; dll-Fehler beim Systemstart
    Log-Analyse und Auswertung - 21.11.2012 (17)
  8. RunDLL Probleme beim Starten von C:\users\***\AppData\Roaming\pndeb.dll & AppData\Local\powstak.dll
    Plagegeister aller Art und deren Bekämpfung - 22.10.2012 (5)
  9. RunDLL Fehler nach Systemstart (guv-Virus-Verdacht)
    Plagegeister aller Art und deren Bekämpfung - 26.08.2012 (10)
  10. Nach GVU Trojaner Entfernung RUNDLL Fehlermeldung nach Systemstart ?
    Plagegeister aller Art und deren Bekämpfung - 11.07.2012 (2)
  11. RUNDLL fehlermeldungen bei systemstart
    Plagegeister aller Art und deren Bekämpfung - 05.08.2011 (10)
  12. Nach Systemstart Fehlermeldung Rundll oife.mro
    Log-Analyse und Auswertung - 19.05.2010 (6)
  13. Systemstart (XP) Fehlermeldung: rundll - Modul wurde nicht gefunden
    Log-Analyse und Auswertung - 28.03.2009 (5)
  14. Systemstart rundll-Meldung und hartnäckiger Trojaner/Spyware Befall
    Log-Analyse und Auswertung - 27.01.2009 (4)
  15. RunDLL error bei Systemstart (Vista)
    Log-Analyse und Auswertung - 16.10.2008 (11)
  16. RUNDLL beim Systemstart nicht gefunden
    Log-Analyse und Auswertung - 07.08.2008 (10)
  17. RUNDLL - Meldungen bei Systemstart
    Log-Analyse und Auswertung - 02.08.2008 (3)

Zum Thema GVU Trojaner inkl. rundll-Probleme beim Systemstart - Hallo, mich hat es auch mit dem Trojaner erwischt. Ich habe dann Avira DE Cleaner drüberlaufen lassen. Jetzt zeigt es beim Systemstart folgendes Problem an: RUNDLL: Fehler beim Laden ..../glom0_og.exe - GVU Trojaner inkl. rundll-Probleme beim Systemstart...
Archiv
Du betrachtest: GVU Trojaner inkl. rundll-Probleme beim Systemstart auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.