Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
GVU Trojaner Windows Vista

GVU Trojaner Windows Vista


Log-Analyse und Auswertung: GVU Trojaner Windows Vista

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 16.05.2013, 21:36   #1
Liese77
 
GVU Trojaner Windows Vista - Standard

GVU Trojaner Windows Vista


Schönen guten Abend,

ich habe mir offensichtlich den GVU-Trojaner eingefangen. Eine Systemwiederherstellung über einen Wiederherstellungspunkt funktioniert nicht.

Habe mir im abgesicherten Modus OTL.exe runtergeladen und durchlaufen lassen.
Die zwei kreierten Log-Files hänge ich hier mal mit dran.

Was muss ich nun tun? Kann mir jemand helfen?

Vielen Dank im Voraus!

Die Liese.

OTL logfile created on: 16.05.2013 21:51:47 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\LinNancyUwe\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

1,99 Gb Total Physical Memory | 1,40 Gb Available Physical Memory | 70,52% Memory free
2,39 Gb Paging File | 1,96 Gb Available in Paging File | 81,75% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 68,77 Gb Total Space | 0,23 Gb Free Space | 0,34% Space Free | Partition Type: NTFS
Drive D: | 68,56 Gb Total Space | 56,62 Gb Free Space | 82,59% Space Free | Partition Type: NTFS

Computer Name: LINNANCYUWE-PC | User Name: LinNancyUwe | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\LinNancyUwe\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe (Adobe Systems, Inc.)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Ad-Aware\aawservice.exe (Lavasoft)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)


========== Modules (No Company Name) ==========

MOD - C:\Windows\System32\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
MOD - C:\Programme\Mozilla Firefox\mozjs.dll ()


========== Services (SafeList) ==========

SRV - (Winmgmt) -- C:\Users\LINNAN~1\AppData\Local\Temp\MVbCn7d.exe File not found
SRV - (gupdatem) -- C:\Program Files\Google\Update\GoogleUpdate.exe /medsvc File not found
SRV - (gupdate) -- C:\Program Files\Google\Update\GoogleUpdate.exe /svc File not found
SRV - (SProtection) -- C:\Programme\Common Files\Umbrella\umbrella.exe (Iminent)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (TelevisionFanaticService) -- C:\Programme\TelevisionFanatic\bar\1.bin\64barsvc.exe (COMPANYVERS_NAME)
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (Application Updater) -- C:\Programme\Application Updater\ApplicationUpdater.exe (Spigot, Inc.)
SRV - (Web Assistant) -- C:\Programme\Web Assistant\ExtensionUpdaterService.exe ()
SRV - (BrowserProtect) -- C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe ()
SRV - (IBUpdaterService) -- C:\Windows\System32\dmwu.exe ()
SRV - (Netzmanager Service) -- C:\Programme\Netzmanager\NMInfraIS2\Netzmanager_Service.exe (Deutsche Telekom AG)
SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (aawservice) -- C:\Programme\Ad-Aware\aawservice.exe (Lavasoft)
SRV - (eDataSecurity Service) -- C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
SRV - (eNet Service) -- C:\Acer\Empowering Technology\eNet\eNet Service.exe (Acer Inc.)
SRV - (eSettingsService) -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe ()
SRV - (MobilityService) -- C:\Acer\Mobility Center\MobilityService.exe ()
SRV - (eLockService) -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe (Acer Inc.)
SRV - (WMIService) -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe (acer)
SRV - (ALaunchService) -- C:\Acer\ALaunch\ALaunchSvc.exe ()
SRV - (eRecoveryService) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (Acer Inc.)
SRV - (lxda_device) -- C:\Windows\System32\lxdacoms.exe ( )
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)


========== Driver Services (SafeList) ==========

DRV - (USBModem) -- system32\DRIVERS\lgusbmodem.sys File not found
DRV - (UsbDiag) -- system32\DRIVERS\lgusbdiag.sys File not found
DRV - (usbbus) -- system32\DRIVERS\lgusbbus.sys File not found
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (TelekomNM3) -- C:\Programme\Netzmanager\NMInfraIS2\Driver\TelekomNM3.sys (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (winusb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (ACEDRV07) -- C:\Windows\System32\drivers\ACEDRV07.sys (Protect Software GmbH)
DRV - (UsbserFilt) -- C:\Windows\System32\drivers\usbser_lowerfltj.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (nmwcdc) -- C:\Windows\System32\drivers\ccdcmbo.sys (Nokia)
DRV - (upperdev) -- C:\Windows\System32\drivers\usbser_lowerflt.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (nmwcd) -- C:\Windows\System32\drivers\ccdcmb.sys (Nokia)
DRV - (fwlanusbn) -- C:\Windows\System32\drivers\fwlanusbn.sys (AVM GmbH)
DRV - (avmeject) -- C:\Windows\System32\drivers\avmeject.sys (AVM Berlin)
DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (int15) -- C:\Acer\Empowering Technology\eRecovery\int15.sys (Acer, Inc.)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (DritekPortIO) -- C:\Programme\Launch Manager\DPortIO.sys (Dritek System Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.intl.acer.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.intl.acer.yahoo.com
IE - HKLM\..\URLSearchHook: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Programme\MyAshampoo\prxtbMyA2.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2475029


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3438887808-3780490940-1782055248-1000\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = about:blank
IE - HKU\S-1-5-21-3438887808-3780490940-1782055248-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.web.de/br/ie9_startpage
IE - HKU\S-1-5-21-3438887808-3780490940-1782055248-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-3438887808-3780490940-1782055248-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3438887808-3780490940-1782055248-1000\..\URLSearchHook: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Programme\MyAshampoo\prxtbMyA2.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-3438887808-3780490940-1782055248-1000\..\URLSearchHook: {E634228A-03CF-4BC8-B0AB-668257F1FD8C} - C:\Programme\FreeRIP Toolbar\IE\7.0\freeripToolbarIE.dll (Spigot, Inc.)
IE - HKU\S-1-5-21-3438887808-3780490940-1782055248-1000\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-3438887808-3780490940-1782055248-1000\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-3438887808-3780490940-1782055248-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3438887808-3780490940-1782055248-1000\..\SearchScopes\{09038620-190C-402B-A92F-18864E6AB22F}: "URL" = hxxp://go.1und1.de/br/ie9_search_web/?su={searchTerms}
IE - HKU\S-1-5-21-3438887808-3780490940-1782055248-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://www.delta-search.com/?q={searchTerms}&affID=119528&babsrc=SP_ss&mntrId=90510165000000000000001fe1a5795e
IE - HKU\S-1-5-21-3438887808-3780490940-1782055248-1000\..\SearchScopes\{40064957-18EB-412d-9146-3F57E8D92EEC}: "URL" = hxxp://go.web.de/br/ie9_search_pic/?su={searchTerms}
IE - HKU\S-1-5-21-3438887808-3780490940-1782055248-1000\..\SearchScopes\{52BF31C9-3282-4A5C-A778-28443656EA0F}: "URL" = hxxp://go.web.de/br/ie8_search_amazon/?keywords={searchTerms}
IE - HKU\S-1-5-21-3438887808-3780490940-1782055248-1000\..\SearchScopes\{5A817CF6-92D5-4DE5-AC38-82DF8A73EF28}: "URL" = hxxp://go.gmx.net/br/ie9_search_web/?su={searchTerms}
IE - HKU\S-1-5-21-3438887808-3780490940-1782055248-1000\..\SearchScopes\{6B1D1FB7-7233-4F7C-802C-21A1DDB12754}: "URL" = hxxp://go.web.de/br/ie9_search_web/?su={searchTerms}
IE - HKU\S-1-5-21-3438887808-3780490940-1782055248-1000\..\SearchScopes\{7E3E102D-8AA1-41B1-AC7C-727676868C44}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=386496&p={searchTerms}
IE - HKU\S-1-5-21-3438887808-3780490940-1782055248-1000\..\SearchScopes\{81CE708B-5104-4C62-B333-94B417473B29}: "URL" = hxxp://go.mail.com/br/ie8_search_web/?su={searchTerms}
IE - HKU\S-1-5-21-3438887808-3780490940-1782055248-1000\..\SearchScopes\{8D27B32E-89EE-460e-82D2-5FC354078EAD}: "URL" = hxxp://go.web.de/br/ie9_search_produkte/?su={searchTerms}
IE - HKU\S-1-5-21-3438887808-3780490940-1782055248-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2475029
IE - HKU\S-1-5-21-3438887808-3780490940-1782055248-1000\..\SearchScopes\{CF6AF45C-94AA-4FD5-9893-63A0F7BC7BC8}: "URL" = hxxp://go.web.de/br/ie8_search_ebay/?q={searchTerms}
IE - HKU\S-1-5-21-3438887808-3780490940-1782055248-1000\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = hxxp://mystart.incredibar.com/mb178/?search={searchTerms}&loc=IB_DS&a=6R8D5gul0x&i=26
IE - HKU\S-1-5-21-3438887808-3780490940-1782055248-1000\..\SearchScopes\{DCE59F23-A446-45a5-9459-E68FDC0DE38D}: "URL" = hxxp://go.web.de/br/ie9_search_maps/?su={searchTerms}
IE - HKU\S-1-5-21-3438887808-3780490940-1782055248-1000\..\SearchScopes\{E9F4F12C-21E9-477E-9EC7-6A1CBD2D4FA8}: "URL" = hxxp://go.web.de/br/ie8_search_web/?su={searchTerms}
IE - HKU\S-1-5-21-3438887808-3780490940-1782055248-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3438887808-3780490940-1782055248-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "My Web Search"
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.selectedEngine: "My Web Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://home.mywebsearch.com/index.jhtml?ptb=9F66AD19-1D6B-41D2-AFEC-1F72224DEAB4&n=77fcb509&p2=^XP^xdm116^YY^de&si=CLWGxO-R87YCFVDMtAodxTIARw"
FF - prefs.js..extensions.enabledAddons: %7BE6C1199F-E687-42da-8C24-E7770CC3AE66%7D:1.8.0
FF - prefs.js..extensions.enabledAddons: %7Be4a8a97b-f2ed-450b-b12d-ee082ba24781%7D:1.8
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1
FF - prefs.js..keyword.URL: "hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?st=kwd&ptb=9F66AD19-1D6B-41D2-AFEC-1F72224DEAB4&n=77fcb509&ind=2013050121&p2=^XP^xdm116^YY^de&si=CLWGxO-R87YCFVDMtAodxTIARw&searchfor="
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX OVS Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@TelevisionFanatic.com/Plugin: C:\Program Files\TelevisionFanatic\bar\1.bin\NP64Stub.dll (MindSpark)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\LinNancyUwe\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.04.14 20:44:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2010.12.18 10:51:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2010.12.18 10:51:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\Web Assistant\Firefox [2013.03.11 05:26:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}: C:\Program Files\Web Assistant\Firefox [2013.03.11 05:26:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\64ffxtbr@TelevisionFanatic.com: C:\Program Files\TelevisionFanatic\bar\1.bin [2013.04.30 21:48:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.04.21 22:05:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.04.14 20:44:06 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{58bd07eb-0ee0-4df0-8121-dc9b693373df}: C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension [2013.02.10 19:13:23 | 000,000,000 | ---D | M]

[2010.05.02 15:00:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\LinNancyUwe\AppData\Roaming\mozilla\Extensions
[2010.05.02 15:00:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\LinNancyUwe\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2013.05.01 21:23:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\LinNancyUwe\AppData\Roaming\mozilla\Firefox\Profiles\czto7yrt.default\extensions
[2013.04.30 21:42:40 | 000,000,000 | ---D | M] (TelevisionFanatic) -- C:\Users\LinNancyUwe\AppData\Roaming\mozilla\Firefox\Profiles\czto7yrt.default\extensions\64ffxtbr@TelevisionFanatic.com
[2013.03.17 17:56:03 | 000,269,007 | ---- | M] () (No name found) -- C:\Users\LinNancyUwe\AppData\Roaming\mozilla\firefox\profiles\czto7yrt.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
[2013.03.17 17:37:30 | 000,014,714 | ---- | M] () (No name found) -- C:\Users\LinNancyUwe\AppData\Roaming\mozilla\firefox\profiles\czto7yrt.default\extensions\{E6C1199F-E687-42da-8C24-E7770CC3AE66}.xpi
[2013.04.30 21:48:30 | 000,009,631 | ---- | M] () -- C:\Users\LinNancyUwe\AppData\Roaming\mozilla\firefox\profiles\czto7yrt.default\searchplugins\my-web-search.xml
[2013.03.17 14:58:01 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2013.04.21 22:05:53 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2013.03.07 17:45:15 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013.03.07 17:45:15 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2013.03.07 17:45:15 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2013.03.07 17:45:15 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2013.03.07 17:45:15 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2013.03.07 17:45:15 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,736 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (WEB.DE Konfiguration) - {17166733-40EA-4432-A85C-AE672FF0E236} - C:\ProgramData\1und1InternetExplorerAddon\BHOXML.dll (1&1 Mail & Media GmbH)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Programme\Web Assistant\Extension32.dll ()
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Incredibar.com Helper Object) - {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - C:\Programme\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll (Montera Technologeis LTD)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (HiTRUST)
O2 - BHO: (IMinent WebBooster (BHO)) - {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} - C:\Programme\Iminent\Iminent.WebBooster.InternetExplorer.dll (Iminent)
O2 - BHO: (MyAshampoo Toolbar) - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Programme\MyAshampoo\prxtbMyA2.dll (Conduit Ltd.)
O2 - BHO: (WEB.DE MailCheck BHO) - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Programme\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH)
O2 - BHO: (delta Helper Object) - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Programme\Delta\delta\1.8.10.0\bh\delta.dll (Delta-search.com)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (FreeRIP Toolbar) - {E634228A-03CF-4BC8-B0AB-668257F1FD8C} - C:\Programme\FreeRIP Toolbar\IE\7.0\freeripToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll File not found
O3 - HKLM\..\Toolbar: (Delta Toolbar) - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Programme\Delta\delta\1.8.10.0\deltaTlbr.dll (Delta-search.com)
O3 - HKLM\..\Toolbar: (MyAshampoo Toolbar) - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Programme\MyAshampoo\prxtbMyA2.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (WEB.DE MailCheck) - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Programme\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH)
O3 - HKLM\..\Toolbar: (FreeRIP Toolbar) - {E634228A-03CF-4BC8-B0AB-668257F1FD8C} - C:\Programme\FreeRIP Toolbar\IE\7.0\freeripToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (Incredibar Toolbar) - {F9639E4A-801B-4843-AEE3-03D9DA199E77} - C:\Programme\Incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll (Montera Technologeis LTD)
O3 - HKU\S-1-5-21-3438887808-3780490940-1782055248-1000\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll File not found
O3 - HKU\S-1-5-21-3438887808-3780490940-1782055248-1000\..\Toolbar\WebBrowser: (MyAshampoo Toolbar) - {A1E75A0E-4397-4BA8-BB50-E19FB66890F4} - C:\Programme\MyAshampoo\prxtbMyA2.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-3438887808-3780490940-1782055248-1000\..\Toolbar\WebBrowser: (WEB.DE MailCheck) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Programme\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe File not found
O4 - HKLM..\Run: [ALaunch] C:\Acer\ALaunch\AlaunchClient.exe File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [DivX Download Manager] C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe (DivX, LLC)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated)
O4 - HKLM..\Run: [eRecoveryService] File not found
O4 - HKLM..\Run: [hpqSRMon] File not found
O4 - HKLM..\Run: [Iminent] C:\Program Files\Iminent\Iminent.exe (Iminent)
O4 - HKLM..\Run: [IminentMessenger] C:\Programme\Iminent\Iminent.Messengers.exe (Iminent)
O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [MailCheck IE Broker] C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe (1und1 Mail und Media GmbH)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - HKLM..\Run: [SetPanel] C:\Acer\APanel\APanel.cmd File not found
O4 - HKLM..\Run: [Smart File Advisor] C:\Program Files\Smart File Advisor\sfa.exe (Filefacts.net)
O4 - HKLM..\Run: [TelevisionFanatic Search Scope Monitor] C:\Programme\TelevisionFanatic\bar\1.bin\64SrchMn.exe (MindSpark)
O4 - HKLM..\Run: [WarReg_PopUp] C:\Programme\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Incorporated)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-3438887808-3780490940-1782055248-1000..\Run: [905101ca] rundll32.exe "C:\Users\LINNAN~1\AppData\Local\Temp\jlxdxwja.dll",b File not found
O4 - HKU\S-1-5-21-3438887808-3780490940-1782055248-1000..\Run: [cmds] rundll32.exe C:\Users\LINNAN~1\AppData\Local\Temp\pmnmjJYr.dll,c File not found
O4 - HKU\S-1-5-21-3438887808-3780490940-1782055248-1000..\Run: [ctfmon.exe] C:\ProgramData\rlofoa.dat (Microsoft Corporation)
O4 - HKU\S-1-5-21-3438887808-3780490940-1782055248-1000..\Run: [EWABQAF7KL] C:\Users\LinNancyUwe\AppData\Local\Temp\Bbu.exe File not found
O4 - HKU\S-1-5-21-3438887808-3780490940-1782055248-1000..\Run: [Hyycu] C:\Users\LinNancyUwe\AppData\Roaming\Ydyn\xuuq.exe File not found
O4 - HKU\S-1-5-21-3438887808-3780490940-1782055248-1000..\Run: [MSServer] rundll32.exe C:\Users\LINNAN~1\AppData\Local\Temp\xxyYOiIB.dll,#1 File not found
O4 - HKU\S-1-5-21-3438887808-3780490940-1782055248-1000..\Run: [Spiele Post] C:\Program Files\OXXOGames\GPlayer\GameCenterNotifier.exe File not found
O4 - HKU\S-1-5-21-3438887808-3780490940-1782055248-1000..\Run: [UBC5AB1IDP] C:\Users\LINNAN~1\AppData\Local\Temp\Bbz.exe File not found
O4 - HKU\S-1-5-21-3438887808-3780490940-1782055248-1000..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [SPUpdSentinel] C:\Program Files\Common Files\Umbrella\umbrella_bkp.exe (Iminent)
O4 - Startup: C:\Users\LinNancyUwe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Netzmanager.lnk = C:\Programme\Netzmanager\netzmanager.exe (Deutsche Telekom AG)
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-3438887808-3780490940-1782055248-1000\Software\Policies\Microsoft\Internet Explorer\Recovery present
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - %SystemRoot%\System32\winrnr.dll File not found
O13 - gopher Prefix: missing
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{45741D7D-8C6C-48E5-9E37-D729D5B459CC}: NameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BC2C1E82-C41A-4C02-A68C-D91BF5A0EBB3}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F6178BEA-00B2-4DA0-8444-52FBB445F204}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\webde {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Programme\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (c:\progra~2\browse~1\261095~1.52\{c16c1~1\browse~1.dll) - c:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll ()
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\LinNancyUwe\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\LinNancyUwe\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{5f0c5a6c-f259-11df-ad3c-001eec502328}\Shell - "" = AutoRun
O33 - MountPoints2\{5f0c5a6c-f259-11df-ad3c-001eec502328}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL G:\Vertriebsportal.exe
O33 - MountPoints2\{f2f7b056-7f95-11dd-a024-8cf8afea5608}\Shell - "" = AutoRun
O33 - MountPoints2\{f2f7b056-7f95-11dd-a024-8cf8afea5608}\Shell\AutoRun\command - "" = F:\pushinst.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013.05.15 04:26:19 | 000,147,456 | ---- | C] (Microsoft Corporation) -- C:\ProgramData\rlofoa.dat
[2013.05.15 04:26:19 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\ProgramData\rundll32.exe
[2013.05.15 01:07:49 | 017,613,192 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerInstaller.exe
[2013.05.13 21:31:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\dtp
[2013.05.09 20:48:55 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2013.05.09 20:43:45 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013.05.09 20:43:45 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2013.05.09 20:43:45 | 000,094,112 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013.05.02 22:03:18 | 000,000,000 | ---D | C] -- C:\Users\LinNancyUwe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FTDownloader.com
[2013.04.30 21:48:31 | 000,000,000 | ---D | C] -- C:\Users\LinNancyUwe\AppData\Local\TelevisionFanatic
[2013.04.30 21:48:20 | 000,000,000 | ---D | C] -- C:\Program Files\TelevisionFanatic
[2 C:\Users\LinNancyUwe\Documents\*.tmp files -> C:\Users\LinNancyUwe\Documents\*.tmp -> ]
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013.05.16 21:41:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.05.16 21:10:45 | 095,023,320 | ---- | M] () -- C:\ProgramData\aofolr.pad
[2013.05.16 20:49:50 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.05.16 20:49:50 | 000,000,310 | -H-- | M] () -- C:\Windows\tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job
[2013.05.16 20:49:46 | 000,000,310 | -H-- | M] () -- C:\Windows\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2013.05.16 20:49:41 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013.05.16 20:49:41 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013.05.15 18:20:04 | 000,344,360 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.05.15 16:48:00 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.05.15 16:01:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.05.15 04:52:15 | 000,002,634 | ---- | M] () -- C:\ProgramData\aofolr.js
[2013.05.15 04:26:19 | 000,147,456 | ---- | M] (Microsoft Corporation) -- C:\ProgramData\rlofoa.dat
[2013.05.15 04:26:19 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\ProgramData\rundll32.exe
[2013.05.15 01:08:01 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013.05.15 01:08:01 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013.05.15 01:07:50 | 017,613,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerInstaller.exe
[2013.05.11 20:52:39 | 000,135,168 | ---- | M] () -- C:\Users\LinNancyUwe\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013.05.08 07:13:22 | 000,019,074 | ---- | M] () -- C:\Users\LinNancyUwe\2013-05-08.hrf
[2013.05.03 21:38:35 | 000,018,275 | ---- | M] () -- C:\Users\LinNancyUwe\2013-05-03.hrf
[2013.05.02 22:03:18 | 000,000,663 | ---- | M] () -- C:\Users\LinNancyUwe\Desktop\FTDownloader.lnk
[2013.05.02 02:06:08 | 000,238,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2013.05.01 12:33:29 | 000,018,919 | ---- | M] () -- C:\Users\LinNancyUwe\2013-05-01.hrf
[2013.04.26 18:17:37 | 000,018,701 | ---- | M] () -- C:\Users\LinNancyUwe\2013-04-26.hrf
[2013.04.24 18:04:50 | 000,018,878 | ---- | M] () -- C:\Users\LinNancyUwe\2013-04-24.hrf
[2013.04.19 21:43:38 | 000,018,709 | ---- | M] () -- C:\Users\LinNancyUwe\2013-04-19.hrf
[2 C:\Users\LinNancyUwe\Documents\*.tmp files -> C:\Users\LinNancyUwe\Documents\*.tmp -> ]
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013.05.15 04:52:03 | 000,002,634 | ---- | C] () -- C:\ProgramData\aofolr.js
[2013.05.15 04:26:28 | 095,023,320 | ---- | C] () -- C:\ProgramData\aofolr.pad
[2013.05.08 07:13:22 | 000,019,074 | ---- | C] () -- C:\Users\LinNancyUwe\2013-05-08.hrf
[2013.05.03 21:38:35 | 000,018,275 | ---- | C] () -- C:\Users\LinNancyUwe\2013-05-03.hrf
[2013.05.02 22:03:18 | 000,000,663 | ---- | C] () -- C:\Users\LinNancyUwe\Desktop\FTDownloader.lnk
[2013.05.01 12:33:29 | 000,018,919 | ---- | C] () -- C:\Users\LinNancyUwe\2013-05-01.hrf
[2013.04.26 18:17:37 | 000,018,701 | ---- | C] () -- C:\Users\LinNancyUwe\2013-04-26.hrf
[2013.04.24 18:04:50 | 000,018,878 | ---- | C] () -- C:\Users\LinNancyUwe\2013-04-24.hrf
[2013.04.19 21:43:38 | 000,018,709 | ---- | C] () -- C:\Users\LinNancyUwe\2013-04-19.hrf
[2013.04.16 17:24:06 | 000,018,709 | ---- | C] () -- C:\Users\LinNancyUwe\2013-04-16.hrf
[2013.04.13 09:25:36 | 000,018,684 | ---- | C] () -- C:\Users\LinNancyUwe\2013-04-13.hrf
[2013.04.09 19:06:53 | 000,018,688 | ---- | C] () -- C:\Users\LinNancyUwe\2013-04-09.hrf
[2013.04.05 19:00:17 | 000,018,865 | ---- | C] () -- C:\Users\LinNancyUwe\2013-04-05.hrf
[2013.04.02 17:59:43 | 000,018,867 | ---- | C] () -- C:\Users\LinNancyUwe\2013-04-02.hrf
[2013.03.29 08:52:06 | 000,018,690 | ---- | C] () -- C:\Users\LinNancyUwe\2013-03-29.hrf
[2013.03.26 17:46:05 | 000,018,688 | ---- | C] () -- C:\Users\LinNancyUwe\2013-03-26.hrf
[2013.03.24 13:50:56 | 000,018,687 | ---- | C] () -- C:\Users\LinNancyUwe\2013-03-24.hrf
[2013.03.23 11:27:59 | 000,018,867 | ---- | C] () -- C:\Users\LinNancyUwe\2013-03-23.hrf
[2013.03.20 05:28:29 | 000,018,652 | ---- | C] () -- C:\Users\LinNancyUwe\2013-03-20.hrf
[2013.03.15 22:18:48 | 000,018,136 | ---- | C] () -- C:\Users\LinNancyUwe\2013-03-15.hrf
[2013.03.12 18:33:44 | 000,018,132 | ---- | C] () -- C:\Users\LinNancyUwe\2013-03-12.hrf
[2013.03.11 05:28:18 | 001,008,496 | ---- | C] () -- C:\Windows\System32\dmwu.exe
[2013.03.11 05:28:18 | 000,028,160 | ---- | C] () -- C:\Windows\System32\ImHttpComm.dll
[2013.03.09 10:32:48 | 000,018,125 | ---- | C] () -- C:\Users\LinNancyUwe\2013-03-09.hrf
[2013.03.05 21:23:05 | 000,018,313 | ---- | C] () -- C:\Users\LinNancyUwe\2013-03-05.hrf
[2013.03.01 19:35:46 | 000,018,309 | ---- | C] () -- C:\Users\LinNancyUwe\2013-03-01.hrf
[2013.02.26 21:14:29 | 000,018,135 | ---- | C] () -- C:\Users\LinNancyUwe\2013-02-26.hrf
[2013.02.22 19:53:13 | 000,018,146 | ---- | C] () -- C:\Users\LinNancyUwe\2013-02-22.hrf
[2013.02.19 19:40:10 | 000,018,148 | ---- | C] () -- C:\Users\LinNancyUwe\2013-02-19.hrf
[2013.02.14 20:55:34 | 000,000,127 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2013.02.07 05:39:25 | 000,948,708 | ---- | C] () -- C:\ProgramData\d7nCbVM.pad
[2012.09.29 10:58:27 | 000,178,710 | ---- | C] () -- C:\Windows\hpoins27.dat.temp
[2012.09.29 10:58:27 | 000,000,932 | ---- | C] () -- C:\Windows\hpomdl27.dat.temp
[2012.05.20 21:36:19 | 000,000,000 | ---- | C] () -- C:\Users\LinNancyUwe\AppData\Roaming\MafiaSetup.exe
[2012.05.20 21:23:54 | 000,002,140 | ---- | C] () -- C:\Users\LinNancyUwe\steuernancy.elfo
[2012.05.20 21:22:35 | 000,015,613 | ---- | C] () -- C:\Users\LinNancyUwe\2012-05-04.hrf
[2012.05.20 21:22:35 | 000,015,613 | ---- | C] () -- C:\Users\LinNancyUwe\2012-04-24.hrf
[2012.05.20 21:22:35 | 000,015,611 | ---- | C] () -- C:\Users\LinNancyUwe\2012-04-27.hrf
[2012.05.20 21:22:35 | 000,015,608 | ---- | C] () -- C:\Users\LinNancyUwe\2012-04-09.hrf
[2012.05.20 21:22:35 | 000,015,604 | ---- | C] () -- C:\Users\LinNancyUwe\2012-05-02.hrf
[2012.05.20 21:22:35 | 000,015,600 | ---- | C] () -- C:\Users\LinNancyUwe\2012-04-02.hrf
[2012.05.20 21:22:35 | 000,015,598 | ---- | C] () -- C:\Users\LinNancyUwe\2012-04-13.hrf
[2012.05.20 21:22:35 | 000,015,597 | ---- | C] () -- C:\Users\LinNancyUwe\2012-04-17.hrf
[2012.05.20 21:22:35 | 000,015,596 | ---- | C] () -- C:\Users\LinNancyUwe\2012-03-26.hrf
[2012.05.20 21:22:35 | 000,015,581 | ---- | C] () -- C:\Users\LinNancyUwe\2012-03-23.hrf
[2012.05.20 21:22:35 | 000,000,020 | ---- | C] () -- C:\Users\LinNancyUwe\ho.dir
[2012.05.20 21:22:34 | 000,016,094 | ---- | C] () -- C:\Users\LinNancyUwe\2011-11-30.hrf
[2012.05.20 21:22:34 | 000,016,091 | ---- | C] () -- C:\Users\LinNancyUwe\2011-12-02.hrf
[2012.05.20 21:22:34 | 000,016,025 | ---- | C] () -- C:\Users\LinNancyUwe\2012-02-13.hrf
[2012.05.20 21:22:34 | 000,015,627 | ---- | C] () -- C:\Users\LinNancyUwe\2011-12-16.hrf
[2012.05.20 21:22:34 | 000,015,622 | ---- | C] () -- C:\Users\LinNancyUwe\2011-12-30.hrf
[2012.05.20 21:22:34 | 000,015,622 | ---- | C] () -- C:\Users\LinNancyUwe\2011-12-27.hrf
[2012.05.20 21:22:34 | 000,015,621 | ---- | C] () -- C:\Users\LinNancyUwe\2011-12-06.hrf
[2012.05.20 21:22:34 | 000,015,619 | ---- | C] () -- C:\Users\LinNancyUwe\2011-12-23.hrf
[2012.05.20 21:22:34 | 000,015,618 | ---- | C] () -- C:\Users\LinNancyUwe\2011-12-20.hrf
[2012.05.20 21:22:34 | 000,015,615 | ---- | C] () -- C:\Users\LinNancyUwe\2011-12-10.hrf
[2012.05.20 21:22:34 | 000,015,613 | ---- | C] () -- C:\Users\LinNancyUwe\2012-01-10.hrf
[2012.05.20 21:22:34 | 000,015,611 | ---- | C] () -- C:\Users\LinNancyUwe\2012-01-13.hrf
[2012.05.20 21:22:34 | 000,015,611 | ---- | C] () -- C:\Users\LinNancyUwe\2011-12-12.hrf
[2012.05.20 21:22:34 | 000,015,608 | ---- | C] () -- C:\Users\LinNancyUwe\2012-01-17.hrf
[2012.05.20 21:22:34 | 000,015,604 | ---- | C] () -- C:\Users\LinNancyUwe\2012-01-03.hrf
[2012.05.20 21:22:34 | 000,015,602 | ---- | C] () -- C:\Users\LinNancyUwe\2012-01-31.hrf
[2012.05.20 21:22:34 | 000,015,600 | ---- | C] () -- C:\Users\LinNancyUwe\2012-02-03.hrf
[2012.05.20 21:22:34 | 000,015,599 | ---- | C] () -- C:\Users\LinNancyUwe\2012-01-27.hrf
[2012.05.20 21:22:34 | 000,015,595 | ---- | C] () -- C:\Users\LinNancyUwe\2012-01-20.hrf
[2012.05.20 21:22:34 | 000,015,593 | ---- | C] () -- C:\Users\LinNancyUwe\2012-01-06.hrf
[2012.05.20 21:22:34 | 000,015,590 | ---- | C] () -- C:\Users\LinNancyUwe\2012-02-07.hrf
[2012.05.20 21:22:34 | 000,015,590 | ---- | C] () -- C:\Users\LinNancyUwe\2012-01-23.hrf
[2012.05.20 21:22:34 | 000,015,581 | ---- | C] () -- C:\Users\LinNancyUwe\2012-03-05.hrf
[2012.05.20 21:22:34 | 000,015,580 | ---- | C] () -- C:\Users\LinNancyUwe\2012-03-16.hrf
[2012.05.20 21:22:34 | 000,015,578 | ---- | C] () -- C:\Users\LinNancyUwe\2012-03-19.hrf
[2012.05.20 21:22:34 | 000,015,578 | ---- | C] () -- C:\Users\LinNancyUwe\2012-03-12.hrf
[2012.05.20 21:22:34 | 000,015,573 | ---- | C] () -- C:\Users\LinNancyUwe\2012-02-20.hrf
[2012.05.20 21:22:34 | 000,015,572 | ---- | C] () -- C:\Users\LinNancyUwe\2012-03-02.hrf
[2012.05.20 21:22:34 | 000,015,571 | ---- | C] () -- C:\Users\LinNancyUwe\2012-03-09.hrf
[2012.05.20 21:22:34 | 000,015,571 | ---- | C] () -- C:\Users\LinNancyUwe\2012-02-28.hrf
[2012.05.20 21:22:34 | 000,015,559 | ---- | C] () -- C:\Users\LinNancyUwe\2012-02-25.hrf
[2012.05.20 21:22:34 | 000,015,154 | ---- | C] () -- C:\Users\LinNancyUwe\2011-10-31.hrf
[2012.05.20 21:22:34 | 000,014,965 | ---- | C] () -- C:\Users\LinNancyUwe\2012-02-10.hrf
[2012.04.29 21:46:47 | 000,577,536 | ---- | C] () -- C:\Windows\System32\ChilkatCsv.dll
[2011.11.14 21:46:50 | 000,225,280 | ---- | C] () -- C:\Windows\System32\sdl.dll
[2011.09.28 20:51:47 | 000,001,492 | ---- | C] () -- C:\ProgramData\ss.ini
[2010.02.07 23:18:59 | 000,001,356 | ---- | C] () -- C:\Users\LinNancyUwe\AppData\Local\d3d9caps.dat
[2009.09.28 14:19:38 | 000,004,096 | ---- | C] () -- C:\Users\LinNancyUwe\AppData\Local\locked-keyfile3.drm.dfgq
[2008.09.27 14:21:28 | 000,000,310 | ---- | C] () -- C:\Users\LinNancyUwe\AppData\Roaming\wklnhst.dat
[2008.09.23 06:10:35 | 000,001,105 | ---- | C] () -- C:\Users\LinNancyUwe\Recent - Verknüpfung.lnk
[2008.09.17 19:36:03 | 000,135,168 | ---- | C] () -- C:\Users\LinNancyUwe\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2002.08.13 17:04:12 | 000,217,088 | ---- | C] () -- C:\Users\LinNancyUwe\AppData\Roaming\locked-MafiaSetup.exe.nvfp

========== ZeroAccess Check ==========

[2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
"ThreadingModel" = Both
"" = C:\$Recycle.Bin\S-1-5-21-3438887808-3780490940-1782055248-1000\$d8b5e6c5668795ced4d988d967e866f1\n.

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 08:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012.05.20 21:37:28 | 000,000,000 | -HSD | M] -- C:\Users\LinNancyUwe\AppData\Roaming\.#
[2011.07.28 05:01:53 | 000,000,000 | ---D | M] -- C:\Users\LinNancyUwe\AppData\Roaming\1&1 Mail & Media GmbH
[2012.05.20 21:37:28 | 000,000,000 | ---D | M] -- C:\Users\LinNancyUwe\AppData\Roaming\Acer GameZone Console
[2012.11.06 22:51:15 | 000,000,000 | ---D | M] -- C:\Users\LinNancyUwe\AppData\Roaming\Alawar Stargaze
[2013.02.22 21:25:08 | 000,000,000 | ---D | M] -- C:\Users\LinNancyUwe\AppData\Roaming\Ashampoo
[2009.10.28 21:49:07 | 000,000,000 | ---D | M] -- C:\Users\LinNancyUwe\AppData\Roaming\Awem
[2013.02.10 19:03:12 | 000,000,000 | ---D | M] -- C:\Users\LinNancyUwe\AppData\Roaming\Babylon
[2008.09.29 22:02:45 | 000,000,000 | ---D | M] -- C:\Users\LinNancyUwe\AppData\Roaming\Big Fish Games
[2009.03.08 21:16:02 | 000,000,000 | ---D | M] -- C:\Users\LinNancyUwe\AppData\Roaming\Buhl Data Service
[2013.03.26 22:11:19 | 000,000,000 | ---D | M] -- C:\Users\LinNancyUwe\AppData\Roaming\calibre
[2013.03.12 22:29:34 | 000,000,000 | ---D | M] -- C:\Users\LinNancyUwe\AppData\Roaming\Canneverbe Limited
[2011.08.10 08:29:27 | 000,000,000 | ---D | M] -- C:\Users\LinNancyUwe\AppData\Roaming\DAEMON Tools Lite
[2013.02.10 19:12:52 | 000,000,000 | ---D | M] -- C:\Users\LinNancyUwe\AppData\Roaming\Delta
[2010.12.29 18:14:00 | 000,000,000 | ---D | M] -- C:\Users\LinNancyUwe\AppData\Roaming\DTgrafic
[2010.03.27 15:38:03 | 000,000,000 | ---D | M] -- C:\Users\LinNancyUwe\AppData\Roaming\elsterformular
[2012.12.17 21:26:22 | 000,000,000 | ---D | M] -- C:\Users\LinNancyUwe\AppData\Roaming\Enlightenus2SE_BFG
[2012.11.06 08:01:15 | 000,000,000 | ---D | M] -- C:\Users\LinNancyUwe\AppData\Roaming\Espow
[2008.09.14 21:15:45 | 000,000,000 | ---D | M] -- C:\Users\LinNancyUwe\AppData\Roaming\FloodLightGames
[2012.05.20 21:37:26 | 000,000,000 | ---D | M] -- C:\Users\LinNancyUwe\AppData\Roaming\FRITZ!
[2011.02.20 17:19:52 | 000,000,000 | ---D | M] -- C:\Users\LinNancyUwe\AppData\Roaming\GetRightToGo
[2012.05.20 21:37:25 | 000,000,000 | ---D | M] -- C:\Users\LinNancyUwe\AppData\Roaming\gsak
[2012.05.20 21:37:25 | 000,000,000 | ---D | M] -- C:\Users\LinNancyUwe\AppData\Roaming\GTM_Bodie
[2009.10.27 21:19:24 | 000,000,000 | ---D | M] -- C:\Users\LinNancyUwe\AppData\Roaming\HdO Adventure
[2012.10.15 21:49:59 | 000,000,000 | ---D | M] -- C:\Users\LinNancyUwe\AppData\Roaming\Hovut
[2013.02.10 19:25:48 | 000,000,000 | ---D | M] -- C:\Users\LinNancyUwe\AppData\Roaming\Iminent
[2013.03.03 12:07:52 | 000,000,000 | ---D | M] -- C:\Users\LinNancyUwe\AppData\Roaming\IsolatedStorage
[2010.12.18 10:51:41 | 000,000,000 | ---D | M] -- C:\Users\LinNancyUwe\AppData\Roaming\Local
[2013.02.16 14:05:22 | 000,000,000 | ---D | M] -- C:\Users\LinNancyUwe\AppData\Roaming\Lonely Troops
[2010.12.20 16:29:03 | 000,000,000 | ---D | M] -- C:\Users\LinNancyUwe\AppData\Roaming\map&guide
[2012.12.28 14:24:29 | 000,000,000 | ---D | M] -- C:\Users\LinNancyUwe\AppData\Roaming\Merscom
[2011.08.12 12:36:56 | 000,000,000 | ---D | M] -- C:\Users\LinNancyUwe\AppData\Roaming\My Games
[2012.11.08 22:11:58 | 000,000,000 | ---D | M] -- C:\Users\LinNancyUwe\AppData\Roaming\Old Castle
[2010.12.18 17:17:23 | 000,000,000 | ---D | M] -- C:\Users\LinNancyUwe\AppData\Roaming\Opera
[2012.05.20 21:36:21 | 000,000,000 | ---D | M] -- C:\Users\LinNancyUwe\AppData\Roaming\phonostar-Player
[2012.12.30 15:13:09 | 000,000,000 | ---D | M] -- C:\Users\LinNancyUwe\AppData\Roaming\PopCapv1006
[2009.10.30 21:59:44 | 000,000,000 | ---D | M] -- C:\Users\LinNancyUwe\AppData\Roaming\Princess Isabella
[2012.05.20 21:36:21 | 000,000,000 | ---D | M] -- C:\Users\LinNancyUwe\AppData\Roaming\RobinsonCrusoeCER
[2013.02.10 14:47:28 | 000,000,000 | ---D | M] -- C:\Users\LinNancyUwe\AppData\Roaming\Systweak
[2010.12.14 21:52:25 | 000,000,000 | ---D | M] -- C:\Users\LinNancyUwe\AppData\Roaming\T-Online
[2013.03.28 15:57:29 | 000,000,000 | ---D | M] -- C:\Users\LinNancyUwe\AppData\Roaming\TeamViewer
[2008.09.27 14:21:42 | 000,000,000 | ---D | M] -- C:\Users\LinNancyUwe\AppData\Roaming\Template
[2011.08.17 20:43:26 | 000,000,000 | ---D | M] -- C:\Users\LinNancyUwe\AppData\Roaming\TitanicMystery
[2010.05.02 15:00:38 | 000,000,000 | ---D | M] -- C:\Users\LinNancyUwe\AppData\Roaming\TomTom
[2012.05.05 16:29:31 | 000,000,000 | ---D | M] -- C:\Users\LinNancyUwe\AppData\Roaming\Txan
[2011.02.12 09:23:21 | 000,000,000 | ---D | M] -- C:\Users\LinNancyUwe\AppData\Roaming\uniblue
[2011.09.19 21:06:25 | 000,000,000 | ---D | M] -- C:\Users\LinNancyUwe\AppData\Roaming\VistaCodecs
[2012.10.22 20:49:47 | 000,000,000 | ---D | M] -- C:\Users\LinNancyUwe\AppData\Roaming\Ydyn
[2009.10.23 21:17:49 | 000,000,000 | ---D | M] -- C:\Users\LinNancyUwe\AppData\Roaming\Zylom

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:FEBEC560
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:9F683177
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:E1F04E8D
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:C95B63DA
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:8173A019
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:8AB6C1D7
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:861A898F
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:4F636E25
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:580E04D8

< End of report >

 

Themen zu GVU Trojaner Windows Vista
ad-aware, autorun, avira, bho, browserprotect.dll, desktop, error, excel, firefox, flash player, google, helper, home, logfile, mindspark, mozilla, object, plug-in, popup, realtek, recycle.bin, registry, rundll, scan, senden, software, sprotection, trojaner, vista, windows


« Systembereinigung nach GVU-Virus | Habe ich einen Virus ? »


Ähnliche Themen: GVU Trojaner Windows Vista


  1. GVU Trojaner auf Windows Vista
    Log-Analyse und Auswertung - 19.04.2014 (12)
  2. GVU - Trojaner in Windows Vista
    Plagegeister aller Art und deren Bekämpfung - 09.12.2013 (2)
  3. Windows Vista Trojaner
    Log-Analyse und Auswertung - 09.10.2013 (17)
  4. GVU Trojaner auf windows vista
    Plagegeister aller Art und deren Bekämpfung - 02.09.2013 (1)
  5. gvu trojaner windows vista
    Plagegeister aller Art und deren Bekämpfung - 21.08.2013 (23)
  6. GVU Trojaner Windows Vista
    Log-Analyse und Auswertung - 22.07.2013 (1)
  7. GVU/Trojaner Windows Vista
    Plagegeister aller Art und deren Bekämpfung - 09.05.2013 (5)
  8. GVU-Trojaner auf Windows Vista
    Plagegeister aller Art und deren Bekämpfung - 27.03.2013 (1)
  9. GVU- Trojaner Windows Vista
    Log-Analyse und Auswertung - 20.01.2013 (7)
  10. GVU Trojaner , Windows Vista
    Plagegeister aller Art und deren Bekämpfung - 13.01.2013 (23)
  11. GVU Trojaner 2.07 auf Windows Vista
    Log-Analyse und Auswertung - 28.10.2012 (24)
  12. BKA Trojaner 1.15 (Windows Vista)
    Log-Analyse und Auswertung - 05.10.2012 (37)
  13. GUV Trojaner Windows Vista
    Log-Analyse und Auswertung - 01.08.2012 (3)
  14. Windows Vista GVU Trojaner
    Plagegeister aller Art und deren Bekämpfung - 27.05.2012 (8)
  15. Infiziert mit Windows-Verschlüsselungs Trojaner -Mail mit Telefonrechnung - windows vista
    Plagegeister aller Art und deren Bekämpfung - 06.05.2012 (12)
  16. BKA-Trojaner Windows Vista
    Plagegeister aller Art und deren Bekämpfung - 25.03.2012 (1)
  17. Windows Vista Home Premium 32-Bit Trojaner Windows gesperrt 50€ zahlen.
    Log-Analyse und Auswertung - 23.01.2012 (1)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema GVU Trojaner Windows Vista - Schönen guten Abend, ich habe mir offensichtlich den GVU-Trojaner eingefangen. Eine Systemwiederherstellung über einen Wiederherstellungspunkt funktioniert nicht. Habe mir im abgesicherten Modus OTL.exe runtergeladen und durchlaufen lassen. Die zwei kreierten - GVU Trojaner Windows Vista...
Archiv
Du betrachtest: GVU Trojaner Windows Vista auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27