Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: GVU Trojaner entfernen

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 02.12.2012, 12:31   #1
kobo1337
 
GVU Trojaner entfernen - Standard

GVU Trojaner entfernen



Hallo,
ich habe den GVU Trojaner auf meinem PC gehabt und möchte diesen nun vollständig entfernen. Habe bisher die DE Cleaner Rettungs CD benutzt und nun Anti Malware und OTL durchlaufen lassen. Ich würde mich freuen wenn mir jemand helfen könnte!
Hier sind die Logs die ich erstellt habe.

Code:
ATTFilter
Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Datenbank Version: v2012.12.02.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Horst :: HORST-PC [Administrator]

02.12.2012 10:07:33
mbam-log-2012-12-02 (11-58-22).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 426370
Laufzeit: 1 Stunde(n), 10 Minute(n), 13 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 4
C:\Users\Horst\AppData\Local\Temp\36B.tmp.vir (Trojan.LameShield) -> Keine Aktion durchgeführt.
C:\Users\Horst\AppData\Local\Temp\wgsdgsdgdsgsd.exe.vir (Trojan.Reveton) -> Keine Aktion durchgeführt.
C:\ProgramData\lsass.exe (Trojan.Delf) -> Keine Aktion durchgeführt.
C:\Users\Horst\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk (Trojan.Ransom.Gen) -> Keine Aktion durchgeführt.

(Ende)
         
Code:
ATTFilter
OTL logfile created on: 02.12.2012 12:05:39 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Horst\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,93 Gb Total Physical Memory | 0,99 Gb Available Physical Memory | 51,27% Memory free
3,86 Gb Paging File | 2,64 Gb Available in Paging File | 68,27% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 280,79 Gb Total Space | 228,99 Gb Free Space | 81,55% Space Free | Partition Type: NTFS
Drive D: | 7,50 Gb Total Space | 7,50 Gb Free Space | 100,00% Space Free | Partition Type: FAT32
Drive E: | 1,99 Gb Total Space | 1,99 Gb Free Space | 99,77% Space Free | Partition Type: FAT32
 
Computer Name: HORST-PC | User Name: Horst | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 60 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Horst\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
PRC - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe (Hewlett-Packard Company)
 
 
========== Modules (No Company Name) ==========
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (FLEXnet Licensing Service 64) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe (Macrovision Europe Ltd.)
SRV:64bit: - (Bluetooth Device Manager) -- C:\Program Files\Motorola\Bluetooth\devmgrsrv.exe (Motorola, Inc.)
SRV:64bit: - (Bluetooth OBEX Service) -- C:\Program Files\Motorola\Bluetooth\obexsrv.exe (Motorola, Inc.)
SRV:64bit: - (Bluetooth Media Service) -- C:\Program Files\Motorola\Bluetooth\audiosrv.exe (Motorola, Inc.)
SRV:64bit: - (STacSV) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_21dba265e7e67cda\stacsv64.exe (IDT, Inc.)
SRV:64bit: - (AgereModemAudio) -- C:\Program Files\LSI SoftModem\agr64svc.exe (LSI Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV:64bit: - (AESTFilters) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_21dba265e7e67cda\AESTSr64.exe (Andrea Electronics Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (TomTomHOMEService) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (TeamViewer6) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (HPSLPSVC) -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL (Hewlett-Packard Co.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (hpHotkeyMonitor) -- C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe (Hewlett-Packard Company)
SRV - (STacSV) -- C:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_21dba265e7e67cda\STacSV64.exe (IDT, Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (AESTFilters) -- C:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_21dba265e7e67cda\AESTSr64.exe (Andrea Electronics Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (Fs_Rec) -- C:\windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (vpcvmm) -- C:\Windows\SysNative\drivers\vpcvmm.sys (Microsoft Corporation)
DRV:64bit: - (vpcbus) -- C:\Windows\SysNative\drivers\vpchbus.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (vpcusb) -- C:\Windows\SysNative\drivers\vpcusb.sys (Microsoft Corporation)
DRV:64bit: - (vpcnfltr) -- C:\Windows\SysNative\drivers\vpcnfltr.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (BTMUSB) -- C:\Windows\SysNative\drivers\btmusb.sys (Motorola, Inc.)
DRV:64bit: - (netr28x) -- C:\Windows\SysNative\drivers\netr28x.sys (Ralink Technology, Corp.)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (rtsuvc) -- C:\Windows\SysNative\drivers\rtsuvc.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (BTMCOM) -- C:\Windows\SysNative\drivers\btmcom.sys (Motorola, Inc.)
DRV:64bit: - (IntcHdmiAddService) -- C:\Windows\SysNative\drivers\IntcHdmi.sys (Intel(R) Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (HpqKbFiltr) -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys (Hewlett-Packard Company)
DRV:64bit: - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\drivers\agrsm64.sys (LSI Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\drivers\WSDPrint.sys (Microsoft Corporation)
DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation)
DRV:64bit: - (TPM) -- C:\Windows\SysNative\drivers\tpm.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/10
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPCOM/10
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {AAE0BF8C-A05A-4BF1-BD4C-DFF0C4ADD47B}
IE:64bit: - HKLM\..\SearchScopes\{AAE0BF8C-A05A-4BF1-BD4C-DFF0C4ADD47B}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/10
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPCOM/10
IE - HKLM\..\SearchScopes,DefaultScope = {AAE0BF8C-A05A-4BF1-BD4C-DFF0C4ADD47B}
IE - HKLM\..\SearchScopes\{AAE0BF8C-A05A-4BF1-BD4C-DFF0C4ADD47B}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
 
 
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.avira.com/?l=dis&o=APN10395&gct=hp&dc=EU&locale=de_DE
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.avira.com/?l=dis&o=APN10395&gct=hp&dc=EU&locale=de_DE
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-2739802824-2353730146-784405382-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/10
IE - HKU\S-1-5-21-2739802824-2353730146-784405382-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/
IE - HKU\S-1-5-21-2739802824-2353730146-784405382-1000\..\SearchScopes,DefaultScope = {AAE0BF8C-A05A-4BF1-BD4C-DFF0C4ADD47B}
IE - HKU\S-1-5-21-2739802824-2353730146-784405382-1000\..\SearchScopes\{0CC9AA1B-87B4-4D47-87DE-FEF1B1843D1B}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=OSJ000&apn_uid=D7033690-3B8B-405D-AC81-39C941C0F474&apn_sauid=D51C4290-F525-4DFD-BB11-9A6CCF6EE5C9
IE - HKU\S-1-5-21-2739802824-2353730146-784405382-1000\..\SearchScopes\{AAE0BF8C-A05A-4BF1-BD4C-DFF0C4ADD47B}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
IE - HKU\S-1-5-21-2739802824-2353730146-784405382-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledAddons: %7B271A3CF5-5A54-447B-A08F-BE805F0DA60A%7D:3.3.23.0
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0
FF - prefs.js..keyword.URL: "hxxp://go.web.de/tb/mff_keyurl_search/?su="
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_5_502_110.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.11.25 17:21:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.11.03 18:42:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.11.25 17:21:58 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.11.03 18:42:04 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
 
[2012.06.29 18:35:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Horst\AppData\Roaming\mozilla\Extensions
[2012.06.29 18:35:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Horst\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2012.11.25 18:41:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Horst\AppData\Roaming\mozilla\Firefox\Profiles\jv3q9ptg.default\extensions
[2012.02.20 10:36:58 | 000,000,000 | ---D | M] (DDBAC Plug-In) -- C:\Users\Horst\AppData\Roaming\mozilla\Firefox\Profiles\jv3q9ptg.default\extensions\{271A3CF5-5A54-447B-A08F-BE805F0DA60A}
[2012.11.25 18:41:33 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\Horst\AppData\Roaming\mozilla\firefox\profiles\jv3q9ptg.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.06.15 15:45:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012.11.25 17:21:58 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.11.25 17:21:55 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.11.25 17:21:55 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.11.25 17:21:55 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.11.25 17:21:55 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.11.25 17:21:55 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.11.25 17:21:55 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKU\S-1-5-21-2739802824-2353730146-784405382-1000\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [QLBController] C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe (Hewlett-Packard Company)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2739802824-2353730146-784405382-1000..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2739802824-2353730146-784405382-1000..\Run: [TomTomHOME.exe] C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9:64bit: - Extra Button: @C:\Program Files\Motorola\Bluetooth\btmshell.dll,-137 - {bd707fe6-39f6-4bda-9265-86a76719bdc5} - C:\Program Files\Motorola\Bluetooth\btmiesend.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\Motorola\Bluetooth\btmshell.dll,-137 - {bd707fe6-39f6-4bda-9265-86a76719bdc5} - C:\Program Files\Motorola\Bluetooth\btmiesend.htm ()
O9 - Extra Button: @C:\Program Files\Motorola\Bluetooth\btmshell.dll,-137 - {bd707fe6-39f6-4bda-9265-86a76719bdc5} - C:\Program Files\Motorola\Bluetooth\btmiesend.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\Motorola\Bluetooth\btmshell.dll,-137 - {bd707fe6-39f6-4bda-9265-86a76719bdc5} - C:\Program Files\Motorola\Bluetooth\btmiesend.htm ()
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{03D0A12F-8EE4-47AD-9537-B1FD82F5887E}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{34B16D55-67A1-4C0C-8B93-DF0D050059B6}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 60 Days ==========
 
[2012.12.02 12:03:15 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Horst\Desktop\OTL.exe
[2012.12.02 10:04:08 | 000,000,000 | ---D | C] -- C:\Users\Horst\AppData\Roaming\Malwarebytes
[2012.12.02 10:03:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.12.02 10:03:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.12.02 10:03:54 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2012.12.02 10:03:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.12.01 21:05:12 | 000,000,000 | ---D | C] -- C:\Users\Horst\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Farm Fables
[2012.12.01 21:05:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Farm Fables
[2012.11.29 19:35:16 | 000,000,000 | ---D | C] -- C:\ProgramData\CodedColor Common
[2012.11.29 19:35:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AIDAsol Designer
[2012.11.29 19:35:08 | 000,000,000 | ---D | C] -- C:\Users\Horst\AppData\Roaming\AIDAsol Designer
[2012.11.29 19:35:08 | 000,000,000 | ---D | C] -- C:\ProgramData\AIDAsol Designer
[2012.11.29 19:35:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AIDAsol Designer
[2012.11.25 17:26:26 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\javaw.exe
[2012.11.25 17:26:26 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\java.exe
[2012.11.25 17:26:26 | 000,095,208 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\WindowsAccessBridge-32.dll
[2012.11.21 15:10:26 | 000,000,000 | ---D | C] -- C:\Users\Horst\Desktop\2012-11 (Nov)
[2012.11.20 18:53:10 | 000,000,000 | ---D | C] -- C:\Users\Horst\AppData\Roaming\Farm Mania 2.1
[2012.11.16 19:19:09 | 000,000,000 | ---D | C] -- C:\ProgramData\The Revills Games
[2012.11.14 18:06:00 | 000,000,000 | ---D | C] -- C:\Users\Horst\AppData\Roaming\SulusGames
[2012.11.14 12:47:46 | 000,054,376 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\WdfLdr.sys
[2012.11.14 12:47:46 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\Wdfres.dll
[2012.11.14 12:41:11 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll
[2012.11.14 12:41:10 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll
[2012.11.14 12:41:09 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll
[2012.11.14 12:41:09 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\url.dll
[2012.11.14 12:41:09 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\url.dll
[2012.11.14 12:41:09 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll
[2012.11.14 12:41:09 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieUnatt.exe
[2012.11.14 12:41:09 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieUnatt.exe
[2012.11.14 12:41:08 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll
[2012.11.14 12:41:08 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\inetcpl.cpl
[2012.11.14 12:41:08 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\inetcpl.cpl
[2012.11.14 12:41:08 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll
[2012.11.14 12:41:06 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll
[2012.11.14 12:41:06 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll
[2012.11.14 12:41:06 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\vbscript.dll
[2012.11.14 12:36:36 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WUDFPlatform.dll
[2012.11.14 12:36:36 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WUDFCoinstaller.dll
[2012.11.14 12:36:35 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WUDFx.dll
[2012.11.14 12:36:35 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WUDFHost.exe
[2012.11.14 12:03:38 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dhcpcore6.dll
[2012.11.14 12:03:38 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\dhcpcore6.dll
[2012.11.14 12:03:38 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dhcpcsvc6.dll
[2012.11.14 12:03:34 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\netcorehc.dll
[2012.11.14 12:03:34 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ncsi.dll
[2012.11.14 12:03:34 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ncsi.dll
[2012.11.14 12:03:33 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\netcorehc.dll
[2012.11.14 12:03:33 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\netevent.dll
[2012.11.14 12:03:33 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\netevent.dll
[2012.11.14 12:03:15 | 000,095,744 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\synceng.dll
[2012.11.14 12:03:15 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\synceng.dll
[2012.11.13 20:29:40 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\TheLostIncaProphecy
[2012.11.10 11:59:28 | 000,000,000 | ---D | C] -- C:\Users\Horst\AppData\Local\Big Fish Games
[2012.11.05 20:01:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Farm Fishes
[2012.11.05 19:54:08 | 000,000,000 | ---D | C] -- C:\Users\Horst\AppData\Roaming\Total Eclipse
[2012.11.05 18:34:42 | 000,000,000 | ---D | C] -- C:\Users\Horst\AppData\Roaming\DivoGames
[2012.11.03 18:42:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird
[2012.10.30 18:17:07 | 000,000,000 | ---D | C] -- C:\Users\Horst\AppData\Roaming\PeaceCraft3
[2012.10.18 18:23:17 | 000,000,000 | ---D | C] -- C:\Users\Horst\AppData\Roaming\Rainbow
[2012.10.18 11:09:36 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntoskrnl.exe
[2012.10.18 11:09:35 | 003,968,880 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntkrnlpa.exe
[2012.10.18 11:09:35 | 003,914,096 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntoskrnl.exe
[2012.10.18 11:09:25 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\kernel32.dll
[2012.10.18 11:09:25 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\KernelBase.dll
[2012.10.18 11:09:25 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\conhost.exe
[2012.10.18 11:09:24 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\winsrv.dll
[2012.10.18 11:09:22 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64.dll
[2012.10.18 11:09:22 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\setup16.exe
[2012.10.18 11:09:20 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64win.dll
[2012.10.18 11:09:20 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntvdm64.dll
[2012.10.18 11:09:20 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntvdm64.dll
[2012.10.18 11:09:20 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64cpu.dll
[2012.10.18 11:09:20 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\instnm.exe
[2012.10.18 11:09:20 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2012.10.18 11:09:20 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2012.10.18 11:09:20 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2012.10.18 11:09:20 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wow32.dll
[2012.10.18 11:09:20 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2012.10.18 11:09:20 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2012.10.18 11:09:20 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2012.10.18 11:09:20 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2012.10.18 11:09:20 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2012.10.18 11:09:20 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2012.10.18 11:09:20 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2012.10.18 11:09:20 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2012.10.18 11:09:20 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2012.10.18 11:09:20 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2012.10.18 11:09:20 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2012.10.18 11:09:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2012.10.18 11:09:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012.10.18 11:09:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2012.10.18 11:09:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2012.10.18 11:09:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2012.10.18 11:09:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2012.10.18 11:09:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2012.10.18 11:09:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2012.10.18 11:09:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2012.10.18 11:09:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.10.18 11:09:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.10.18 11:09:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2012.10.18 11:09:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2012.10.18 11:09:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2012.10.18 11:09:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2012.10.18 11:09:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2012.10.18 11:09:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2012.10.18 11:09:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2012.10.18 11:09:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2012.10.18 11:09:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012.10.18 11:09:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2012.10.18 11:09:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2012.10.18 11:09:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2012.10.18 11:09:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2012.10.18 11:09:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2012.10.18 11:09:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2012.10.18 11:09:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2012.10.18 11:09:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2012.10.18 11:09:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2012.10.18 11:09:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2012.10.18 11:09:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2012.10.18 11:09:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2012.10.18 11:09:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2012.10.18 11:09:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2012.10.18 11:09:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2012.10.18 11:09:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2012.10.18 11:09:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2012.10.18 11:09:19 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2012.10.18 11:09:19 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2012.10.18 11:09:19 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2012.10.18 11:09:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2012.10.18 11:09:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2012.10.18 11:09:17 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\user.exe
[2012.10.18 11:09:05 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wintrust.dll
[2012.10.18 11:06:39 | 001,464,320 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\crypt32.dll
[2012.10.18 11:06:37 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\cryptnet.dll
[2012.10.09 11:35:15 | 010,220,472 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerInstaller.exe
[2012.10.07 09:14:40 | 000,000,000 | ---D | C] -- C:\Users\Horst\AppData\Roaming\LegacyGames
 
========== Files - Modified Within 60 Days ==========
 
[2012.12.02 12:07:50 | 000,020,720 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.12.02 12:07:50 | 000,020,720 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.12.02 12:03:17 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Horst\Desktop\OTL.exe
[2012.12.02 12:00:11 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012.12.02 12:00:06 | 2072,264,704 | -HS- | M] () -- C:\hiberfil.sys
[2012.12.02 11:57:56 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2012.12.01 21:12:23 | 000,001,220 | ---- | M] () -- C:\Users\Public\Desktop\Weitere fantastische Spiele.lnk
[2012.12.01 21:06:03 | 000,001,599 | ---- | M] () -- C:\Users\Public\Desktop\Spiel Farm Fables.lnk
[2012.11.29 19:35:12 | 000,001,135 | ---- | M] () -- C:\Users\Horst\Desktop\AIDAsol Designer.lnk
[2012.11.25 17:28:45 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe
[2012.11.25 17:28:45 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.11.23 18:52:00 | 095,023,320 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.pad
[2012.11.14 12:55:24 | 000,342,184 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2012.11.14 12:49:37 | 001,524,478 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2012.11.14 12:49:37 | 000,656,294 | ---- | M] () -- C:\windows\SysNative\perfh007.dat
[2012.11.14 12:49:37 | 000,616,800 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2012.11.14 12:49:37 | 000,130,894 | ---- | M] () -- C:\windows\SysNative\perfc007.dat
[2012.11.14 12:49:37 | 000,107,180 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2012.10.09 19:17:13 | 000,226,816 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\dhcpcore6.dll
[2012.10.09 19:17:13 | 000,055,296 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\dhcpcsvc6.dll
[2012.10.09 18:40:31 | 000,193,536 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\dhcpcore6.dll
[2012.10.09 11:35:15 | 010,220,472 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerInstaller.exe
[2012.10.08 12:31:03 | 002,312,704 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll
[2012.10.08 12:22:55 | 001,494,528 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\inetcpl.cpl
[2012.10.08 12:22:17 | 000,237,056 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\url.dll
[2012.10.08 12:18:22 | 000,173,056 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ieUnatt.exe
[2012.10.08 12:17:35 | 000,599,040 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\vbscript.dll
[2012.10.08 12:17:26 | 000,816,640 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll
[2012.10.08 12:15:59 | 000,729,088 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll
[2012.10.08 12:13:54 | 000,096,768 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll
[2012.10.08 12:09:39 | 000,248,320 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll
[2012.10.08 08:47:44 | 001,427,968 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\inetcpl.cpl
[2012.10.08 08:46:32 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\url.dll
[2012.10.08 08:44:05 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\ieUnatt.exe
[2012.10.08 08:43:05 | 000,717,824 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll
[2012.10.08 08:41:19 | 000,073,216 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll
[2012.10.08 08:37:23 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll
[2012.10.03 18:44:17 | 000,246,272 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\netcorehc.dll
[2012.10.03 18:44:17 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\netevent.dll
[2012.10.03 18:44:16 | 000,216,576 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ncsi.dll
[2012.10.03 17:42:24 | 000,175,104 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\netcorehc.dll
[2012.10.03 17:42:24 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\netevent.dll
[2012.10.03 17:42:23 | 000,156,672 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\ncsi.dll
 
========== Files Created - No Company Name ==========
 
[2012.12.01 21:06:03 | 000,001,599 | ---- | C] () -- C:\Users\Public\Desktop\Spiel Farm Fables.lnk
[2012.12.01 21:06:03 | 000,001,220 | ---- | C] () -- C:\Users\Public\Desktop\Weitere fantastische Spiele.lnk
[2012.11.29 19:35:12 | 000,001,135 | ---- | C] () -- C:\Users\Horst\Desktop\AIDAsol Designer.lnk
[2012.11.22 14:06:44 | 095,023,320 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.pad
[2012.11.14 12:47:48 | 000,000,003 | ---- | C] () -- C:\windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012.11.14 12:36:35 | 000,000,003 | ---- | C] () -- C:\windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2011.09.09 16:25:19 | 000,219,057 | ---- | C] () -- C:\windows\hpoins47.dat
[2011.09.09 16:25:19 | 000,000,601 | ---- | C] () -- C:\windows\hpomdl47.dat
[2011.09.07 14:49:46 | 000,014,051 | ---- | C] () -- C:\windows\SysWow64\RaCoInst.dat
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
"ThreadingModel" = Both
"" = C:\$Recycle.Bin\S-1-5-21-2739802824-2353730146-784405382-1000\$54bf92e386dd1c8acf3ec9422b942e1f\n.
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\$Recycle.Bin\S-1-5-18\$54bf92e386dd1c8acf3ec9422b942e1f\n.
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 961 bytes -> C:\Users\Horst\Documents\Willkommen bei Lohnsteuer-kompakt.eml:OECustomProperty
@Alternate Data Stream - 232 bytes -> C:\ProgramData\TEMP:6BFA43EB
@Alternate Data Stream - 231 bytes -> C:\ProgramData\TEMP:EAF954B6
@Alternate Data Stream - 223 bytes -> C:\ProgramData\TEMP:706B1D1A
@Alternate Data Stream - 222 bytes -> C:\ProgramData\TEMP:2DF54B62
@Alternate Data Stream - 215 bytes -> C:\ProgramData\TEMP:9E76E7F3
@Alternate Data Stream - 213 bytes -> C:\ProgramData\TEMP:C0A9B815
@Alternate Data Stream - 205 bytes -> C:\ProgramData\TEMP:D055FC10
@Alternate Data Stream - 200 bytes -> C:\ProgramData\TEMP:99A29126
@Alternate Data Stream - 198 bytes -> C:\ProgramData\TEMP:A3B8F70C
@Alternate Data Stream - 194 bytes -> C:\ProgramData\TEMP:43C9D140
@Alternate Data Stream - 192 bytes -> C:\ProgramData\TEMP:59846E5E
@Alternate Data Stream - 154 bytes -> C:\ProgramData\TEMP:F7FFE8AF
@Alternate Data Stream - 152 bytes -> C:\ProgramData\TEMP:639BB5E9
@Alternate Data Stream - 150 bytes -> C:\ProgramData\TEMP:391535F9
@Alternate Data Stream - 149 bytes -> C:\ProgramData\TEMP:F2327E82
@Alternate Data Stream - 149 bytes -> C:\ProgramData\TEMP:884C7316
@Alternate Data Stream - 149 bytes -> C:\ProgramData\TEMP:2D3CB929
@Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:10873493
@Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:04ADB7A6
@Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:2ABB51D4
@Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:D2397415
@Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:8DD36B71
@Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:53BA2DF6
@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:D696AA12
@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:A6B07419
@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:5CE65446
@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:571CCF8E
@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:14D29229
@Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:FD786DCA
@Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:9812B773
@Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:30E0D641
@Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:2B856118
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:D987CB43
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:7EABF26C
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:0ACF1AF5
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:7D288858
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:436BE28C
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:C6D0ABC3
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:C43C957E
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:A10E88DE
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:DE892EFB
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:CBAF0C30
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:B790962B
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:9CF728A6
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:6EA64886
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:6D192E3A
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:3487C53E
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:EDE28CFC
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:751D6870
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:1709732A
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:F3591DDB
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:EB68CA55
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:5E707762
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:4EE323A4
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:2E45FA8F
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:D3331ADB
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:902C848D
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:5E73E1C2
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:0C988F7D
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:F68CB1A4
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:B88DC997
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:85376176
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:1E942FB9
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:1B47CB83
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:07D64CD9
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:9C337CCE
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:ED2998F5
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:DCA79AB3
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:8C12CFCD
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:27F44544
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:0C65EA0E
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:A2B3764A
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:8AC20936
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:996104FC
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:60AC3BC3
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:58A2C544
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:3C6860C5
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:D01ACC06
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:9D03192E
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:512336B9
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:B36361EE
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:97AAB7F2
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:5F9C8A89
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:3C4BD225
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:0C9CD455
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:D576A536
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:6DDFD746
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:16A4620C
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:1297FF3C
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:ECC979BD
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:CAF8DAC8
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:895A78C5
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:7E4E56EA
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:2D1AE3BE
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:1B3549F2
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:CD6DF7CC
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:C43BFB01
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:A8725EB5
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:A1D3FEF0
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:89A5891E
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:6FD36C4B
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:6F0C95A1
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:56C66609
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:0E22C5DB
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:F2BA92F7
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:E1D6C864
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:BB6ECE53
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:EF0D9BBA
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:AE2EA3C2
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:627B7F7C
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:2216A431
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:217A2A36
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:CA8D6B60
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:4C49306C
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:B285A50E
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:66FC2E6F
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:EB4FEEF5
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:C3AD9507
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:8140CB50
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:553056F1
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:32FFF2D1
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:FC2E567F
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:E5BA9ADD
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:329BA65B
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:6C5EC3CD
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:6677D85A
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:C9FD258B
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:0AE2C68F
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:BF6C81B2
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:5E24C78B
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:1EE5EBCB
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:AF54CFFD
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:FE66A7BB
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:D2249B7E
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:1A4BF204
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:F2AF86D9
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:96AFAB10
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:41289DF0
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:538A9F02
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:339562A6
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:1CE87230
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:28DB0DC4
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:1A8BB29B
@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:9E4F05ED
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:A3E39C6A
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:0778CBF2
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:D1713795
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:B91EDB04
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:9C8D5426
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:880F0FEF

< End of report >
         
Code:
ATTFilter
OTL Extras logfile created on: 02.12.2012 12:05:39 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Horst\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,93 Gb Total Physical Memory | 0,99 Gb Available Physical Memory | 51,27% Memory free
3,86 Gb Paging File | 2,64 Gb Available in Paging File | 68,27% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 280,79 Gb Total Space | 228,99 Gb Free Space | 81,55% Space Free | Partition Type: NTFS
Drive D: | 7,50 Gb Total Space | 7,50 Gb Free Space | 100,00% Space Free | Partition Type: FAT32
Drive E: | 1,99 Gb Total Space | 1,99 Gb Free Space | 99,77% Space Free | Partition Type: FAT32
 
Computer Name: HORST-PC | User Name: Horst | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 60 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-2739802824-2353730146-784405382-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [CEWE FOTOSCHAU] -- "C:\Users\Horst\Desktop\Mein CEWE FOTOBUCH\CEWE FOTOSCHAU.exe" -d "%1"
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Mein CEWE FOTOBUCH] -- "C:\Users\Horst\Desktop\Mein CEWE FOTOBUCH\Mein CEWE FOTOBUCH.exe" "%1"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [CEWE FOTOSCHAU] -- "C:\Users\Horst\Desktop\Mein CEWE FOTOBUCH\CEWE FOTOSCHAU.exe" -d "%1"
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Mein CEWE FOTOBUCH] -- "C:\Users\Horst\Desktop\Mein CEWE FOTOBUCH\Mein CEWE FOTOBUCH.exe" "%1"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{014E482A-0C27-47E3-BA82-307E9DCA2F47}" = HP Photosmart Wireless B110 All-In-One Driver Software 14.0 Rel. 7
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4BBA5224-C5B1-4B8C-AAA4-68DA6654B9C1}" = HP HotKey Support
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6BFAB6C1-6D46-46DB-A538-A269907C9F2F}" = Network64
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{C7AE4EC3-9C13-4213-8457-74D16B353F91}" = HP Web Camera
"{CE47BA54-78AC-409F-9151-BDF5BE15A804}" = Network64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer
"HP Imaging Device Functions" = HP Imaging Device Functions 14.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0
"LSI Soft Modem" = LSI HDA Modem
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Ralink Motorola BC4 Bluetooth 3.0+HS Adapter_is1" = Ralink Motorola BC4 Bluetooth 3.0+HS Adapter
"SynTPDeinstKey" = Synaptics Pointing Device Driver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05D08C4D-58A2-438B-A419-EE994E64E15D}" = B110
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery
"{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant
"{1D61E881-43CD-447B-9E6B-D2C6138B2862}" = HP Webcam
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 9
"{26CE484D-2E8E-40D5-B251-158133114C69}" = TomTom HOME
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{2FB9EA69-51D4-4913-9AD5-762C034DE811}" = Status
"{4412F224-3849-4461-A3E9-DEEF8D252790}" = Visual Studio C++ 10.0 Runtime
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{565E7B0E-B76B-4EAD-9753-F1E72A5CF12E}" = HPAppStudio
"{5BF8E079-D6E2-4323-B794-75152371122A}" = Windows 7 Default Setting
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{69391456-8152-8734-9500-810313212870}" = Garten Panik
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.0.0
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{8E4B1BE8-DCF3-4B90-A726-B28107442623}" = SolutionCenter
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}" = Ralink RT3090 802.11b/g/n WiFi Adapter
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A436F67F-687E-4736-BD2B-537121A804CF}" = HP Product Detection
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2
"{BBFB2E59-B0DB-42C8-8F4D-CF4E85471667}" = Toolbox
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp
"{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}" = HP Webcam Driver
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E517094C-06B6-419F-8FFD-EF4F57972130}" = QuickTransfer
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}" = Realtek Ethernet Controller All-In-One Windows Driver
"{F88E2E04-7EF5-488C-8E38-C94EB808458E}" = PS_AIO_07_B110_SW_Min
"{F9336255-6BBB-4B38-9F98-E85988BF99CA}" = DDBAC
"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"aida_sol_is1" = AIDAsol Designer 3.6.2
"ALDI NORD Bestellsoftware" = ALDI NORD Bestellsoftware 4.12.1
"Avira AntiVir Desktop" = Avira Free Antivirus
"BFG-Around the World in 80 Days" = Around the World in 80 Days
"BFG-Azada - Ancient Magic" = Azada ™: Ancient Magic
"BFGC" = Big Fish Games: Game Manager
"BFG-Call of Atlantis" = Call of Atlantis
"BFG-DragonStone" = DragonStone
"BFG-Drawn - Flucht aus der Dunkelheit Sammleredition" = Drawn: &reg; Flucht aus der Dunkelheit Sammleredition
"BFG-Echoes of the Past - Das Schloss der Schatten Sammleredition" = Echoes of the Past: Das Schloss der Schatten Sammleredition
"BFG-Escape the Museum" = Escape the Museum
"BFG-Farm Fables" = Farm Fables
"BFG-Jewel Quest III" = Jewel Quest III
"BFG-Reincarnations - Enthuelle das Gestern" = Reincarnations: Enthülle das Gestern
"BFG-The Return of Monte Cristo" = The Return of Monte Cristo
"BFG-Twisted Lands - Die Schattenstadt - Sammleredition" = Twisted Lands: Die Schattenstadt - Sammleredition
"DB Screensaver 02" = DB Screensaver 02
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Farmscapes_is1" = Farmscapes
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"Mein CEWE FOTOBUCH" = Mein CEWE FOTOBUCH
"Mozilla Firefox 17.0 (x86 de)" = Mozilla Firefox 17.0 (x86 de)
"Mozilla Thunderbird 16.0.2 (x86 de)" = Mozilla Thunderbird 16.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"TeamViewer 6" = TeamViewer 6
"VLC media player" = VLC media player 1.1.11
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 26.07.2012 14:21:22 | Computer Name = Horst-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: zengems.exe, Version: 0.0.0.0, Zeitstempel:
 0x48052690  Name des fehlerhaften Moduls: zengems.exe, Version: 0.0.0.0, Zeitstempel:
 0x48052690  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00006137  ID des fehlerhaften Prozesses:
 0x10ec  Startzeit der fehlerhaften Anwendung: 0x01cd6b531e20f861  Pfad der fehlerhaften
 Anwendung: C:\BIG\ZenGems\zengems.exe  Pfad des fehlerhaften Moduls: C:\BIG\ZenGems\zengems.exe
Berichtskennung:
 b34fee51-d74e-11e1-ab49-6431507f4509
 
Error - 08.08.2012 07:20:06 | Computer Name = Horst-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Mein CEWE FOTOBUCH.exe, Version: 
0.0.0.0, Zeitstempel: 0x4e670f26  Name des fehlerhaften Moduls: QtCore4.dll, Version:
 4.7.1.0, Zeitstempel: 0x4e5e4c6b  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00020f28
ID
 des fehlerhaften Prozesses: 0xffc  Startzeit der fehlerhaften Anwendung: 0x01cd7557b3ed1f3f
Pfad
 der fehlerhaften Anwendung: C:\Program Files (x86)\CEWE COLOR\Mein CEWE FOTOBUCH\Mein
 CEWE FOTOBUCH.exe  Pfad des fehlerhaften Moduls: C:\Program Files (x86)\CEWE COLOR\Mein
 CEWE FOTOBUCH\QtCore4.dll  Berichtskennung: 01022140-e14b-11e1-9fc8-6431507f4509
 
Error - 08.08.2012 12:02:59 | Computer Name = Horst-PC | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 13.0.1.4548 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: c30    Startzeit: 
01cd757f1b694767    Endzeit: 0    Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Berichts-ID:
 7e98686a-e172-11e1-b0fe-6431507f4509  
 
Error - 29.08.2012 14:50:42 | Computer Name = Horst-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: hpqwmiex.exe, Version: 4.0.51.1, 
Zeitstempel: 0x4c3b7c76  Name des fehlerhaften Moduls: OLEAUT32.dll, Version: 6.1.7601.17676,
 Zeitstempel: 0x4e58702a  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00004660  ID des fehlerhaften
 Prozesses: 0xcc0  Startzeit der fehlerhaften Anwendung: 0x01cd8617272d0d4b  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
Pfad
 des fehlerhaften Moduls: C:\windows\syswow64\OLEAUT32.dll  Berichtskennung: 6eb98d8e-f20a-11e1-9ac6-6431507f4509
 
Error - 30.08.2012 10:15:54 | Computer Name = Horst-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: 36B.tmp, Version: 0.0.0.0, Zeitstempel:
 0x4fff7bd7  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725, Zeitstempel:
 0x4ec49b8f  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0002f7da  ID des fehlerhaften Prozesses:
 0xb40  Startzeit der fehlerhaften Anwendung: 0x01cd86b9f6f05091  Pfad der fehlerhaften
 Anwendung: C:\Users\Horst\AppData\Local\Temp\36B.tmp  Pfad des fehlerhaften Moduls:
 C:\windows\SysWOW64\ntdll.dll  Berichtskennung: 356965d9-f2ad-11e1-a8b4-6431507f4509
 
Error - 07.09.2012 07:07:02 | Computer Name = Horst-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: hpqwmiex.exe, Version: 4.0.51.1, 
Zeitstempel: 0x4c3b7c76  Name des fehlerhaften Moduls: OLEAUT32.dll, Version: 6.1.7601.17676,
 Zeitstempel: 0x4e58702a  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00004660  ID des fehlerhaften
 Prozesses: 0xc6c  Startzeit der fehlerhaften Anwendung: 0x01cd8ce8e2d6454f  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
Pfad
 des fehlerhaften Moduls: C:\windows\syswow64\OLEAUT32.dll  Berichtskennung: 26208f54-f8dc-11e1-b682-6431507f4509
 
Error - 08.10.2012 11:04:27 | Computer Name = Horst-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: hpqwmiex.exe, Version: 4.0.51.1, 
Zeitstempel: 0x4c3b7c76  Name des fehlerhaften Moduls: OLEAUT32.dll, Version: 6.1.7601.17676,
 Zeitstempel: 0x4e58702a  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00004660  ID des fehlerhaften
 Prozesses: 0xd80  Startzeit der fehlerhaften Anwendung: 0x01cda5308d79cb98  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
Pfad
 des fehlerhaften Moduls: C:\windows\syswow64\OLEAUT32.dll  Berichtskennung: 73dba4cd-1159-11e2-89ab-6431507f4509
 
Error - 10.10.2012 13:38:57 | Computer Name = Horst-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: hpqwmiex.exe, Version: 4.0.51.1, 
Zeitstempel: 0x4c3b7c76  Name des fehlerhaften Moduls: OLEAUT32.dll, Version: 6.1.7601.17676,
 Zeitstempel: 0x4e58702a  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00004660  ID des fehlerhaften
 Prozesses: 0xc74  Startzeit der fehlerhaften Anwendung: 0x01cda70e1b960292  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
Pfad
 des fehlerhaften Moduls: C:\windows\syswow64\OLEAUT32.dll  Berichtskennung: 5dfe29de-1301-11e2-89c6-6431507f4509
 
Error - 18.10.2012 05:58:38 | Computer Name = Horst-PC | Source = Avira Antivirus | ID = 4110
Description = Während der Initialisierung der Suchengine trat ein unbekannter Fehler
 auf!  Fehlercode: 0x35
 
Error - 18.10.2012 11:13:24 | Computer Name = Horst-PC | Source = Avira Antivirus | ID = 4110
Description = Während der Initialisierung der Suchengine trat ein unbekannter Fehler
 auf!  Fehlercode: 0x35
 
[ System Events ]
Error - 02.12.2012 04:54:50 | Computer Name = Horst-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "HP Health Check Service" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%2
 
Error - 02.12.2012 05:05:38 | Computer Name = Horst-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuche-Ressourcenveröffentlichung"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%-2147024891
 
Error - 02.12.2012 05:05:38 | Computer Name = Horst-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde mit folgendem
 Fehler beendet:   %%-2147024891
 
Error - 02.12.2012 07:00:19 | Computer Name = Horst-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Computerbrowser" wurde mit folgendem Fehler beendet:   %%1060
 
Error - 02.12.2012 07:00:21 | Computer Name = Horst-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde mit folgendem
 Fehler beendet:   %%-2147024891
 
Error - 02.12.2012 07:00:22 | Computer Name = Horst-PC | Source = Service Control Manager | ID = 7003
Description = Der Dienst "IKE- und AuthIP IPsec-Schlüsselerstellungsmodule" ist 
von folgendem Dienst abhängig: BFE. Dieser Dienst ist eventuell nicht installiert.
 
Error - 02.12.2012 07:00:22 | Computer Name = Horst-PC | Source = Service Control Manager | ID = 7003
Description = Der Dienst "IPsec-Richtlinien-Agent" ist von folgendem Dienst abhängig:
 BFE. Dieser Dienst ist eventuell nicht installiert.
 
Error - 02.12.2012 07:02:26 | Computer Name = Horst-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuche-Ressourcenveröffentlichung"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%-2147024891
 
Error - 02.12.2012 07:02:26 | Computer Name = Horst-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde mit folgendem
 Fehler beendet:   %%-2147024891
 
Error - 02.12.2012 07:02:48 | Computer Name = Horst-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "HP Health Check Service" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%2
 
 
< End of report >
         

Alt 02.12.2012, 16:38   #2
t'john
/// Helfer-Team
 
GVU Trojaner entfernen - Standard

GVU Trojaner entfernen





Die Bereinigung besteht aus mehreren Schritten, die ausgefuehrt werden muessen.
Diese Nacheinander abarbeiten und die 3 Logs, die dabei erstellt werden bitte in deine naechste Antwort einfuegen.

Sollte der OTL-FIX nicht richig durchgelaufen sein. Fahre nicht fort, sondern melde dies bitte.

1. Schritt

Fixen mit OTL

Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).

  • Deaktiviere etwaige Virenscanner wie Avira, Kaspersky etc.
  • Starte die OTL.exe.
    Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
  • Kopiere folgendes Skript in das Textfeld unterhalb von Benuterdefinierte Scans/Fixes:
  • Der Fix fängt mit :OTL an. Vergewissere dich, dass du ihn richtig kopiert hast.


Code:
ATTFilter
:OTL

@Alternate Data Stream - 232 bytes -> C:\ProgramData\Temp:6BFA43EB 
@Alternate Data Stream - 231 bytes -> C:\ProgramData\Temp:EAF954B6 
@Alternate Data Stream - 223 bytes -> C:\ProgramData\Temp:706B1D1A 
@Alternate Data Stream - 222 bytes -> C:\ProgramData\Temp:2DF54B62 
@Alternate Data Stream - 215 bytes -> C:\ProgramData\Temp:9E76E7F3 
@Alternate Data Stream - 213 bytes -> C:\ProgramData\Temp:C0A9B815 
@Alternate Data Stream - 205 bytes -> C:\ProgramData\Temp:D055FC10 
@Alternate Data Stream - 200 bytes -> C:\ProgramData\Temp:99A29126 
@Alternate Data Stream - 198 bytes -> C:\ProgramData\Temp:A3B8F70C 
@Alternate Data Stream - 194 bytes -> C:\ProgramData\Temp:43C9D140 
@Alternate Data Stream - 192 bytes -> C:\ProgramData\Temp:59846E5E 
@Alternate Data Stream - 154 bytes -> C:\ProgramData\Temp:F7FFE8AF 
@Alternate Data Stream - 152 bytes -> C:\ProgramData\Temp:639BB5E9 
@Alternate Data Stream - 150 bytes -> C:\ProgramData\Temp:391535F9 
@Alternate Data Stream - 149 bytes -> C:\ProgramData\Temp:F2327E82 
@Alternate Data Stream - 149 bytes -> C:\ProgramData\Temp:884C7316 
@Alternate Data Stream - 149 bytes -> C:\ProgramData\Temp:2D3CB929 
@Alternate Data Stream - 148 bytes -> C:\ProgramData\Temp:10873493 
@Alternate Data Stream - 148 bytes -> C:\ProgramData\Temp:04ADB7A6 
@Alternate Data Stream - 147 bytes -> C:\ProgramData\Temp:2ABB51D4 
@Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:D2397415 
@Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:8DD36B71 
@Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:53BA2DF6 
@Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:D696AA12 
@Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:A6B07419 
@Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:5CE65446 
@Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:571CCF8E 
@Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:14D29229 
@Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:FD786DCA 
@Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:9812B773 
@Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:30E0D641 
@Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:2B856118 
@Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:D987CB43 
@Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:7EABF26C 
@Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:0ACF1AF5 
@Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:7D288858 
@Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:436BE28C 
@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:C6D0ABC3 
@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:C43C957E 
@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:A10E88DE 
@Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:DE892EFB 
@Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:CBAF0C30 
@Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:B790962B 
@Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:9CF728A6 
@Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:6EA64886 
@Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:6D192E3A 
@Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:3487C53E 
@Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:EDE28CFC 
@Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:751D6870 
@Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:1709732A 
@Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:F3591DDB 
@Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:EB68CA55 
@Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:5E707762 
@Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:4EE323A4 
@Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:2E45FA8F 
@Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:D3331ADB 
@Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:902C848D 
@Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:5E73E1C2 
@Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:0C988F7D 
@Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:F68CB1A4 
@Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:B88DC997 
@Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:85376176 
@Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:1E942FB9 
@Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:1B47CB83 
@Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:07D64CD9 
@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:9C337CCE 
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:ED2998F5 
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:DCA79AB3 
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:8C12CFCD 
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:27F44544 
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:0C65EA0E 
@Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:A2B3764A 
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:8AC20936 
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:996104FC 
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:60AC3BC3 
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:58A2C544 
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:3C6860C5 
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:D01ACC06 
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:9D03192E 
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:512336B9 
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:B36361EE 
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:97AAB7F2 
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:5F9C8A89 
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:3C4BD225 
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:0C9CD455 
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:D576A536 
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:6DDFD746 
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:16A4620C 
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:1297FF3C 
@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:ECC979BD 
@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:CAF8DAC8 
@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:895A78C5 
@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:7E4E56EA 
@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:2D1AE3BE 
@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:1B3549F2 
@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:CD6DF7CC 
@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:C43BFB01 
@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:A8725EB5 
@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:A1D3FEF0 
@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:89A5891E 
@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:6FD36C4B 
@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:6F0C95A1 
@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:56C66609 
@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:0E22C5DB 
@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:F2BA92F7 
@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:E1D6C864 
@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:BB6ECE53 
@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:EF0D9BBA 
@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:AE2EA3C2 
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:627B7F7C 
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:2216A431 
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:217A2A36 
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:CA8D6B60 
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:4C49306C 
@Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:B285A50E 
@Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:66FC2E6F 
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:EB4FEEF5 
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:C3AD9507 
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:8140CB50 
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:553056F1 
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:32FFF2D1 
@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:FC2E567F 
@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:E5BA9ADD 
@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:329BA65B 
@Alternate Data Stream - 117 bytes -> C:\ProgramData\Temp:6C5EC3CD 
@Alternate Data Stream - 116 bytes -> C:\ProgramData\Temp:6677D85A 
@Alternate Data Stream - 115 bytes -> C:\ProgramData\Temp:C9FD258B 
@Alternate Data Stream - 115 bytes -> C:\ProgramData\Temp:0AE2C68F 
@Alternate Data Stream - 114 bytes -> C:\ProgramData\Temp:BF6C81B2 
@Alternate Data Stream - 114 bytes -> C:\ProgramData\Temp:5E24C78B 
@Alternate Data Stream - 114 bytes -> C:\ProgramData\Temp:1EE5EBCB 
@Alternate Data Stream - 113 bytes -> C:\ProgramData\Temp:AF54CFFD 
@Alternate Data Stream - 112 bytes -> C:\ProgramData\Temp:FE66A7BB 
@Alternate Data Stream - 112 bytes -> C:\ProgramData\Temp:D2249B7E 
@Alternate Data Stream - 111 bytes -> C:\ProgramData\Temp:1A4BF204 
@Alternate Data Stream - 110 bytes -> C:\ProgramData\Temp:F2AF86D9 
@Alternate Data Stream - 110 bytes -> C:\ProgramData\Temp:96AFAB10 
@Alternate Data Stream - 108 bytes -> C:\ProgramData\Temp:41289DF0 
@Alternate Data Stream - 107 bytes -> C:\ProgramData\Temp:538A9F02 
@Alternate Data Stream - 105 bytes -> C:\ProgramData\Temp:339562A6 
@Alternate Data Stream - 105 bytes -> C:\ProgramData\Temp:1CE87230 
@Alternate Data Stream - 104 bytes -> C:\ProgramData\Temp:28DB0DC4 
@Alternate Data Stream - 104 bytes -> C:\ProgramData\Temp:1A8BB29B 
@Alternate Data Stream - 103 bytes -> C:\ProgramData\Temp:9E4F05ED 
@Alternate Data Stream - 102 bytes -> C:\ProgramData\Temp:A3E39C6A 
@Alternate Data Stream - 102 bytes -> C:\ProgramData\Temp:0778CBF2 
@Alternate Data Stream - 101 bytes -> C:\ProgramData\Temp:D1713795 
@Alternate Data Stream - 101 bytes -> C:\ProgramData\Temp:B91EDB04 
@Alternate Data Stream - 101 bytes -> C:\ProgramData\Temp:9C8D5426 
@Alternate Data Stream - 101 bytes -> C:\ProgramData\Temp:880F0FEF 
[2012.11.23 18:52:00 | 095,023,320 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.pad 
:Files
C:\ProgramData\*.exe
C:\ProgramData\*.dll
C:\ProgramData\*.tmp
C:\ProgramData\TEMP
C:\Users\Horst\*.tmp
C:\Users\Horst\AppData\Local\Temp\*.exe
C:\Users\Horst\AppData\LocalLow\Sun\Java\Deployment\cache
%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
ipconfig /flushdns /c
:Commands
[emptytemp]
         
  • Schließe alle Programme.
  • Klicke auf den Fix Button.
  • Wenn OTL einen Neustart verlangt, bitte zulassen.
  • Kopiere den Inhalt des Logfiles hier in Code-Tags in Deinen Thread.
    Nachträglich kannst Du das Logfile hier einsehen => C:\_OTL\MovedFiles\<datum_nummer.log>

Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!



2. Schritt
Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Malwarebytes Anti-Malware
- Anwendbar auf Windows 2000, XP, Vista und 7.
- Installiere das Programm in den vorgegebenen Pfad.
- Aktualisiere die Datenbank!
- Aktiviere "Komplett Scan durchführen" => Scan.
- Wähle alle verfügbaren Laufwerke (ausser CD/DVD) aus und starte den Scan.
- Funde bitte löschen lassen oder in Quarantäne.
- Wenn der Scan beendet ist, klicke auf "Zeige Resultate".
danach:

3. Schritt
Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).
__________________

__________________

Alt 03.12.2012, 16:41   #3
kobo1337
 
GVU Trojaner entfernen - Standard

GVU Trojaner entfernen



Hallo,
vielen Dank für die schnelle Hilfe.
Hier sind die beiden Logs:

Code:
ATTFilter
All processes killed
========== OTL ==========
ADS C:\ProgramData\Temp:6BFA43EB deleted successfully.
ADS C:\ProgramData\Temp:EAF954B6 deleted successfully.
ADS C:\ProgramData\Temp:706B1D1A deleted successfully.
ADS C:\ProgramData\Temp:2DF54B62 deleted successfully.
ADS C:\ProgramData\Temp:9E76E7F3 deleted successfully.
ADS C:\ProgramData\Temp:C0A9B815 deleted successfully.
ADS C:\ProgramData\Temp:D055FC10 deleted successfully.
ADS C:\ProgramData\Temp:99A29126 deleted successfully.
ADS C:\ProgramData\Temp:A3B8F70C deleted successfully.
ADS C:\ProgramData\Temp:43C9D140 deleted successfully.
ADS C:\ProgramData\Temp:59846E5E deleted successfully.
ADS C:\ProgramData\Temp:F7FFE8AF deleted successfully.
ADS C:\ProgramData\Temp:639BB5E9 deleted successfully.
ADS C:\ProgramData\Temp:391535F9 deleted successfully.
ADS C:\ProgramData\Temp:F2327E82 deleted successfully.
ADS C:\ProgramData\Temp:884C7316 deleted successfully.
ADS C:\ProgramData\Temp:2D3CB929 deleted successfully.
ADS C:\ProgramData\Temp:10873493 deleted successfully.
ADS C:\ProgramData\Temp:04ADB7A6 deleted successfully.
ADS C:\ProgramData\Temp:2ABB51D4 deleted successfully.
ADS C:\ProgramData\Temp:D2397415 deleted successfully.
ADS C:\ProgramData\Temp:8DD36B71 deleted successfully.
ADS C:\ProgramData\Temp:53BA2DF6 deleted successfully.
ADS C:\ProgramData\Temp:D696AA12 deleted successfully.
ADS C:\ProgramData\Temp:A6B07419 deleted successfully.
ADS C:\ProgramData\Temp:5CE65446 deleted successfully.
ADS C:\ProgramData\Temp:571CCF8E deleted successfully.
ADS C:\ProgramData\Temp:14D29229 deleted successfully.
ADS C:\ProgramData\Temp:FD786DCA deleted successfully.
ADS C:\ProgramData\Temp:9812B773 deleted successfully.
ADS C:\ProgramData\Temp:30E0D641 deleted successfully.
ADS C:\ProgramData\Temp:2B856118 deleted successfully.
ADS C:\ProgramData\Temp:D987CB43 deleted successfully.
ADS C:\ProgramData\Temp:7EABF26C deleted successfully.
ADS C:\ProgramData\Temp:0ACF1AF5 deleted successfully.
ADS C:\ProgramData\Temp:7D288858 deleted successfully.
ADS C:\ProgramData\Temp:436BE28C deleted successfully.
ADS C:\ProgramData\Temp:C6D0ABC3 deleted successfully.
ADS C:\ProgramData\Temp:C43C957E deleted successfully.
ADS C:\ProgramData\Temp:A10E88DE deleted successfully.
ADS C:\ProgramData\Temp:DE892EFB deleted successfully.
ADS C:\ProgramData\Temp:CBAF0C30 deleted successfully.
ADS C:\ProgramData\Temp:B790962B deleted successfully.
ADS C:\ProgramData\Temp:9CF728A6 deleted successfully.
ADS C:\ProgramData\Temp:6EA64886 deleted successfully.
ADS C:\ProgramData\Temp:6D192E3A deleted successfully.
ADS C:\ProgramData\Temp:3487C53E deleted successfully.
ADS C:\ProgramData\Temp:EDE28CFC deleted successfully.
ADS C:\ProgramData\Temp:751D6870 deleted successfully.
ADS C:\ProgramData\Temp:1709732A deleted successfully.
ADS C:\ProgramData\Temp:F3591DDB deleted successfully.
ADS C:\ProgramData\Temp:EB68CA55 deleted successfully.
ADS C:\ProgramData\Temp:5E707762 deleted successfully.
ADS C:\ProgramData\Temp:4EE323A4 deleted successfully.
ADS C:\ProgramData\Temp:2E45FA8F deleted successfully.
ADS C:\ProgramData\Temp:D3331ADB deleted successfully.
ADS C:\ProgramData\Temp:902C848D deleted successfully.
ADS C:\ProgramData\Temp:5E73E1C2 deleted successfully.
ADS C:\ProgramData\Temp:0C988F7D deleted successfully.
ADS C:\ProgramData\Temp:F68CB1A4 deleted successfully.
ADS C:\ProgramData\Temp:B88DC997 deleted successfully.
ADS C:\ProgramData\Temp:85376176 deleted successfully.
ADS C:\ProgramData\Temp:1E942FB9 deleted successfully.
ADS C:\ProgramData\Temp:1B47CB83 deleted successfully.
ADS C:\ProgramData\Temp:07D64CD9 deleted successfully.
ADS C:\ProgramData\Temp:9C337CCE deleted successfully.
ADS C:\ProgramData\Temp:ED2998F5 deleted successfully.
ADS C:\ProgramData\Temp:DCA79AB3 deleted successfully.
ADS C:\ProgramData\Temp:8C12CFCD deleted successfully.
ADS C:\ProgramData\Temp:27F44544 deleted successfully.
ADS C:\ProgramData\Temp:0C65EA0E deleted successfully.
ADS C:\ProgramData\Temp:A2B3764A deleted successfully.
ADS C:\ProgramData\Temp:8AC20936 deleted successfully.
ADS C:\ProgramData\Temp:996104FC deleted successfully.
ADS C:\ProgramData\Temp:60AC3BC3 deleted successfully.
ADS C:\ProgramData\Temp:58A2C544 deleted successfully.
ADS C:\ProgramData\Temp:3C6860C5 deleted successfully.
ADS C:\ProgramData\Temp:D01ACC06 deleted successfully.
ADS C:\ProgramData\Temp:9D03192E deleted successfully.
ADS C:\ProgramData\Temp:512336B9 deleted successfully.
ADS C:\ProgramData\Temp:B36361EE deleted successfully.
ADS C:\ProgramData\Temp:97AAB7F2 deleted successfully.
ADS C:\ProgramData\Temp:5F9C8A89 deleted successfully.
ADS C:\ProgramData\Temp:3C4BD225 deleted successfully.
ADS C:\ProgramData\Temp:0C9CD455 deleted successfully.
ADS C:\ProgramData\Temp:D576A536 deleted successfully.
ADS C:\ProgramData\Temp:6DDFD746 deleted successfully.
ADS C:\ProgramData\Temp:16A4620C deleted successfully.
ADS C:\ProgramData\Temp:1297FF3C deleted successfully.
ADS C:\ProgramData\Temp:ECC979BD deleted successfully.
ADS C:\ProgramData\Temp:CAF8DAC8 deleted successfully.
ADS C:\ProgramData\Temp:895A78C5 deleted successfully.
ADS C:\ProgramData\Temp:7E4E56EA deleted successfully.
ADS C:\ProgramData\Temp:2D1AE3BE deleted successfully.
ADS C:\ProgramData\Temp:1B3549F2 deleted successfully.
ADS C:\ProgramData\Temp:CD6DF7CC deleted successfully.
ADS C:\ProgramData\Temp:C43BFB01 deleted successfully.
ADS C:\ProgramData\Temp:A8725EB5 deleted successfully.
ADS C:\ProgramData\Temp:A1D3FEF0 deleted successfully.
ADS C:\ProgramData\Temp:89A5891E deleted successfully.
ADS C:\ProgramData\Temp:6FD36C4B deleted successfully.
ADS C:\ProgramData\Temp:6F0C95A1 deleted successfully.
ADS C:\ProgramData\Temp:56C66609 deleted successfully.
ADS C:\ProgramData\Temp:0E22C5DB deleted successfully.
ADS C:\ProgramData\Temp:F2BA92F7 deleted successfully.
ADS C:\ProgramData\Temp:E1D6C864 deleted successfully.
ADS C:\ProgramData\Temp:BB6ECE53 deleted successfully.
ADS C:\ProgramData\Temp:EF0D9BBA deleted successfully.
ADS C:\ProgramData\Temp:AE2EA3C2 deleted successfully.
ADS C:\ProgramData\Temp:627B7F7C deleted successfully.
ADS C:\ProgramData\Temp:2216A431 deleted successfully.
ADS C:\ProgramData\Temp:217A2A36 deleted successfully.
ADS C:\ProgramData\Temp:CA8D6B60 deleted successfully.
ADS C:\ProgramData\Temp:4C49306C deleted successfully.
ADS C:\ProgramData\Temp:B285A50E deleted successfully.
ADS C:\ProgramData\Temp:66FC2E6F deleted successfully.
ADS C:\ProgramData\Temp:EB4FEEF5 deleted successfully.
ADS C:\ProgramData\Temp:C3AD9507 deleted successfully.
ADS C:\ProgramData\Temp:8140CB50 deleted successfully.
ADS C:\ProgramData\Temp:553056F1 deleted successfully.
ADS C:\ProgramData\Temp:32FFF2D1 deleted successfully.
ADS C:\ProgramData\Temp:FC2E567F deleted successfully.
ADS C:\ProgramData\Temp:E5BA9ADD deleted successfully.
ADS C:\ProgramData\Temp:329BA65B deleted successfully.
ADS C:\ProgramData\Temp:6C5EC3CD deleted successfully.
ADS C:\ProgramData\Temp:6677D85A deleted successfully.
ADS C:\ProgramData\Temp:C9FD258B deleted successfully.
ADS C:\ProgramData\Temp:0AE2C68F deleted successfully.
ADS C:\ProgramData\Temp:BF6C81B2 deleted successfully.
ADS C:\ProgramData\Temp:5E24C78B deleted successfully.
ADS C:\ProgramData\Temp:1EE5EBCB deleted successfully.
ADS C:\ProgramData\Temp:AF54CFFD deleted successfully.
ADS C:\ProgramData\Temp:FE66A7BB deleted successfully.
ADS C:\ProgramData\Temp:D2249B7E deleted successfully.
ADS C:\ProgramData\Temp:1A4BF204 deleted successfully.
ADS C:\ProgramData\Temp:F2AF86D9 deleted successfully.
ADS C:\ProgramData\Temp:96AFAB10 deleted successfully.
ADS C:\ProgramData\Temp:41289DF0 deleted successfully.
ADS C:\ProgramData\Temp:538A9F02 deleted successfully.
ADS C:\ProgramData\Temp:339562A6 deleted successfully.
ADS C:\ProgramData\Temp:1CE87230 deleted successfully.
ADS C:\ProgramData\Temp:28DB0DC4 deleted successfully.
ADS C:\ProgramData\Temp:1A8BB29B deleted successfully.
ADS C:\ProgramData\Temp:9E4F05ED deleted successfully.
ADS C:\ProgramData\Temp:A3E39C6A deleted successfully.
ADS C:\ProgramData\Temp:0778CBF2 deleted successfully.
ADS C:\ProgramData\Temp:D1713795 deleted successfully.
ADS C:\ProgramData\Temp:B91EDB04 deleted successfully.
ADS C:\ProgramData\Temp:9C8D5426 deleted successfully.
ADS C:\ProgramData\Temp:880F0FEF deleted successfully.
C:\ProgramData\dsgsdgdsgdsgw.pad moved successfully.
========== FILES ==========
File\Folder C:\ProgramData\*.exe not found.
File\Folder C:\ProgramData\*.dll not found.
File\Folder C:\ProgramData\*.tmp not found.
C:\ProgramData\TEMP folder moved successfully.
File\Folder C:\Users\Horst\*.tmp not found.
C:\Users\Horst\AppData\Local\Temp\APNStub.exe moved successfully.
C:\Users\Horst\AppData\Local\Temp\firefoxjre_exe-1.exe moved successfully.
C:\Users\Horst\AppData\Local\Temp\firefoxjre_exe-2.exe moved successfully.
C:\Users\Horst\AppData\Local\Temp\firefoxjre_exe.exe moved successfully.
C:\Users\Horst\AppData\Local\Temp\HPQSi.exe moved successfully.
C:\Users\Horst\AppData\Local\Temp\InstallFlashPlayer.exe moved successfully.
C:\Users\Horst\AppData\Local\Temp\jre-6u31-windows-i586-iftw-rv.exe moved successfully.
C:\Users\Horst\AppData\Local\Temp\jre-7u5-windows-i586-iftw.exe moved successfully.
C:\Users\Horst\AppData\Local\Temp\jre-7u7-windows-i586-iftw.exe moved successfully.
C:\Users\Horst\AppData\Local\Temp\MSNF46E.exe moved successfully.
C:\Users\Horst\AppData\Local\Temp\uninstall.exe moved successfully.
C:\Users\Horst\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\tmp folder moved successfully.
C:\Users\Horst\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\muffin folder moved successfully.
C:\Users\Horst\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\host folder moved successfully.
C:\Users\Horst\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9 folder moved successfully.
C:\Users\Horst\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8 folder moved successfully.
C:\Users\Horst\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7 folder moved successfully.
C:\Users\Horst\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63 folder moved successfully.
C:\Users\Horst\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62 folder moved successfully.
C:\Users\Horst\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61 folder moved successfully.
C:\Users\Horst\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60 folder moved successfully.
C:\Users\Horst\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6 folder moved successfully.
C:\Users\Horst\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59 folder moved successfully.
C:\Users\Horst\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58 folder moved successfully.
C:\Users\Horst\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57 folder moved successfully.
C:\Users\Horst\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56 folder moved successfully.
C:\Users\Horst\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55 folder moved successfully.
C:\Users\Horst\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54 folder moved successfully.
C:\Users\Horst\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53 folder moved successfully.
C:\Users\Horst\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52 folder moved successfully.
C:\Users\Horst\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51 folder moved successfully.
C:\Users\Horst\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50 folder moved successfully.
C:\Users\Horst\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5 folder moved successfully.
C:\Users\Horst\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49 folder moved successfully.
C:\Users\Horst\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48 folder moved successfully.
C:\Users\Horst\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47 folder moved successfully.
C:\Users\Horst\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46 folder moved successfully.
C:\Users\Horst\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45 folder moved successfully.
C:\Users\Horst\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44 folder moved successfully.
C:\Users\Horst\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43 folder moved successfully.
C:\Users\Horst\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42 folder moved successfully.
C:\Users\Horst\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41 folder moved successfully.
C:\Users\Horst\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40 folder moved successfully.
C:\Users\Horst\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4 folder moved successfully.
C:\Users\Horst\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39 folder moved successfully.
C:\Users\Horst\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38 folder moved successfully.
C:\Users\Horst\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37 folder moved successfully.
C:\Users\Horst\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36 folder moved successfully.
C:\Users\Horst\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35 folder moved successfully.
C:\Users\Horst\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34 folder moved successfully.
C:\Users\Horst\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33 folder moved successfully.
C:\Users\Horst\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32 folder moved successfully.
C:\Users\Horst\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31 folder moved successfully.
C:\Users\Horst\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30 folder moved successfully.
C:\Users\Horst\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3 folder moved successfully.
C:\Users\Horst\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29 folder moved successfully.
C:\Users\Horst\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28 folder moved successfully.
C:\Users\Horst\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27 folder moved successfully.
C:\Users\Horst\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26 folder moved successfully.
C:\Users\Horst\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25 folder moved successfully.
C:\Users\Horst\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24 folder moved successfully.
C:\Users\Horst\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23 folder moved successfully.
C:\Users\Horst\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22 folder moved successfully.
C:\Users\Horst\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21 folder moved successfully.
C:\Users\Horst\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20 folder moved successfully.
C:\Users\Horst\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2 folder moved successfully.
C:\Users\Horst\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19 folder moved successfully.
C:\Users\Horst\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18 folder moved successfully.
C:\Users\Horst\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17 folder moved successfully.
C:\Users\Horst\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16 folder moved successfully.
C:\Users\Horst\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15 folder moved successfully.
C:\Users\Horst\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14 folder moved successfully.
C:\Users\Horst\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13 folder moved successfully.
C:\Users\Horst\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12 folder moved successfully.
C:\Users\Horst\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11 folder moved successfully.
C:\Users\Horst\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10 folder moved successfully.
C:\Users\Horst\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1 folder moved successfully.
C:\Users\Horst\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0 folder moved successfully.
C:\Users\Horst\AppData\LocalLow\Sun\Java\Deployment\cache\6.0 folder moved successfully.
C:\Users\Horst\AppData\LocalLow\Sun\Java\Deployment\cache folder moved successfully.
File/Folder C:\Users\Horst\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk not found.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Horst\Desktop\cmd.bat deleted successfully.
C:\Users\Horst\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Administrator
->Temporary Internet Files folder emptied: 0 bytes
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 400707 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Horst
->Temp folder emptied: 1010416493 bytes
->Temporary Internet Files folder emptied: 236166415 bytes
->FireFox cache emptied: 1162781120 bytes
->Flash cache emptied: 145173 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 284114161 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50434 bytes
RecycleBin emptied: 497158004 bytes
 
Total Files Cleaned = 3.043,00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 12032012_142654

Files\Folders moved on Reboot...
C:\Users\Horst\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
         
Code:
ATTFilter
# AdwCleaner v2.011 - Datei am 03/12/2012 um 16:35:59 erstellt
# Aktualisiert am 02/12/2012 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzer : Horst - HORST-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Horst\Downloads\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Ordner Gelöscht : C:\ProgramData\Ask
Ordner Gelöscht : C:\ProgramData\Trymedia

***** [Registrierungsdatenbank] *****


***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16455

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v17.0 (de)

Profilname : default 
Datei : C:\Users\Horst\AppData\Roaming\Mozilla\Firefox\Profiles\jv3q9ptg.default\prefs.js

Gelöscht : user_pref("browser.search.defaultengine", "Ask.com");
Gelöscht : user_pref("browser.search.defaultenginename", "Ask.com");
Gelöscht : user_pref("browser.search.order.1", "Ask.com");
Gelöscht : user_pref("browser.search.selectedEngine", "Ask.com");

*************************

AdwCleaner[S1].txt - [1064 octets] - [03/12/2012 16:35:59]

########## EOF - C:\AdwCleaner[S1].txt - [1124 octets] ##########
         
__________________

Alt 04.12.2012, 20:16   #4
t'john
/// Helfer-Team
 
GVU Trojaner entfernen - Standard

GVU Trojaner entfernen



Bitte das Malwarebytes Logfile posten!
(Reiter Logdateien)
__________________
Mfg, t'john
Das TB unterstützen

Alt 19.01.2013, 16:46   #5
t'john
/// Helfer-Team
 
GVU Trojaner entfernen - Standard

GVU Trojaner entfernen



Fehlende Rückmeldung

Gibt es Probleme beim Abarbeiten obiger Anleitung?

Um Kapazitäten für andere Hilfesuchende freizumachen, lösche ich dieses Thema aus meinen Benachrichtigungen.

Solltest Du weitermachen wollen, schreibe mir eine PN oder eröffne ein neues Thema.
http://www.trojaner-board.de/69886-a...-beachten.html


Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner sauber ist.

__________________
Mfg, t'john
Das TB unterstützen

Antwort

Themen zu GVU Trojaner entfernen
administrator, adobe, antivir, autorun, avg, avira, bho, entfernen, excel, explorer, firefox, flash player, format, helper, home, install.exe, logfile, malware, monte, ntdll.dll, office 2007, plug-in, programm, realtek, recycle.bin, registry, rundll, scan, software, temp, trojan.reveton, trojaner, visual studio




Ähnliche Themen: GVU Trojaner entfernen


  1. Babylon toolbar entfernen, BrowserCompanion entfernen, DealPly entfernen, GinyasBrowserCompanions entfernen
    Log-Analyse und Auswertung - 17.12.2014 (9)
  2. GVU Trojaner entfernen
    Plagegeister aller Art und deren Bekämpfung - 13.07.2013 (13)
  3. GVU Trojaner entfernen
    Log-Analyse und Auswertung - 08.07.2013 (9)
  4. GVU-Trojaner. Wie entfernen?
    Plagegeister aller Art und deren Bekämpfung - 25.11.2012 (2)
  5. GUV Trojaner 2.07 entfernen
    Plagegeister aller Art und deren Bekämpfung - 20.10.2012 (6)
  6. Windows Uptdate Trojaner "Neuer Verschlüsselung Trojaner" Verschlüsseung entfernen, WIE?
    Plagegeister aller Art und deren Bekämpfung - 19.10.2012 (3)
  7. Trojaner Generic-FRAX!EF3DA767ACD3 Trojan entdeckt bei Versuch unbekannten Trojaner zu entfernen
    Plagegeister aller Art und deren Bekämpfung - 04.08.2012 (3)
  8. Trojaner Generic-FRAX!EF3DA767ACD3 Trojan entdeckt bei Versuch unbekannten Trojaner zu entfernen
    Mülltonne - 04.08.2012 (1)
  9. Live Security Platinum-Trojaner, Verschlüsselungs-Trojaner entfernen
    Plagegeister aller Art und deren Bekämpfung - 16.07.2012 (1)
  10. BKA Trojaner entfernen
    Plagegeister aller Art und deren Bekämpfung - 08.06.2012 (5)
  11. GVU-Trojaner v2.04 entfernen (Windows XP) Trojaner mit Urheberrechtsverletzung
    Plagegeister aller Art und deren Bekämpfung - 31.05.2012 (1)
  12. wie BKA trojaner entfernen?!
    Plagegeister aller Art und deren Bekämpfung - 15.08.2011 (2)
  13. BKA-Trojaner entfernen
    Log-Analyse und Auswertung - 23.07.2011 (6)
  14. Trojaner Kozy - desktop schwarz daten weg - wie kann ich den trojaner entfernen?
    Log-Analyse und Auswertung - 30.04.2011 (1)
  15. Trojaner TR/crypt.xpack.gen u. win32.dnschanger entfernen entfernen
    Plagegeister aller Art und deren Bekämpfung - 03.02.2009 (14)
  16. Trojaner entfernen
    Plagegeister aller Art und deren Bekämpfung - 14.10.2008 (1)
  17. Trojaner entfernen...
    Plagegeister aller Art und deren Bekämpfung - 10.01.2007 (3)

Zum Thema GVU Trojaner entfernen - Hallo, ich habe den GVU Trojaner auf meinem PC gehabt und möchte diesen nun vollständig entfernen. Habe bisher die DE Cleaner Rettungs CD benutzt und nun Anti Malware und OTL - GVU Trojaner entfernen...
Archiv
Du betrachtest: GVU Trojaner entfernen auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.