Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
GVU Trojaner auf Windows Vista Rechner

GVU Trojaner auf Windows Vista Rechner


Log-Analyse und Auswertung: GVU Trojaner auf Windows Vista Rechner

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 31.01.2013, 18:03   #1
M_a_r_k_u_s
 
GVU Trojaner auf Windows Vista Rechner - Standard

GVU Trojaner auf Windows Vista Rechner


Hallo,

ich habe einen GVU-Trojaner auf meinen Rechner.
Als Betriebssystem verwende ich Windows Vista und bin mit Adminrechten am Rechner angemeldet, daher funktioniert der Tipp "mit dem abgesichertem Modus" nicht.

Ich habe meinen Rechner mit OTL gescannt.OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 1/31/2013 5:38:12 PM - Run 
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Windows Vista (TM) Home Premium Service Pack 2 (Version = 6.0.6002) - Type = System
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 86.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 117.54 Gb Total Space | 25.66 Gb Free Space | 21.83% Space Free | Partition Type: NTFS
Drive D: | 113.88 Gb Total Space | 0.21 Gb Free Space | 0.19% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Win32 Services (SafeList) ==========
 
SRV - [2013/01/22 13:56:06 | 000,945,328 | ---- | M] () [Auto] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.0.1\ToolbarUpdater.exe -- (vToolbarUpdater14.0.1)
SRV - [2013/01/14 00:03:52 | 000,587,912 | ---- | M] (Crawler.com) [Auto] -- C:\Program Files\Spyware Terminator\st_rsser.exe -- (ST2012_Svc)
SRV - [2012/12/25 03:53:30 | 002,547,816 | ---- | M] () [Auto] -- C:\ProgramData\BrowserProtect\2.6.1040.25\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe -- (BrowserProtect)
SRV - [2012/11/09 05:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/10/31 20:12:13 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/08/12 20:24:48 | 005,167,736 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto] -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2012/05/08 15:06:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012/05/08 15:06:46 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012/02/13 21:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2012/01/03 08:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/05/12 10:26:46 | 000,079,360 | ---- | M] (SolidWorks) [On_Demand] -- C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe -- (SolidWorks Licensing Service)
SRV - [2011/05/12 10:26:43 | 001,044,816 | ---- | M] (Flexera Software, Inc.) [On_Demand] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/03/31 09:08:14 | 000,080,896 | ---- | M] () [Auto] -- C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)
SRV - [2010/03/29 10:13:26 | 000,602,624 | ---- | M] (Hauppauge Computer Works) [Auto] -- C:\Program Files\WinTV\TVServer\HauppaugeTVServer.exe -- (HauppaugeTVServer)
SRV - [2008/08/25 02:58:20 | 000,077,824 | ---- | M] (Toshiba) [On_Demand] -- C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe -- (SmartFaceVWatchSrv)
SRV - [2008/07/18 13:39:30 | 000,083,312 | ---- | M] (TOSHIBA Corporation) [Auto] -- C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
SRV - [2008/06/20 09:53:56 | 000,129,144 | ---- | M] (National Instruments Corporation) [Auto] -- C:\Program Files\IVI Foundation\VISA\WinNT\NIvisa\niLxiDiscovery.exe -- (niLXIDiscovery)
SRV - [2008/06/20 08:46:24 | 000,607,848 | ---- | M] (National Instruments Corporation) [Auto] -- C:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe -- (NITaggerService)
SRV - [2008/06/18 09:57:40 | 000,192,112 | ---- | M] (National Instruments Corporation) [Auto] -- C:\Program Files\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe -- (nimDNSResponder)
SRV - [2008/06/17 10:38:28 | 000,213,552 | ---- | M] (National Instruments Corporation) [Auto] -- C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe -- (NIDomainService)
SRV - [2008/06/17 10:38:16 | 000,050,736 | ---- | M] (National Instruments Corporation) [Auto] -- C:\Windows\System32\lktsrv.exe -- (lkTimeSync)
SRV - [2008/06/17 10:38:08 | 000,040,488 | ---- | M] (National Instruments Corporation) [Auto] -- C:\Windows\System32\lkads.exe -- (lkClassAds)
SRV - [2008/06/17 09:21:50 | 000,695,136 | ---- | M] (National Instruments, Inc.) [Auto] -- C:\Windows\System32\lkcitdl.exe -- (LkCitadelServer)
SRV - [2008/06/12 11:12:40 | 001,007,616 | ---- | M] (Macrovision Corporation) [Disabled] -- C:\Program Files\National Instruments\Shared\License Manager\Bin\lmgrd.exe -- (NILM License Manager)
SRV - [2008/04/24 03:21:56 | 000,099,720 | ---- | M] (Toshiba Europe GmbH) [Auto] -- C:\Program Files\Toshiba TEMPRO\TempoSVC.exe -- (TempoMonitoringService)
SRV - [2008/04/17 02:08:46 | 001,528,608 | ---- | M] (Cisco Systems, Inc.) [Auto] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2008/04/16 17:19:48 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2008/04/11 04:57:14 | 000,124,264 | ---- | M] (TOSHIBA CORPORATION) [Auto] -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2008/04/02 09:29:48 | 000,012,696 | ---- | M] (National Instruments Corporation) [Auto] -- C:\Program Files\National Instruments\MAX\nimxs.exe -- (mxssvr)
SRV - [2008/01/20 21:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/18 08:17:42 | 000,204,800 | ---- | M] () [Auto] -- C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe -- (LinksysUpdater)
SRV - [2008/01/17 09:27:34 | 000,431,456 | ---- | M] (TOSHIBA Corporation) [Auto] -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2007/12/03 10:03:52 | 000,126,976 | ---- | M] (TOSHIBA Corporation) [Auto] -- C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe -- (TOSHIBA SMART Log Service)
SRV - [2007/11/21 10:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) [Auto] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
SRV - [2007/11/06 08:07:32 | 000,008,656 | ---- | M] (National Instruments Corporation) [Auto] -- C:\Windows\System32\nisvcloc.exe -- (niSvcLoc)
SRV - [2007/05/09 08:34:34 | 000,098,304 | ---- | M] (OPC Foundation) [On_Demand] -- C:\Windows\System32\Opcenum.exe -- (OpcEnum)
SRV - [2007/02/12 03:43:44 | 000,065,536 | ---- | M] (O2Micro International) [Auto] -- C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe -- (o2flash)
SRV - [2006/08/23 09:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [2005/11/17 07:18:52 | 001,527,900 | ---- | M] (MAGIX®) [On_Demand] -- C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
SRV - [2005/09/23 00:01:16 | 002,799,808 | ---- | M] (Microsoft Corporation) [Disabled] -- C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon80)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand] -- -- (vpnva)
DRV - File not found [Kernel | On_Demand] -- -- (Tosrfcom)
DRV - File not found [Kernel | On_Demand] -- -- (pccsmcfd)
DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand] -- -- (IpInIp)
DRV - [2013/01/22 13:56:06 | 000,031,576 | ---- | M] (AVG Technologies) [Kernel | System] -- C:\Windows\System32\drivers\avgtpx86.sys -- (avgtp)
DRV - [2012/08/24 08:43:18 | 000,301,920 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2012/07/25 20:21:30 | 000,237,408 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2012/05/08 15:06:49 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012/05/08 15:06:49 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012/04/18 21:50:26 | 000,024,896 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot] -- C:\Windows\System32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2012/01/30 21:46:50 | 000,031,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot] -- C:\Windows\System32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/12/23 06:32:14 | 000,041,040 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/12/23 06:32:08 | 000,017,232 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2011/12/23 06:32:06 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\avgidsfilterx.sys -- (AVGIDSFilter)
DRV - [2011/12/23 06:32:00 | 000,139,856 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2011/09/16 10:08:07 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011/06/21 05:24:06 | 000,032,768 | ---- | M] () [Kernel | System] -- C:\Windows\System32\drivers\sp_rsdrv2.sys -- (sp_rsdrv2)
DRV - [2010/11/23 13:29:18 | 000,717,296 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2010/07/04 14:51:26 | 000,004,096 | ---- | M] () [Kernel | Unavailable] -- C:\Program Files\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5)
DRV - [2010/06/23 03:23:44 | 000,023,040 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand] -- C:\Windows\System32\drivers\htcnprot.sys -- (htcnprot)
DRV - [2010/01/27 12:56:48 | 000,054,016 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\hcw17bda.sys -- (hcw17bda)
DRV - [2009/10/08 10:55:33 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/06/09 17:49:32 | 000,024,576 | ---- | M] (HTC, Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ANDROIDUSB.sys -- (HTCAND32)
DRV - [2009/03/29 20:09:28 | 000,239,336 | ---- | M] (Microsoft Corporation) [File_System | Disabled] -- C:\Windows\System32\drivers\RsFx0103.sys -- (RsFx0103)
DRV - [2009/02/09 02:37:56 | 000,007,808 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2009/02/09 02:37:48 | 000,007,808 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2009/02/09 02:37:46 | 000,022,016 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2009/02/09 02:37:46 | 000,017,664 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2008/07/18 11:52:16 | 000,279,376 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\tos_sps32.sys -- (tos_sps32)
DRV - [2008/07/15 12:59:06 | 000,017,960 | ---- | M] (Chicony Electronics Co., Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\UVCFTR_S.SYS -- (UVCFTR)
DRV - [2008/06/20 10:54:16 | 000,011,360 | ---- | M] (National Instruments Corporation) [Kernel | Auto] -- C:\Windows\System32\drivers\NiViPxiKl.sys -- (NiViPxiK)
DRV - [2008/06/20 10:54:16 | 000,011,360 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\NiViPciKl.sys -- (NiViPciK)
DRV - [2008/06/20 09:04:48 | 000,011,384 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\NiViFWKl.sys -- (NiViFWK)
DRV - [2008/06/19 23:37:06 | 000,112,128 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel(R)
DRV - [2008/06/13 08:51:06 | 000,011,360 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\nidimkl.sys -- (nidimk)
DRV - [2008/06/13 08:48:32 | 000,011,344 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\niorbkl.sys -- (niorbk)
DRV - [2008/06/13 02:27:46 | 000,586,328 | ---- | M] (National Instruments Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\nipalk.sys -- (NIPALK)
DRV - [2008/06/13 02:27:46 | 000,011,896 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\nipalusbedl.sys -- (nipalusbedl)
DRV - [2008/06/13 02:27:44 | 000,011,904 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\nipalfwedl.sys -- (nipalfwedl)
DRV - [2008/04/27 17:29:26 | 003,658,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel(R)
DRV - [2008/04/23 10:15:26 | 000,131,712 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand] -- C:\Windows\System32\drivers\tosrfbd.sys -- (tosrfbd)
DRV - [2008/04/17 02:07:52 | 000,306,299 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto] -- C:\Windows\System32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2008/04/14 21:13:14 | 000,051,160 | ---- | M] (O2Micro ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\o2media.sys -- (O2MDRDR)
DRV - [2008/04/07 03:00:00 | 000,004,096 | ---- | M] () [Kernel | Auto] -- C:\Windows\System32\drivers\cvintdrv.sys -- (cvintdrv)
DRV - [2008/03/29 10:36:28 | 000,125,328 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE)
DRV - [2008/03/19 04:38:24 | 000,074,112 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Tosrfhid.sys -- (Tosrfhid)
DRV - [2008/03/04 12:32:00 | 000,188,416 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2007/11/09 07:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\TVALZ_O.SYS -- (TVALZ)
DRV - [2007/10/18 07:25:00 | 000,041,856 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand] -- C:\Windows\System32\drivers\tosrfusb.sys -- (Tosrfusb)
DRV - [2007/10/16 18:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/07/10 13:08:14 | 000,015,448 | ---- | M] (National Instruments Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\nipbcfk.sys -- (nipbcfk)
DRV - [2007/04/24 10:52:10 | 000,016,688 | ---- | M] (IBM) [Kernel | System] -- C:\Windows\System32\drivers\LUMDriver.sys -- (LUMDriver)
DRV - [2007/04/09 10:13:00 | 000,008,192 | ---- | M] (TOSHIBA) [Kernel | On_Demand] -- C:\Windows\System32\drivers\QIOMem.sys -- (QIOMem)
DRV - [2007/01/18 10:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2006/10/23 09:32:20 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\tosrfec.sys -- (tosrfec)
DRV - [2006/10/18 04:50:04 | 000,016,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA
IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
IE - HKU\Markus_ON_C\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://search.babylon.com/?affID=110231&tt=0213_1&babsrc=HP_ss&mntrId=56c3ba570000000000000022fae24d50
IE - HKU\Markus_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA;
IE - HKU\Markus_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\Markus_ON_C\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\Markus_ON_C\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - File not found
IE - HKU\Markus_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.defaultthis.engineName: "DVDVideoSoftTB Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=971163"
FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..keyword.URL: "hxxp://isearch.avg.com/search?cid={827DC1AE-4F31-4E22-88D1-99F9E142D0DD}&mid=f12871906b9b47d19cc863ac451d1aa4-b608703012e6471492d31b6e7275dd76f4a62b50&lang=de&ds=AVG&pr=fr&d=2013-01-22 19:56:21&pid=avg&sg=&v=14.0.0.14&sap=ku&q="
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\System32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\14.0.1\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Picasa2\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\System32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\Program Files\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files\Microsoft Office\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.448: C:\Program Files\VistaCodecPack\rm\Browser\Plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files\VistaCodecPack\rm\Browser\Plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: 
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.0.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\virtualKeyboard@kaspersky.ru
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\KavAntiBanner@kaspersky.ru
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\linkfilter@kaspersky.ru
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012/09/10 11:13:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\FireFoxExt\14.0.0.14 [2013/01/22 13:56:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/10/31 20:12:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/10/31 20:11:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012/10/14 08:31:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{58bd07eb-0ee0-4df0-8121-dc9b693373df}: C:\ProgramData\BrowserProtect\2.6.1040.25\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension [2013/01/09 13:55:38 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/10/31 20:12:13 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/10/31 20:11:55 | 000,000,000 | ---D | M]
 
[2009/10/27 17:56:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Markus\AppData\Roaming\Mozilla\Extensions
[2013/01/20 08:19:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Markus\AppData\Roaming\Mozilla\Firefox\Profiles\m60o80n9.default\extensions
[2012/10/10 17:30:54 | 000,000,000 | ---D | M] (Forecastfox) -- C:\Users\Markus\AppData\Roaming\Mozilla\Firefox\Profiles\m60o80n9.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2010/04/28 12:45:13 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Markus\AppData\Roaming\Mozilla\Firefox\Profiles\m60o80n9.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2013/01/09 11:19:01 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\Markus\AppData\Roaming\Mozilla\Firefox\Profiles\m60o80n9.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2013/01/20 08:20:08 | 000,000,911 | ---- | M] () -- C:\Users\Markus\AppData\Roaming\Mozilla\Firefox\Profiles\m60o80n9.default\searchplugins\11-suche.xml
[2012/12/31 14:09:50 | 000,000,931 | ---- | M] () -- C:\Users\Markus\AppData\Roaming\Mozilla\Firefox\Profiles\m60o80n9.default\searchplugins\conduit.xml
[2010/11/23 13:35:41 | 000,002,921 | ---- | M] () -- C:\Users\Markus\AppData\Roaming\Mozilla\Firefox\Profiles\m60o80n9.default\searchplugins\daemon-search.xml
[2013/01/20 08:20:08 | 000,002,273 | ---- | M] () -- C:\Users\Markus\AppData\Roaming\Mozilla\Firefox\Profiles\m60o80n9.default\searchplugins\englische-ergebnisse.xml
[2013/01/20 08:20:08 | 000,010,563 | ---- | M] () -- C:\Users\Markus\AppData\Roaming\Mozilla\Firefox\Profiles\m60o80n9.default\searchplugins\gmx-suche.xml
[2013/01/20 08:20:08 | 000,002,432 | ---- | M] () -- C:\Users\Markus\AppData\Roaming\Mozilla\Firefox\Profiles\m60o80n9.default\searchplugins\lastminute.xml
[2013/01/20 08:20:08 | 000,005,545 | ---- | M] () -- C:\Users\Markus\AppData\Roaming\Mozilla\Firefox\Profiles\m60o80n9.default\searchplugins\webde-suche.xml
[2012/10/31 20:11:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/10/31 20:11:28 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/10/31 20:11:43 | 000,000,000 | ---D | M] (pdfforge Toolbar Plugin) -- C:\Program Files\Mozilla Firefox\extensions\{B922D405-6D13-4A2B-AE89-08A030DA4402}
[2012/10/31 20:11:24 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\Program Files\Mozilla Firefox\extensions\KavAntiBanner@kaspersky.ru_bak
[2012/10/31 20:11:25 | 000,000,000 | ---D | M] (Modul zur Link-Untersuchung) -- C:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak
[2012/10/31 20:11:25 | 000,000,000 | ---D | M] (QuickStores-Toolbar) -- C:\Program Files\Mozilla Firefox\extensions\quickstores@quickstores.de
[2012/10/31 20:11:27 | 000,000,000 | ---D | M] (Search Settings Plugin) -- C:\Program Files\Mozilla Firefox\extensions\search@searchsettings.com
File not found (No name found) -- 
[2013/01/09 13:55:38 | 000,000,000 | ---D | M] (BrowserProtect) -- C:\PROGRAMDATA\BROWSERPROTECT\2.6.1040.25\{C16C1CCB-7046-4E5C-A2F3-533AD2FEC8E8}\FIREFOXEXTENSION
() (No name found) -- C:\USERS\MARKUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\M60O80N9.DEFAULT\EXTENSIONS\{ACAA314B-EEBA-48E4-AD47-84E31C44796C}.XPI
() (No name found) -- C:\USERS\MARKUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\M60O80N9.DEFAULT\EXTENSIONS\TOOLBAR@WEB.DE.XPI
[2012/10/31 20:12:13 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2009/10/14 10:21:24 | 000,155,648 | ---- | M] (Dassault Systèmes SolidWorks Corp.) -- C:\Program Files\mozilla firefox\plugins\npEModelPlugin.dll
[2012/02/15 08:48:02 | 000,378,880 | ---- | M] (InfiniAd GmbH) -- C:\Program Files\mozilla firefox\plugins\npmieze.dll
[2012/02/19 08:50:53 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013/01/22 13:56:26 | 000,003,598 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2013/01/09 13:55:21 | 000,002,349 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2012/09/09 15:52:47 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/02/19 08:50:53 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012/02/19 08:50:53 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012/02/19 08:50:53 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/02/19 08:50:53 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006/09/18 16:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\14.0.0.14\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (no name) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - File not found
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\14.0.0.14\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-129872198372} - No CLSID value found.
O3 - HKU\Markus_ON_C\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\Toshiba\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony)
O4 - HKLM..\Run: [cfFncEnabler.exe] File not found
O4 - HKLM..\Run: [Google EULA Launcher] C:\Program Files\Google\Google EULA\GoogleEULALauncher.exe ( )
O4 - HKLM..\Run: [HDMICtrlMan] C:\Program Files\Toshiba\HDMICtrlMan\HDMICtrlMan.exe (TOSHIBA Corporation.)
O4 - HKLM..\Run: [HSON] C:\Program Files\Toshiba\TBS\HSON.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [HTC Sync Loader] C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe ()
O4 - HKLM..\Run: [ITSecMng] C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe ( TOSHIBA CORPORATION)
O4 - HKLM..\Run: [NDSTray.exe] File not found
O4 - HKLM..\Run: [NI Background Service] C:\Program Files\National Instruments\Shared\Update Service\BackgroundService.exe (National Instruments)
O4 - HKLM..\Run: [OPSE reminder] C:\Program Files\ScanSoft\OmniPageSE2.0\EregGer\Ereg.exe ()
O4 - HKLM..\Run: [OpwareSE2] C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [SearchSettings] File not found
O4 - HKLM..\Run: [SmoothView] C:\Program Files\Toshiba\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [SMSTray] File not found
O4 - HKLM..\Run: [SpywareTerminatorShield] C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe (Crawler.com)
O4 - HKLM..\Run: [SpywareTerminatorUpdater] C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe (Crawler.com)
O4 - HKLM..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe (TOSHIBA)
O4 - HKLM..\Run: [Toshiba Registration] C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe (Toshiba)
O4 - HKLM..\Run: [Toshiba TEMPO] C:\Program Files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe (Toshiba Europe GmbH)
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\Toshiba\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe ()
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\LocalService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\Markus_ON_C..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
O4 - HKU\Markus_ON_C..\Run: [maoq.exe] File not found
O4 - HKU\Markus_ON_C..\Run: [TOSCDSPD] File not found
O4 - HKU\NetworkService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - Startup: C:\Users\Markus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\1404b2c416da.dat ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O7 - HKU\Markus_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Markus_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\Markus_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Markus\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: eBay - Der weltweite Online Marktplatz - {76577871-04EC-495E-A12B-91F7C3600AFA} - File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Amazon.de - {8A918C1D-E123-4E36-B562-5C1519E434CE} - File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\National Instruments\Shared\mDNS Responder\nimdnsNSP.dll (National Instruments Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 10.7.2)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\14.0.1\ViProtocol.dll ()
O20 - AppInit_DLLs: (c:\progra~2\browse~1\261040~1.25\{c16c1~1\browse~1.dll) - C:\ProgramData\BrowserProtect\2.6.1040.25\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll ()
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKU\Markus_ON_C Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKU\Markus_ON_C Winlogon: Shell - (C:\Users\Markus\AppData\Roaming\skype.dat) - C:\Users\Markus\AppData\Roaming\skype.dat ()
O24 - Desktop WallPaper: C:\Users\Public\Pictures\Sample Pictures\Dock.jpg
O24 - Desktop BackupWallPaper: C:\Users\Public\Pictures\Sample Pictures\Dock.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{120be9ca-46ed-11df-b0c7-00238bce07f7}\Shell\AutoRun\command - "" = /RAR/RAR-archiv.bat
O33 - MountPoints2\{541ed39c-fd57-11df-becf-00238bce07f7}\Shell - "" = AutoRun
O33 - MountPoints2\{541ed39c-fd57-11df-becf-00238bce07f7}\Shell\AutoRun\command - "" = H:\setup.exe AUTORUN=1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG2012\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/01/29 22:35:05 | 002,237,440 | R--- | C] (OldTimer Tools) -- C:\OTLPE.exe
[2013/01/29 22:35:01 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/01/28 21:47:16 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2013/01/27 20:25:07 | 000,000,000 | -HSD | C] -- C:\found.000
[2013/01/22 13:56:35 | 000,000,000 | ---D | C] -- C:\Users\Markus\AppData\Local\AVG Secure Search
[2013/01/22 13:56:28 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Security Toolbar
[2013/01/22 13:56:26 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Secure Search
[2013/01/22 13:56:18 | 000,031,576 | ---- | C] (AVG Technologies) -- C:\Windows\System32\drivers\avgtpx86.sys
[2013/01/22 13:56:15 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVG Secure Search
[2013/01/22 13:56:14 | 000,000,000 | ---D | C] -- C:\Program Files\AVG Secure Search
[2013/01/22 13:51:29 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG January 2013 Campaign
[2013/01/14 15:10:41 | 000,000,000 | ---D | C] -- C:\Users\Markus\AppData\Roaming\Spyware Terminator
[2013/01/14 15:10:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Spyware Terminator
[2013/01/14 15:09:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spyware Terminator 2012
[2013/01/14 15:08:18 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Terminator
[2013/01/09 13:55:39 | 000,000,000 | ---D | C] -- C:\Users\Markus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserProtect
[2013/01/09 13:55:36 | 000,000,000 | ---D | C] -- C:\ProgramData\BrowserProtect
[2013/01/09 13:55:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyPhoneExplorer
[2013/01/09 13:55:03 | 000,000,000 | ---D | C] -- C:\Users\Markus\AppData\Roaming\Babylon
[2013/01/09 13:55:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2013/01/09 09:29:19 | 002,048,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013/01/09 09:28:49 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
[2013/01/08 21:12:47 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013/01/08 21:12:46 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013/01/08 21:12:46 | 000,420,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2013/01/08 21:12:46 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013/01/08 21:12:46 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013/01/08 21:12:46 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013/01/08 21:12:45 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013/01/08 21:12:45 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2013/01/08 21:12:44 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013/01/08 21:12:43 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013/01/08 21:08:11 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Wdfres.dll
[2013/01/08 21:08:03 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFPlatform.dll
[2013/01/08 21:08:03 | 000,047,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\WdfLdr.sys
[2013/01/08 21:08:03 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winusb.dll
[2013/01/08 21:08:02 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFx.dll
[2013/01/08 21:08:02 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFCoinstaller.dll
[2013/01/08 21:01:51 | 000,293,376 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2013/01/08 21:01:51 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2013/01/08 11:55:32 | 000,376,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dpnet.dll
[2013/01/08 11:55:32 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dpnsvr.exe
[2013/01/08 11:55:26 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2013/01/08 11:42:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013/01/08 11:42:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
 
========== Files - Modified Within 30 Days ==========
 
[2013/01/30 14:53:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/01/30 14:52:47 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/01/30 14:52:47 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/01/30 14:52:35 | 000,000,004 | ---- | M] () -- C:\Users\Markus\AppData\Roaming\skype.ini
[2013/01/30 14:45:25 | 3050,168,320 | -HS- | M] () -- C:\hiberfil.sys
[2013/01/26 15:46:42 | 107,819,834 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2013/01/22 15:32:38 | 000,700,406 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/01/22 15:32:37 | 000,740,322 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013/01/22 15:32:37 | 000,170,048 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013/01/22 15:32:37 | 000,144,062 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/01/22 14:55:30 | 000,000,298 | ---- | M] () -- C:\Windows\tasks\ROC_REG_JAN_DELETE.job
[2013/01/22 13:56:06 | 000,031,576 | ---- | M] (AVG Technologies) -- C:\Windows\System32\drivers\avgtpx86.sys
[2013/01/20 08:21:50 | 000,002,655 | ---- | M] () -- C:\Users\Markus\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2007.lnk
[2013/01/16 12:06:04 | 000,020,720 | ---- | M] () -- C:\Users\Markus\Desktop\getgoods.de - günstige Smartphones - Tablet PCs - Haushaltsgeräte, Zubehör und vieles mehr.pdf
[2013/01/14 15:09:53 | 000,000,852 | ---- | M] () -- C:\Users\Public\Desktop\Spyware Terminator 2012.lnk
[2013/01/14 15:09:53 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spyware Terminator 2012
[2013/01/11 20:38:45 | 000,475,768 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/01/09 13:55:18 | 000,001,056 | ---- | M] () -- C:\Users\Public\Desktop\MyPhoneExplorer.lnk
[2013/01/09 13:55:18 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyPhoneExplorer
[2013/01/08 11:42:41 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013/01/08 11:42:37 | 000,001,880 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
 
========== Files Created - No Company Name ==========
 
[2013/01/29 14:42:22 | 3050,168,320 | -HS- | C] () -- C:\hiberfil.sys
[2013/01/25 16:37:28 | 000,000,004 | ---- | C] () -- C:\Users\Markus\AppData\Roaming\skype.ini
[2013/01/22 13:51:30 | 000,000,298 | ---- | C] () -- C:\Windows\tasks\ROC_REG_JAN_DELETE.job
[2013/01/16 12:06:03 | 000,020,720 | ---- | C] () -- C:\Users\Markus\Desktop\getgoods.de - günstige Smartphones - Tablet PCs - Haushaltsgeräte, Zubehör und vieles mehr.pdf
[2013/01/14 15:10:56 | 000,032,768 | ---- | C] () -- C:\Windows\System32\drivers\sp_rsdrv2.sys
[2013/01/14 15:09:53 | 000,000,852 | ---- | C] () -- C:\Users\Public\Desktop\Spyware Terminator 2012.lnk
[2013/01/09 13:55:18 | 000,001,056 | ---- | C] () -- C:\Users\Public\Desktop\MyPhoneExplorer.lnk
[2013/01/08 21:08:20 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2013/01/08 21:08:20 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012/11/17 18:41:43 | 000,000,047 | ---- | C] () -- C:\Users\Markus\AppData\Roaming\msconfig.ini
[2012/08/11 17:53:42 | 000,000,051 | ---- | C] () -- C:\ProgramData\amkwnhkkbqwluml
[2012/07/24 16:21:44 | 000,000,051 | ---- | C] () -- C:\ProgramData\vwczkojxvzzgrxe
[2012/03/20 15:06:26 | 000,000,036 | ---- | C] () -- C:\Users\Markus\AppData\Local\housecall.guid.cache
[2012/03/20 15:01:14 | 000,000,680 | ---- | C] () -- C:\Users\Markus\AppData\Local\d3d9caps.dat
[2012/01/10 21:05:32 | 000,070,503 | ---- | C] () -- C:\Users\Markus\AppData\Roaming\msconfig.dat.vir
[2012/01/10 21:05:32 | 000,047,104 | ---- | C] () -- C:\Users\Markus\AppData\Roaming\skype.dat
[2011/11/02 16:19:24 | 000,010,752 | ---- | C] () -- C:\Windows\System32\KOBJ7J_L.DLL
[2011/05/13 14:00:33 | 000,015,872 | R--- | C] () -- C:\Windows\System32\ibfs32.dll
[2011/05/12 10:27:19 | 000,000,000 | ---- | C] () -- C:\Windows\eDrawingOfficeAutomator.INI
[2010/10/14 14:36:08 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/07/09 17:47:21 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2010/07/09 17:47:21 | 000,000,135 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/07/09 17:46:42 | 000,142,337 | ---- | C] () -- C:\Windows\System32\Wait.exe
[2010/07/09 17:24:25 | 000,034,706 | ---- | C] () -- C:\Windows\Irremote.ini
[2010/07/09 17:22:35 | 000,006,456 | ---- | C] () -- C:\Windows\HCWPNP.INI
[2010/04/06 16:42:55 | 000,000,065 | ---- | C] () -- C:\Windows\FISHUI.INI
[2010/04/02 07:18:17 | 000,002,554 | ---- | C] () -- C:\Windows\WAVEMIX.INI
[2010/01/29 11:52:02 | 000,000,116 | ---- | C] () -- C:\Windows\GPM2MICP.INI
[2010/01/27 19:09:54 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009/12/18 08:06:41 | 000,212,992 | ---- | C] () -- C:\Windows\System32\WMIMPLEX.dll
[2009/12/18 08:06:41 | 000,031,232 | ---- | C] () -- C:\Windows\System32\maplec.dll
[2009/12/18 08:06:41 | 000,020,480 | ---- | C] () -- C:\Windows\System32\maplecompat.dll
[2009/12/15 11:29:01 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2009/12/03 17:42:22 | 000,000,532 | ---- | C] () -- C:\Windows\MAXLINK.INI
[2009/10/31 04:39:20 | 000,000,016 | -H-- | C] () -- C:\ProgramData\mxfilerelatedcache.mxc2
[2009/10/31 04:39:15 | 000,000,016 | -H-- | C] () -- C:\Users\Markus\AppData\Roaming\mxfilerelatedcache.mxc2
[2009/10/31 04:39:15 | 000,000,016 | -H-- | C] () -- C:\Users\Markus\AppData\mxfilerelatedcache.mxc2
[2009/10/31 04:39:15 | 000,000,016 | -H-- | C] () -- C:\Users\Markus\AppData\Local\mxfilerelatedcache.mxc2
[2009/10/22 16:51:58 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/10/22 16:51:57 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/10/22 16:51:01 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/10/14 13:24:46 | 000,059,392 | ---- | C] () -- C:\Users\Markus\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/10/13 14:01:48 | 000,000,000 | ---- | C] () -- C:\Users\Markus\AppData\Roaming\wklnhst.dat
[2009/05/29 18:37:40 | 000,205,824 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009/05/29 18:31:52 | 000,881,664 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2008/08/06 04:36:52 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2008/08/06 04:04:05 | 000,006,642 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2008/08/06 03:48:08 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2008/08/06 03:48:08 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2008/08/06 03:48:08 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2008/08/06 03:48:08 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2008/08/06 03:48:08 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2008/08/06 03:48:08 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2008/08/06 03:30:34 | 000,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini
[2008/08/06 03:30:34 | 000,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll
[2008/08/06 03:30:34 | 000,009,480 | ---- | C] () -- C:\Windows\System32\tosmreg.ini
[2008/08/06 03:30:34 | 000,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini
[2008/08/06 03:28:15 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2008/08/06 03:25:30 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1502.dll
[2008/08/06 03:25:30 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll
[2008/08/06 03:25:29 | 002,192,024 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2008/08/06 03:25:28 | 000,147,172 | ---- | C] () -- C:\Windows\System32\igfcg550.bin
[2008/08/06 03:25:27 | 000,492,496 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2008/06/13 08:47:30 | 000,000,244 | ---- | C] () -- C:\Windows\System32\nirpc.ini
[2008/06/13 02:26:08 | 000,003,520 | ---- | C] () -- C:\Windows\System32\nipalpg.dll
[2008/04/17 02:08:56 | 000,197,408 | ---- | C] () -- C:\Windows\System32\vpnapi.dll
[2008/04/07 03:00:00 | 000,004,096 | ---- | C] () -- C:\Windows\System32\drivers\cvintdrv.sys
[2008/01/21 02:15:58 | 000,740,322 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008/01/21 02:15:58 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008/01/21 02:15:58 | 000,170,048 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008/01/21 02:15:58 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2007/12/21 09:46:32 | 000,118,784 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll
[2007/08/21 12:46:34 | 000,059,160 | ---- | C] () -- C:\Windows\System32\zlib.dll
[2007/02/05 12:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI
[2006/11/02 07:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:47:37 | 000,475,768 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:33:01 | 000,700,406 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 05:33:01 | 000,144,062 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2005/07/22 14:30:18 | 000,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll
[2002/05/15 18:38:40 | 000,091,136 | ---- | C] () -- C:\Windows\System32\mp4fil32.dll
[2002/05/04 08:19:00 | 000,049,152 | ---- | C] () -- C:\Windows\System32\avisynthEx.dll
[1999/07/07 10:01:12 | 000,045,056 | ---- | C] () -- C:\Windows\System32\davedec.dll
 
========== LOP Check ==========
 
[2012/03/20 15:23:25 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\AVG2012
[2013/01/09 13:55:03 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\Babylon
[2011/02/12 16:02:37 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\BSplayer
[2010/04/28 12:36:55 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\BSplayer Pro
[2010/11/23 13:28:09 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\DAEMON Tools
[2010/11/16 15:47:50 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\DassaultSystemes
[2010/04/06 16:26:49 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\DataCast
[2010/05/05 15:51:05 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\Dev-Cpp
[2012/10/31 20:27:15 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\DVDVideoSoft
[2011/06/08 14:34:26 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\DVDVideoSoftIEHelpers
[2011/06/30 13:32:52 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\DWGeditor
[2010/04/09 07:12:44 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\FileOpen
[2011/10/11 15:00:05 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\Haeq
[2011/07/11 17:18:52 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\HTC
[2011/07/11 17:06:18 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1
[2010/05/12 14:36:00 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\ICAClient
[2010/05/20 14:54:31 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\IrfanView
[2011/10/11 18:47:11 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\Itsum
[2012/11/09 16:10:31 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\loadtbs
[2010/06/06 15:46:58 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\mathegrafix
[2013/01/09 14:11:27 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\MyPhoneExplorer
[2009/11/15 18:34:48 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\myphotobook
[2010/09/28 15:44:24 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\Nokia
[2012/10/31 20:26:17 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\OpenCandy
[2013/01/09 13:43:02 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\Outlook
[2009/11/09 16:01:45 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\PC Suite
[2012/08/13 16:08:32 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\pdfforge
[2012/03/16 15:28:24 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\Petroglyph
[2012/03/20 15:03:06 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\QuickStoresToolbar
[2009/12/03 17:54:59 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\Scan2PDF
[2009/12/03 17:42:29 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\ScanSoft
[2013/01/14 15:10:41 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\Spyware Terminator
[2012/10/14 08:33:16 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\Thunderbird
[2010/04/16 06:54:36 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\Toshiba
[2012/10/31 20:27:53 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\TuneUp Software
[2009/11/07 16:36:43 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\Ulead Systems
[2010/04/09 13:34:18 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\VistaCodecs
[2009/10/13 13:29:13 | 000,000,000 | -HSD | M] -- C:\ProgramData\Anwendungsdaten
[2006/11/02 08:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data
[2012/07/23 12:35:26 | 000,000,000 | ---D | M] -- C:\ProgramData\AVAST Software
[2013/01/22 13:53:01 | 000,000,000 | ---D | M] -- C:\ProgramData\AVG January 2013 Campaign
[2013/01/22 13:56:27 | 000,000,000 | ---D | M] -- C:\ProgramData\AVG Secure Search
[2013/01/22 13:56:28 | 000,000,000 | ---D | M] -- C:\ProgramData\AVG Security Toolbar
[2012/03/20 15:33:02 | 000,000,000 | ---D | M] -- C:\ProgramData\AVG2012
[2013/01/09 13:55:03 | 000,000,000 | ---D | M] -- C:\ProgramData\Babylon
[2013/01/09 13:55:36 | 000,000,000 | ---D | M] -- C:\ProgramData\BrowserProtect
[2009/10/19 16:08:18 | 000,000,000 | -H-D | M] -- C:\ProgramData\CanonBJ
[2011/02/12 16:04:12 | 000,000,000 | ---D | M] -- C:\ProgramData\Cisco
[2012/01/02 16:27:56 | 000,000,000 | -H-D | M] -- C:\ProgramData\Common Files
[2010/11/23 15:27:37 | 000,000,000 | ---D | M] -- C:\ProgramData\DassaultSystemes
[2006/11/02 08:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
[2006/11/02 08:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents
[2009/10/13 13:29:13 | 000,000,000 | -HSD | M] -- C:\ProgramData\Dokumente
[2009/10/13 13:29:13 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favoriten
[2006/11/02 08:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites
[2010/04/09 07:12:43 | 000,000,000 | ---D | M] -- C:\ProgramData\FileOpen
[2011/11/06 11:00:43 | 000,000,000 | ---D | M] -- C:\ProgramData\Firefly Studios
[2009/11/09 15:49:04 | 000,000,000 | ---D | M] -- C:\ProgramData\Installations
[2009/10/16 12:08:38 | 000,000,000 | ---D | M] -- C:\ProgramData\IsolatedStorage
[2009/10/16 15:24:24 | 000,000,000 | ---D | M] -- C:\ProgramData\IVI Foundation
[2010/11/03 16:57:17 | 000,000,000 | ---D | M] -- C:\ProgramData\Linksys
[2012/11/09 16:11:21 | 000,000,000 | ---D | M] -- C:\ProgramData\MAGIX
[2013/01/26 15:47:58 | 000,000,000 | ---D | M] -- C:\ProgramData\MFAData
[2009/10/17 13:11:39 | 000,000,000 | ---D | M] -- C:\ProgramData\National Instruments
[2011/05/05 13:27:13 | 000,000,000 | ---D | M] -- C:\ProgramData\PC Suite
[2010/06/25 15:51:03 | 000,000,000 | ---D | M] -- C:\ProgramData\ScanSoft
[2012/09/22 09:31:58 | 000,000,000 | ---D | M] -- C:\ProgramData\segivjlsdiqbsww
[2013/01/21 12:19:56 | 000,000,000 | ---D | M] -- C:\ProgramData\Spyware Terminator
[2009/12/03 17:42:23 | 000,000,000 | ---D | M] -- C:\ProgramData\SSScanAppDataDir
[2009/12/03 17:42:23 | 000,000,000 | ---D | M] -- C:\ProgramData\SSScanWizard
[2006/11/02 08:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu
[2009/10/13 13:29:13 | 000,000,000 | -HSD | M] -- C:\ProgramData\Startmenü
[2006/11/02 08:02:04 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates
[2010/11/19 16:13:16 | 000,000,000 | ---D | M] -- C:\ProgramData\tmp
[2009/10/13 12:34:08 | 000,000,000 | ---D | M] -- C:\ProgramData\Toshiba
[2009/10/13 13:34:02 | 000,000,000 | ---D | M] -- C:\ProgramData\ToshibaEurope
[2012/10/31 20:27:54 | 000,000,000 | ---D | M] -- C:\ProgramData\TuneUp Software
[2008/08/06 03:47:21 | 000,000,000 | ---D | M] -- C:\ProgramData\Ulead Systems
[2010/04/09 13:34:17 | 000,000,000 | ---D | M] -- C:\ProgramData\VistaCodecs
[2009/10/13 13:29:13 | 000,000,000 | -HSD | M] -- C:\ProgramData\Vorlagen
[2010/04/21 18:54:29 | 000,000,000 | ---D | M] -- C:\ProgramData\WindowsSearch
[2012/09/22 09:36:57 | 000,000,000 | ---D | M] -- C:\ProgramData\zcetocmxdjvkhdz
[2008/08/06 04:00:15 | 000,000,000 | ---D | M] -- C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
[2012/10/31 20:27:18 | 000,000,000 | -HSD | M] -- C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
[2013/01/22 14:55:30 | 000,000,298 | ---- | M] () -- C:\Windows\Tasks\ROC_REG_JAN_DELETE.job
[2013/01/30 14:52:46 | 000,032,578 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
< End of report >
--- --- ---



Könnt ihr mir bitte helfen, den GVU Trojaner zu entfernen.

Danke.

VG

Alt 31.01.2013, 18:14   #2
markusg
/// Malware-holic
 
GVU Trojaner auf Windows Vista Rechner - Standard

GVU Trojaner auf Windows Vista Rechner


hi

dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user.
wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts.


• Starte bitte die OTL.exe
• Kopiere nun das Folgende in die Textbox.



Code:
ATTFilter
:OTL
O4 - Startup: C:\Users\Markus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\1404b2c416da.dat ()
O20 - HKU\Markus_ON_C Winlogon: Shell - (C:\Users\Markus\AppData\Roaming\skype.dat) - C:\Users\Markus\AppData\Roaming\skype.dat ()
 :Files
C:\Users\Markus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\1404b2c416da.dat
:Commands
[EMPTYFLASH] 
[emptytemp]


• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Fix Button.
• OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren.
starte in den normalen modus.

falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden

Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang
in den Thread posten!



Drücke bitte die + E Taste.
  • Öffne dein Systemlaufwerk ( meistens C: )
  • Suche nun
    folgenden Ordner: _OTL und öffne diesen.
  • Mache einen Rechtsklick auf den Ordner Movedfiles --> Senden an --> Zip-Komprimierter Ordner

  • Dies wird eine Movedfiles.zip Datei in _OTL erstellen
  • Lade diese bitte in unseren Uploadchannel
    hoch. ( Durchsuchen --> C:\_OTL\Movedfiles.zip )
Teile mir mit ob der Upload problemlos geklappt hat. Danke im voraus
__________________

__________________
Antwort

Themen zu GVU Trojaner auf Windows Vista Rechner
adobe, antivir, avast, avg, avg secure search, avg security toolbar, avira, bho, browserprotect.dll, cid, converter, defender, desktop, error, firefox, format, home, logfile, mozilla, mp3, national, object, pdfforge toolbar, plug-in, registry, secure search, security, software, spyware, tablet, trojaner, vista, visual studio, vtoolbarupdater, windows


« Interpretation des Log-Files von OTLPE - GVU-Trojaner | certified-toolbar entfernen »


Ähnliche Themen: GVU Trojaner auf Windows Vista Rechner


  1. Windows Vista incredibar-search ASK-Toolbar vermutlich Malware, Rechner sehr langsam
    Log-Analyse und Auswertung - 28.04.2015 (11)
  2. Windows Vista 32-bit: hohe Systemlast mit lautem Laufgeräusch - Programm-Aussetzer - Rechner läuft heiß und geht aus
    Log-Analyse und Auswertung - 30.11.2014 (9)
  3. Windows Vista 32-bit: hohe Systemlast mit lautem Laufgeräusch - Programm-Aussetzer - Rechner läuft heiß und geht aus
    Alles rund um Windows - 28.11.2014 (27)
  4. Windows Vista Rechner mit Interpol Trojaner befallen
    Log-Analyse und Auswertung - 20.03.2014 (3)
  5. softwareupdater.ui.exe (Windows vista) will auf meinen rechner zugreifen
    Plagegeister aller Art und deren Bekämpfung - 30.11.2013 (15)
  6. Interpol Trojaner auf Vista Rechner - eingeschränkte Möglichkeiten Daten zu sammeln wegen ipad und uraltrechner
    Plagegeister aller Art und deren Bekämpfung - 26.11.2013 (17)
  7. Windows Vista: MSI Nettop: Interpol Trojaner Rechner gesperrt
    Log-Analyse und Auswertung - 01.11.2013 (14)
  8. GVU-Virus auf meinem Rechner (Windows Vista)
    Log-Analyse und Auswertung - 08.07.2013 (15)
  9. Trojaner auf Vista-Rechner
    Plagegeister aller Art und deren Bekämpfung - 03.06.2013 (25)
  10. Trojaner blockiert Windows Vista Rechner, abgesicherter Modus geht auch nicht
    Plagegeister aller Art und deren Bekämpfung - 31.01.2013 (4)
  11. GVU Trojaner blockiert Windows Vista Rechner, abgesicherter Modus geht auch nicht
    Plagegeister aller Art und deren Bekämpfung - 30.01.2013 (1)
  12. GVU-Virus auf meinem Rechner (Windows Vista)
    Log-Analyse und Auswertung - 15.10.2012 (6)
  13. bundespolizei trojaner auf Vista Rechner ;(
    Plagegeister aller Art und deren Bekämpfung - 07.10.2012 (2)
  14. BKA-Trojaner auf 64Bit Rechner mit Windows Vista/OTL File anbei
    Log-Analyse und Auswertung - 08.05.2012 (27)
  15. Infiziert mit Windows-Verschlüsselungs Trojaner -Mail mit Telefonrechnung - windows vista
    Plagegeister aller Art und deren Bekämpfung - 06.05.2012 (12)
  16. Windows Vista Home Premium 32-Bit Trojaner Windows gesperrt 50€ zahlen.
    Log-Analyse und Auswertung - 23.01.2012 (1)
  17. Vista (Recovery) neuaufsetzen nach BKA Trojaner bei zwei Betriebssystemen auf einem Rechner
    Alles rund um Windows - 27.07.2011 (1)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema GVU Trojaner auf Windows Vista Rechner - Hallo, ich habe einen GVU-Trojaner auf meinen Rechner. Als Betriebssystem verwende ich Windows Vista und bin mit Adminrechten am Rechner angemeldet, daher funktioniert der Tipp "mit dem abgesichertem Modus" nicht. - GVU Trojaner auf Windows Vista Rechner...
Archiv
Du betrachtest: GVU Trojaner auf Windows Vista Rechner auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55