Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: GVU-Trojaner auf meinem Laptop

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

 
Alt 16.09.2012, 08:57   #1
TGB87
 
GVU-Trojaner auf meinem Laptop - Icon16

GVU-Trojaner auf meinem Laptop



Hallo zusammen,

schon seit längerem habe ich den GVU-Trojaner auf meinem Laptop. Fing ihn mir ein als ich einen Film streamen wollte, den ich in der google-suche gesucht habe. Habe einen x-beliebigen Link angeklickt und schon war er da.
Als ich meinen Laptop dann mal ohne Internetverbindung (fern ab von meinem Router) hochfuhr, hatte ich wieder zugriff und konnte mit dem Luke Filewalker (Avira) eine Systemüberprüfung durchführen. Diese hat mir dann auch etwas angezeigt, ich löschte es und dachte das Problem sei behoben. (Naiv wie ich jetzt weiß). Nun erhalte ich, wenn ich meinen Laptop starte zu Beginn immer eine Fehlermeldung das ein Modul nicht gefunden werden kann (c:\users\Tim\AppData\Local\Temp\fe0_zip.exe). Habe die ersten Schritte bereits durchgeführt und an diesen Beitrag angehangen.
Bin jetzt erst dazu gekommen, da ich, als ich, Dateinen auf eine externe Festplatte kopieren wollte Probleme hatte und glaube das es an besagtem Trojaner liegt. Kann das sein???

Ich bedanke mich schonmal herzlich bei Euch im voraus und hoffe hier eine Lösung für mein Problem zu finden!!! OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 15.09.2012 20:58:58 - Run 1
OTL by OldTimer - Version 3.2.61.5     Folder = C:\Users\Tim\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,93 Gb Total Physical Memory | 1,88 Gb Available Physical Memory | 64,10% Memory free
6,08 Gb Paging File | 4,95 Gb Available in Paging File | 81,42% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 111,44 Gb Total Space | 36,56 Gb Free Space | 32,81% Space Free | Partition Type: NTFS
 
Computer Name: TIM-PC | User Name: Tim | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.09.15 20:51:18 | 000,600,576 | ---- | M] (OldTimer Tools) -- C:\Users\Tim\Desktop\OTL.exe
PRC - [2012.07.18 18:04:42 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012.07.18 18:04:33 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2012.07.18 18:04:23 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.07.18 18:04:22 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.02.18 11:43:20 | 000,490,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe
PRC - [2010.01.03 17:07:48 | 000,246,520 | ---- | M] () -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.04.11 08:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2009.01.10 20:02:56 | 000,204,800 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Users\Tim\AppData\Local\Temp\RtkBtMnt.exe
PRC - [2008.07.02 04:51:00 | 000,821,768 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\QtZgAcer.EXE
PRC - [2008.06.11 11:22:16 | 000,409,600 | ---- | M] (Acer Inc.) -- C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
PRC - [2008.05.14 18:05:30 | 000,500,784 | ---- | M] (Egis Incorporated) -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
PRC - [2008.05.14 18:05:22 | 000,526,896 | ---- | M] (Egis Incorporated) -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
PRC - [2008.04.28 09:35:36 | 006,111,232 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008.04.15 18:54:42 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008.04.15 18:54:40 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2008.03.21 14:22:52 | 000,024,576 | ---- | M] () -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
PRC - [2008.03.18 05:27:12 | 000,013,312 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2008.01.16 19:35:02 | 000,081,504 | ---- | M] () -- C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
PRC - [2007.12.06 17:15:28 | 000,110,592 | ---- | M] () -- C:\ACER\Mobility Center\MobilityService.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.06.18 09:41:10 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8bbcd31ecc8edc7d1f9cdd83ef2bb2d3\System.ServiceProcess.ni.dll
MOD - [2012.06.18 09:38:24 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f2691cfa7671cdc58179e56ba9227591\System.Windows.Forms.ni.dll
MOD - [2012.06.18 09:37:51 | 001,592,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\18f9789aa214c657113e676b3a9015aa\System.Drawing.ni.dll
MOD - [2012.05.12 13:38:19 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\846b9cf2756fdd15f704c9bab9c70b6f\System.Runtime.Remoting.ni.dll
MOD - [2012.05.11 03:55:43 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2630342a066a7cb9056d9eb6157687a\System.Xml.ni.dll
MOD - [2012.05.11 03:52:40 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll
MOD - [2012.05.11 03:52:12 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll
MOD - [2011.06.24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.06.24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2009.03.30 06:42:11 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2008.06.11 11:21:46 | 000,204,800 | ---- | M] () -- C:\Windows\System32\SysHook.dll
MOD - [2008.05.14 18:05:10 | 000,227,888 | ---- | M] () -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ShowErrMsg.dll
MOD - [2008.04.28 10:49:20 | 000,003,072 | ---- | M] () -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTrayLOC.dll
MOD - [2008.02.05 17:32:07 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Framework.Library\3.0.3006.0__3036420f80dd6947\Framework.Library.dll
MOD - [2008.02.05 17:32:07 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Framework.Utility\3.0.3006.0__4df5dcab8860d239\Framework.Utility.dll
MOD - [2008.02.05 17:32:07 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Framework.Model.ControllerInterface\3.0.3006.0__d842b71b4d6ed079\Framework.Model.ControllerInterface.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2012.07.18 18:04:33 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.07.18 18:04:23 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010.12.08 15:31:06 | 000,628,736 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2010.01.03 17:07:48 | 000,246,520 | ---- | M] () [Auto | Running] -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2008.05.14 18:05:30 | 000,500,784 | ---- | M] (Egis Incorporated) [Auto | Running] -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service)
SRV - [2008.04.15 18:54:42 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2008.03.21 14:22:52 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe -- (ETService)
SRV - [2008.03.18 05:27:12 | 000,013,312 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008.01.16 19:35:02 | 000,081,504 | ---- | M] () [Auto | Running] -- C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe -- (CLHNService)
SRV - [2007.12.06 17:15:28 | 000,110,592 | ---- | M] () [Auto | Running] -- C:\ACER\Mobility Center\MobilityService.exe -- (MobilityService)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | System | Unknown] -- C:\Windows\system32\drivers\usb3jrcv.sys -- (usb3jrcv)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbmdm.sys -- (hwdatacard)
DRV - [2012.07.18 18:04:42 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.07.18 18:04:42 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012.07.18 18:04:42 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2008.08.26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008.07.28 09:53:48 | 000,919,552 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008.05.09 13:03:58 | 000,061,424 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl -- ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796})
DRV - [2008.04.21 05:07:00 | 000,081,296 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\jmcr.sys -- (JMCR)
DRV - [2008.03.21 11:48:24 | 000,015,392 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\int15.sys -- (int15)
DRV - [2008.02.29 09:13:38 | 001,202,560 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2008.01.16 19:35:08 | 000,122,368 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys -- (NTIPPKernel)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0109&m=aspire_7730z
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://startsear.ch/?aff=1
IE - HKLM\..\URLSearchHook:  - No CLSID value found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKLM\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - SOFTWARE\Classes\CLSID\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\InprocServer32 File not found
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{2EB715F0-9BA0-444F-A8B4-9E0886E24F6C}: "URL" = hxxp://startsear.ch/?aff=1&q={searchTerms}
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.web.de/home
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://go.web.de/tab2 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - SOFTWARE\Classes\CLSID\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\InprocServer32 File not found
IE - HKCU\..\SearchScopes,DefaultScope = {2EB715F0-9BA0-444F-A8B4-9E0886E24F6C}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0CA48AA3-0831-4924-940A-B9BE5A4242FF}: "URL" = hxxp://go.web.de/suchbox/ebay?query={searchTerms}
IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=SPC2&o=15000&src=crm&q={searchTerms}&locale=de_DE
IE - HKCU\..\SearchScopes\{2EB715F0-9BA0-444F-A8B4-9E0886E24F6C}: "URL" = hxxp://startsear.ch/?aff=1&q={searchTerms}
IE - HKCU\..\SearchScopes\{514B8DFF-4823-46C0-8396-3E1D123EBF3E}: "URL" = hxxp://go.1und1.de/suchbox/amazon?tag=1und1icon-21&field-keywords={searchTerms}
IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://go.web.de/suchbox/google?q={searchTerms}
IE - HKCU\..\SearchScopes\{92762EF5-0E23-4366-A6BA-1D1AE3D26D4C}: "URL" = hxxp://go.web.de/suchbox/amazon/?keywords={searchTerms}
IE - HKCU\..\SearchScopes\{C4E6FEF1-2855-4012-8907-5A90847CED85}: "URL" = hxxp://go.web.de/suchbox/smartshopping/?searchText={searchTerms}&mc=searchplugin@suche@msie.suche@preisvergleich
IE - HKCU\..\SearchScopes\{D81CF5C3-0D0B-4CF8-93AA-FC8EAAF70C93}: "URL" = hxxp://suche.web.de/search/web/?su={searchTerms}&mc=searchplugin@suche@msie.suche@web&origin=searchplugin
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.01.12 20:12:25 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.01.12 20:12:25 | 000,000,000 | ---D | M]
 
 
========== Chrome  ==========
 
CHR - default_search_provider: Google ()
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - homepage: hxxp://startsear.ch/?aff=1
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis)
O2 - BHO: (Sopcast Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O2 - BHO: (DVDVideoSoft Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVDV.dll File not found
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (Sopcast Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (DVDVideoSoft Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVDV.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (Sopcast Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoft Toolbar) - {E9911EC6-1BCC-40B0-9993-E0EEA7F6953F} - C:\Program Files\DVDVideoSoft\tbDVDV.dll File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated)
O4 - HKLM..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE (Dritek System Inc.)
O4 - HKLM..\Run: [NWEReboot]  File not found
O4 - HKLM..\Run: [ProductReg] C:\Program Files\Acer\WR_PopUp\ProductReg.exe (Acer)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: PartyCasino - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Programs\PartyGaming\PartyCasino\RunApp.exe File not found
O9 - Extra 'Tools' menuitem : PartyCasino - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Programs\PartyGaming\PartyCasino\RunApp.exe File not found
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe ()
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {888078C6-70B2-4F88-8EE7-1F50DDEA6120} https://as.photoprintit.de/ips-opdata/activex/ImageUploader6.cab (CeWe Color AG & Co. OHG Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} hxxp://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab (Oberon Flash Game Host)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{92ECCD73-3691-41A6-8106-001219538A6A}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B1C57539-2EA8-41B6-BAE9-091C9ADFD946}: DhcpNameServer = 192.168.178.1
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Tim\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Tim\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{08707553-0ef7-11de-83ec-00238b376914}\Shell - "" = AutoRun
O33 - MountPoints2\{08707553-0ef7-11de-83ec-00238b376914}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{08707587-0ef7-11de-83ec-00238b376914}\Shell - "" = AutoRun
O33 - MountPoints2\{08707587-0ef7-11de-83ec-00238b376914}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{08707591-0ef7-11de-83ec-00238b376914}\Shell - "" = AutoRun
O33 - MountPoints2\{08707591-0ef7-11de-83ec-00238b376914}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{087075c6-0ef7-11de-83ec-00238b376914}\Shell - "" = AutoRun
O33 - MountPoints2\{087075c6-0ef7-11de-83ec-00238b376914}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{1fda5aff-e266-11dd-ab38-00238b376914}\Shell - "" = AutoRun
O33 - MountPoints2\{1fda5aff-e266-11dd-ab38-00238b376914}\Shell\AutoRun\command - "" = F:\setup.exe
O33 - MountPoints2\{1fda5b01-e266-11dd-ab38-00238b376914}\Shell - "" = AutoRun
O33 - MountPoints2\{1fda5b01-e266-11dd-ab38-00238b376914}\Shell\AutoRun\command - "" = F:\setup.exe
O33 - MountPoints2\{2e04dd9a-0f01-11de-b8c3-00238b376914}\Shell - "" = AutoRun
O33 - MountPoints2\{2e04dd9a-0f01-11de-b8c3-00238b376914}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{2e04dddd-0f01-11de-b8c3-00238b376914}\Shell - "" = AutoRun
O33 - MountPoints2\{2e04dddd-0f01-11de-b8c3-00238b376914}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{36d361a5-e0c0-11dd-aa46-00238b376914}\Shell - "" = AutoRun
O33 - MountPoints2\{36d361a5-e0c0-11dd-aa46-00238b376914}\Shell\AutoRun\command - "" = F:\setup.exe
O33 - MountPoints2\{7a352ee6-e0ca-11dd-a9e1-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{7a352ee6-e0ca-11dd-a9e1-806e6f6e6963}\Shell\AutoRun\command - "" = F:\setup.exe
O33 - MountPoints2\{7a352f09-e0ca-11dd-a9e1-00238b376914}\Shell - "" = AutoRun
O33 - MountPoints2\{7a352f09-e0ca-11dd-a9e1-00238b376914}\Shell\AutoRun\command - "" = G:\setup.exe
O33 - MountPoints2\{7a352f18-e0ca-11dd-a9e1-00238b376914}\Shell - "" = AutoRun
O33 - MountPoints2\{7a352f18-e0ca-11dd-a9e1-00238b376914}\Shell\AutoRun\command - "" = F:\setup.exe
O33 - MountPoints2\{7a352f20-e0ca-11dd-a9e1-00238b376914}\Shell - "" = AutoRun
O33 - MountPoints2\{7a352f20-e0ca-11dd-a9e1-00238b376914}\Shell\AutoRun\command - "" = F:\setup.exe
O33 - MountPoints2\{8b1f70fd-0f27-11de-bd85-00238b376914}\Shell - "" = AutoRun
O33 - MountPoints2\{8b1f70fd-0f27-11de-bd85-00238b376914}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{8b1f7101-0f27-11de-bd85-00238b376914}\Shell - "" = AutoRun
O33 - MountPoints2\{8b1f7101-0f27-11de-bd85-00238b376914}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{b298231c-0e51-11de-b6c9-00238b376914}\Shell - "" = AutoRun
O33 - MountPoints2\{b298231c-0e51-11de-b6c9-00238b376914}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{b2982356-0e51-11de-b6c9-00238b376914}\Shell - "" = AutoRun
O33 - MountPoints2\{b2982356-0e51-11de-b6c9-00238b376914}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{c5b7ab40-117a-11de-b4d2-00238b376914}\Shell - "" = AutoRun
O33 - MountPoints2\{c5b7ab40-117a-11de-b4d2-00238b376914}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{c5b7ab41-117a-11de-b4d2-00238b376914}\Shell - "" = AutoRun
O33 - MountPoints2\{c5b7ab41-117a-11de-b4d2-00238b376914}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{d74167de-0e58-11de-8fa2-00238b376914}\Shell - "" = AutoRun
O33 - MountPoints2\{d74167de-0e58-11de-8fa2-00238b376914}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{d74167e6-0e58-11de-8fa2-00238b376914}\Shell - "" = AutoRun
O33 - MountPoints2\{d74167e6-0e58-11de-8fa2-00238b376914}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{d74167e8-0e58-11de-8fa2-00238b376914}\Shell - "" = AutoRun
O33 - MountPoints2\{d74167e8-0e58-11de-8fa2-00238b376914}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{e7ce5471-d877-11de-8b7f-00238b376914}\Shell\AutoRun\command - "" = F:\Menu.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.09.15 20:50:39 | 000,600,576 | ---- | C] (OldTimer Tools) -- C:\Users\Tim\Desktop\OTL.exe
[2012.09.15 14:02:12 | 000,000,000 | ---D | C] -- C:\Program Files\AntiTwin
[2012.09.07 19:05:38 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Play65
[2012.09.07 19:05:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Play65
[2012.09.07 19:02:21 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Local\Play65
[2012.09.07 19:01:33 | 000,261,224 | ---- | C] (Play65) -- C:\Users\Tim\Desktop\InstallPlay65.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.09.15 20:51:18 | 000,600,576 | ---- | M] (OldTimer Tools) -- C:\Users\Tim\Desktop\OTL.exe
[2012.09.15 20:49:04 | 000,000,000 | ---- | M] () -- C:\Users\Tim\defogger_reenable
[2012.09.15 20:47:35 | 000,050,477 | ---- | M] () -- C:\Users\Tim\Desktop\Defogger.exe
[2012.09.15 20:36:46 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.09.15 19:08:17 | 000,001,088 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.09.15 19:08:16 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.09.15 19:08:16 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.09.15 19:08:06 | 000,000,328 | ---- | M] () -- C:\Windows\tasks\RegistryDoktor.job
[2012.09.15 19:07:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.09.15 19:07:48 | 3144,589,312 | -HS- | M] () -- C:\hiberfil.sys
[2012.09.15 17:02:51 | 000,093,696 | ---- | M] () -- C:\Users\Tim\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.09.15 16:48:40 | 000,000,032 | ---- | M] () -- C:\Windows\CD_Start.INI
[2012.09.15 14:02:12 | 000,000,770 | ---- | M] () -- C:\Users\Public\Desktop\Anti-Twin.lnk
[2012.09.15 14:01:36 | 000,911,295 | ---- | M] () -- C:\Users\Tim\Desktop\AntiTwin_Setup.exe
[2012.09.15 13:56:36 | 000,628,914 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.09.15 13:56:36 | 000,596,168 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.09.15 13:56:36 | 000,126,626 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.09.15 13:56:36 | 000,104,242 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.09.07 19:05:38 | 000,000,851 | ---- | M] () -- C:\Users\Tim\Desktop\Play65.lnk
[2012.09.07 19:01:34 | 000,261,224 | ---- | M] (Play65) -- C:\Users\Tim\Desktop\InstallPlay65.exe
[2012.08.19 11:00:15 | 000,300,784 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.09.15 20:49:04 | 000,000,000 | ---- | C] () -- C:\Users\Tim\defogger_reenable
[2012.09.15 20:47:34 | 000,050,477 | ---- | C] () -- C:\Users\Tim\Desktop\Defogger.exe
[2012.09.15 14:02:13 | 000,000,782 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anti-Twin.lnk
[2012.09.15 14:02:12 | 000,000,770 | ---- | C] () -- C:\Users\Public\Desktop\Anti-Twin.lnk
[2012.09.15 14:01:35 | 000,911,295 | ---- | C] () -- C:\Users\Tim\Desktop\AntiTwin_Setup.exe
[2012.09.07 19:05:38 | 000,000,851 | ---- | C] () -- C:\Users\Tim\Desktop\Play65.lnk
[2012.07.23 15:29:28 | 004,503,728 | ---- | C] () -- C:\ProgramData\piz_0ef.pad
[2012.06.02 15:27:41 | 000,061,208 | ---- | C] () -- C:\Windows\System32\MPEG4E-uninstall.exe
[2011.08.12 16:24:23 | 000,000,032 | ---- | C] () -- C:\Windows\CD_Start.INI
[2009.03.13 11:54:19 | 022,102,584 | ---- | C] () -- C:\Program Files\antivir_workstation_winu_de_h337.exe
[2009.01.12 18:46:47 | 000,000,680 | ---- | C] () -- C:\Users\Tim\AppData\Local\d3d9caps.dat
[2009.01.10 20:57:46 | 000,093,696 | ---- | C] () -- C:\Users\Tim\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== LOP Check ==========
 
[2009.01.15 20:43:40 | 000,000,000 | -HSD | M] -- C:\Users\Tim\AppData\Roaming\.#
[2010.10.22 23:27:57 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\Absolute Poker
[2008.02.05 17:53:18 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\Acer GameZone Console
[2009.01.15 20:32:11 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\Big Fish Games
[2009.01.11 02:30:54 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\eSobi
[2010.03.30 01:54:14 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\Gaijin Ent
[2011.04.10 20:50:55 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\ICQ
[2009.10.13 19:18:54 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\LG Electronics
[2009.09.20 18:19:01 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\LGSync
[2012.07.09 18:05:00 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\Nokia
[2012.07.09 18:05:00 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\Nokia Ovi Suite
[2012.02.18 14:41:45 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\PacificPoker
[2011.02.16 14:06:53 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\PC Suite
[2010.04.16 13:04:34 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\Uniblue
[2009.01.12 18:49:01 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\Vodafone
[2012.09.15 19:08:06 | 000,000,328 | ---- | M] () -- C:\Windows\Tasks\RegistryDoktor.job
[2012.09.15 17:17:22 | 000,032,514 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:FC420CE6
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:FEBEC560
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:E36F5B57
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:9F683177
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:193426B4
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:B623B5B8
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:861A898F
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:4BB26BE9
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:9E22BBE8

< End of report >
         
--- --- ---

 

Themen zu GVU-Trojaner auf meinem Laptop
antivir, autorun, avira, bho, bonjour, defender, explorer, fehlermeldung, festplatte, firefox, format, helper, home, intranet, launch, logfile, object, origin, plug-in, popup, problem, realtek, registry, scan, software, systemüberprüfung, temp, usb, vista




Ähnliche Themen: GVU-Trojaner auf meinem Laptop


  1. Interpool Trojaner auf meinem Laptop
    Plagegeister aller Art und deren Bekämpfung - 22.01.2014 (12)
  2. GVU Trojaner auf meinem Win 7 Laptop.
    Plagegeister aller Art und deren Bekämpfung - 31.07.2013 (17)
  3. GVU - Trojaner auf meinem Laptop
    Log-Analyse und Auswertung - 26.07.2013 (10)
  4. GVU Trojaner auf meinem Laptop
    Plagegeister aller Art und deren Bekämpfung - 28.06.2013 (7)
  5. Trojaner auf meinem Laptop
    Plagegeister aller Art und deren Bekämpfung - 30.05.2013 (9)
  6. Trojaner auf meinem Laptop (serialcodes_net[1].htm) + SpyHunter 4
    Plagegeister aller Art und deren Bekämpfung - 15.03.2013 (29)
  7. BKA Trojaner auf meinem Laptop
    Plagegeister aller Art und deren Bekämpfung - 22.10.2012 (1)
  8. Trojaner Windows Update - OTL Log von meinem Laptop
    Log-Analyse und Auswertung - 06.06.2012 (6)
  9. weitere BKA-Trojaner-Variante von der GVU auf meinem laptop
    Log-Analyse und Auswertung - 28.03.2012 (1)
  10. abnow-trojaner auf meinem laptop
    Plagegeister aller Art und deren Bekämpfung - 14.03.2012 (4)
  11. Bundeskriminalamt Trojaner auf meinem Laptop
    Plagegeister aller Art und deren Bekämpfung - 05.08.2011 (7)
  12. Trojaner Fake.AV auf meinem Laptop....
    Plagegeister aller Art und deren Bekämpfung - 30.04.2011 (5)
  13. Trojaner (TR/Trash.Gen) auf meinem Laptop
    Plagegeister aller Art und deren Bekämpfung - 09.05.2010 (4)
  14. Trojaner-Problem bei meinem Laptop
    Plagegeister aller Art und deren Bekämpfung - 16.08.2009 (1)
  15. Trojaner auf meinem laptop! HILFE!!!
    Log-Analyse und Auswertung - 28.01.2009 (0)
  16. Mehrere Trojaner auf meinem Laptop
    Plagegeister aller Art und deren Bekämpfung - 03.09.2008 (8)
  17. Trojaner und Wurm auf meinem Laptop
    Plagegeister aller Art und deren Bekämpfung - 31.10.2006 (3)

Zum Thema GVU-Trojaner auf meinem Laptop - Hallo zusammen, schon seit längerem habe ich den GVU-Trojaner auf meinem Laptop. Fing ihn mir ein als ich einen Film streamen wollte, den ich in der google-suche gesucht habe. Habe - GVU-Trojaner auf meinem Laptop...
Archiv
Du betrachtest: GVU-Trojaner auf meinem Laptop auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.