Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
GVU Trojaner, Windows7

GVU Trojaner, Windows7


Plagegeister aller Art und deren Bekämpfung: GVU Trojaner, Windows7

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 29.05.2013, 13:38   #1
Hulkster
 
GVU Trojaner, Windows7 - Standard

GVU Trojaner, Windows7


Hallo zusammen!

Mein Bruder brachte mir gestern seinen Laptop mit dem Betriebssystem Windows 7 und dem GVU-Trojaner damit ich ihn beseitige, da ich den Bundespolizei-Trojaner bei mir selbst mit Hilfe einiger Beiträge aus diesem Forum bereits selbst vor einiger Zeit beseitigen konnte. Jedoch stoße ich hier bei diesem Trojaner an meine persönlichen Grenzen.

Ich habe bereits versucht, den Laptop im abgesicherten Modus zu starten (F8), jedoch startet er automatisch direkt neu und ich komme wieder bei dem weißen Bildschirm des Trojaners raus -.-

Dann habe ich versucht mir OTLPE-Network auf CD zu brennen und von dort zu booten, jedoch kommt nach dem "Starting Reatogo-X-PE" dann ein Startbildschirm von Windows XP und ein Bluescreen:

"Technical Information:

*** STOP: 0x0000007B (0xF78DA528, 0xC0000034, 0x00000000, 0x00000000)"


Ich bedanke mich für jegliche Unterstützung zur Beseitigung des Problems.


o/
Hulkster

Alt 29.05.2013, 13:39   #2
markusg
/// Malware-holic
 
GVU Trojaner, Windows7 - Standard

GVU Trojaner, Windows7


Hi
gehe ins bios, solllte bei PC-Start via entf-Taste gehen, dort prüfe, ob der iDE oder AHCI Mode gewählt ist, konfiguriere jeweils den gegenteiligen und versuchs erneut über die CD
__________________

__________________
Alt 29.05.2013, 13:42   #3
Hulkster
 
GVU Trojaner, Windows7 - Standard

GVU Trojaner, Windows7


Du meinst bei Advanced -> SATA Mode ?
__________________
Alt 29.05.2013, 13:43   #4
markusg
/// Malware-holic
 
GVU Trojaner, Windows7 - Standard

GVU Trojaner, Windows7


genau, is halt von den einzelnen Versionen unterschiedlich, deswegen keine genaue beschreibung
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 29.05.2013, 13:55   #5
Hulkster
 
GVU Trojaner, Windows7 - Standard

GVU Trojaner, Windows7


Nun hat er gebootet, jedoch wenn ich das Laufwerk (hab alle versucht^^) auswähle kommt folgende Nachricht:

"RunScanner Error

Target is not windows 2000 or later"
Alt 29.05.2013, 13:56   #6
markusg
/// Malware-holic
 
GVU Trojaner, Windows7 - Standard

GVU Trojaner, Windows7


Hi, klappe die Laufwerke mal auf, wähle den Ordner Wind bzw Windows, klicke drauf, dann gehts
__________________
--> GVU Trojaner, Windows7

Alt 29.05.2013, 14:46   #7
Hulkster
 
GVU Trojaner, Windows7 - Standard

GVU Trojaner, Windows7


Im Anhang befindet sich die Extras.txt Datei, die OTL.txt ist leider zu groß zum Anhängen (Die Datei, die Sie anhängen möchten, ist zu groß. Die maximale Dateigröße für diesen Dateityp beträgt 97,7 KB. Ihre Datei ist 117,9 KB groß. )

Ich füge den Inhalt mal hier im CODE ein, hoffe das ist i.O. so.

Code:
ATTFilter
OTL logfile created on: 5/29/2013 8:33:59 PM - Run 
OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE
Windows 7 Home Premium Service Pack 1 (Version = 6.1.7601) - Type = System
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 91.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = F: | %SystemRoot% = F:\Windows | %ProgramFiles% = F:\Program Files
Drive C: | 100.00 Mb Total Space | 75.40 Mb Free Space | 75.40% Space Free | Partition Type: NTFS
Drive D: | 987.72 Mb Total Space | 374.13 Mb Free Space | 37.88% Space Free | Partition Type: FAT
Drive F: | 565.07 Gb Total Space | 513.31 Gb Free Space | 90.84% Space Free | Partition Type: NTFS
Drive G: | 30.00 Gb Total Space | 9.23 Gb Free Space | 30.76% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Win32 Services (SafeList) ==========
 
SRV - [2013/05/29 07:12:33 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- F:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/02/05 04:54:40 | 000,233,472 | ---- | M] (Teruten) [Auto] -- F:\Windows\System32\FsUsbExService.Exe -- (FsUsbExService)
SRV - [2012/12/18 10:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto] -- F:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/11/29 04:26:17 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand] -- F:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/05/12 07:24:03 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- F:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012/05/12 07:24:03 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- F:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/11/03 10:24:56 | 000,018,432 | ---- | M] () [Auto] -- F:\Users\Medion\AppData\LocalLow\AdobeAir\IE\AdobeAirUpdater.exe -- (AdobeAirUpdater)
SRV - [2011/10/27 05:34:30 | 000,718,384 | ---- | M] (Nokia) [On_Demand] -- F:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2011/08/17 06:04:36 | 000,247,872 | ---- | M] () [Auto] -- F:\Program Files\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2011/04/01 06:14:30 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand] -- F:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/03/28 06:21:16 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto] -- F:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2010/07/27 02:05:14 | 001,620,584 | ---- | M] (NVIDIA Corporation) [Auto] -- F:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2010/05/10 15:28:50 | 002,320,920 | ---- | M] (Intel Corporation) [Auto] -- F:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2010/05/10 15:28:50 | 000,268,824 | ---- | M] (Intel Corporation) [Auto] -- F:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2010/03/03 23:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto] -- F:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
SRV - [2009/11/07 06:46:52 | 000,020,480 | ---- | M] (X10) [Auto] -- F:\Program Files\Common Files\X10\Common\X10nets.exe -- (x10nets)
SRV - [2009/10/22 20:05:40 | 000,118,560 | ---- | M] (Wistron Corp.) [On_Demand] -- F:\Program Files\Launch Manager\WisLMSvc.exe -- (WisLMSvc)
SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand] -- F:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 21:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto] -- F:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/07/24 06:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto] -- F:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2013/04/03 03:58:16 | 000,181,912 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand] -- F:\Windows\System32\drivers\ssudmdm.sys -- (ssudmdm) SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.)
DRV - [2013/04/03 03:58:16 | 000,083,864 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand] -- F:\Windows\System32\drivers\ssudbus.sys -- (dg_ssudbus) SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.)
DRV - [2013/02/05 04:54:40 | 000,037,344 | ---- | M] () [Kernel | On_Demand] -- F:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2012/05/12 07:24:03 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System] -- F:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012/05/12 07:24:03 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto] -- F:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011/10/19 11:56:15 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System] -- F:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011/08/17 05:03:58 | 000,137,472 | ---- | M] (Nokia) [Kernel | On_Demand] -- F:\Windows\System32\drivers\nmwcdnsu.sys -- (nmwcdnsu)
DRV - [2011/08/17 05:03:50 | 000,008,576 | ---- | M] (Nokia) [Kernel | On_Demand] -- F:\Windows\System32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc)
DRV - [2011/08/17 04:56:32 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand] -- F:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2011/08/17 04:56:30 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand] -- F:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2011/08/17 04:56:26 | 000,023,168 | ---- | M] (Nokia) [Kernel | On_Demand] -- F:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2011/08/17 04:56:22 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand] -- F:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2010/11/20 06:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- F:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 05:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- F:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/07/26 10:27:00 | 010,325,768 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- F:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010/07/26 10:27:00 | 000,019,656 | ---- | M] (NVIDIA Corporation) [Kernel | Boot] -- F:\Windows\System32\drivers\nvpciflt.sys -- (nvpciflt)
DRV - [2010/06/21 03:14:36 | 000,246,272 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand] -- F:\Windows\System32\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)
DRV - [2010/06/17 10:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System] -- F:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/05/24 09:46:34 | 000,193,056 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- F:\Windows\System32\Drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2010/05/10 15:28:49 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- F:\Windows\system32\DRIVERS\HECI.sys -- (HECI) Intel(R)
DRV - [2010/04/27 03:28:46 | 000,146,568 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand] -- F:\Windows\system32\DRIVERS\nusb3xhc.sys -- (nusb3xhc)
DRV - [2010/04/27 03:27:50 | 000,064,904 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand] -- F:\Windows\system32\DRIVERS\nusb3hub.sys -- (nusb3hub)
DRV - [2010/04/01 05:13:38 | 001,009,184 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand] -- F:\Windows\System32\drivers\rtl8192se.sys -- (rtl8192se)
DRV - [2010/03/04 11:53:08 | 000,067,624 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand] -- F:\Windows\System32\drivers\L1C62x86.sys -- (L1C)
DRV - [2010/02/26 17:01:22 | 000,132,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- F:\Windows\system32\DRIVERS\Impcd.sys -- (Impcd)
DRV - [2009/11/19 09:06:46 | 000,098,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- F:\Windows\System32\drivers\s1039bus.sys -- (s1039bus) Sony Ericsson Device 1039 driver (WDM)
DRV - [2009/11/19 09:06:46 | 000,025,456 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- F:\Windows\System32\drivers\s1039nd5.sys -- (s1039nd5) Sony Ericsson Device 1039 USB Ethernet Emulation (NDIS)
DRV - [2009/11/19 09:06:45 | 000,124,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- F:\Windows\System32\drivers\s1039mdm.sys -- (s1039mdm)
DRV - [2009/11/19 09:06:45 | 000,123,504 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- F:\Windows\System32\drivers\s1039unic.sys -- (s1039unic) Sony Ericsson Device 1039 USB Ethernet Emulation (WDM)
DRV - [2009/11/19 09:06:45 | 000,117,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- F:\Windows\System32\drivers\s1039mgmt.sys -- (s1039mgmt) Sony Ericsson Device 1039 USB WMC Device Management Drivers (WDM)
DRV - [2009/11/19 09:06:45 | 000,113,904 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- F:\Windows\System32\drivers\s1039obex.sys -- (s1039obex)
DRV - [2009/11/19 09:06:44 | 000,014,960 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- F:\Windows\System32\drivers\s1039mdfl.sys -- (s1039mdfl)
DRV - [2009/08/13 02:39:40 | 000,786,400 | ---- | M] (DiBcom SA) [Kernel | On_Demand] -- F:\Windows\System32\drivers\mod7700.sys -- (mod7700)
DRV - [2009/07/13 19:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- F:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/05/13 15:47:30 | 000,027,160 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand] -- F:\Windows\System32\drivers\x10ufx2.sys -- (XUIF)
DRV - [2009/05/13 15:26:26 | 000,013,720 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand] -- F:\Windows\System32\Drivers\x10hid.sys -- (X10Hid)
DRV - [2008/08/26 05:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand] -- F:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
 
 
========== Standard Registry (All) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =  [binary data]
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
IE - HKLM\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - F:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\LocalService_ON_F\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - F:\Windows\System32\ieframe.dll (Microsoft Corporation)
 
IE - HKU\Medion_ON_F\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://medion.msn.com
IE - HKU\Medion_ON_F\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.aldi.com [binary data]
IE - HKU\Medion_ON_F\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKU\Medion_ON_F\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
IE - HKU\Medion_ON_F\Software\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\Medion_ON_F\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\Medion_ON_F\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKU\Medion_ON_F\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - F:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKU\Medion_ON_F\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - F:\Windows\System32\ieframe.dll (Microsoft Corporation)
IE - HKU\Medion_ON_F\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\NetworkService_ON_F\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - F:\Windows\System32\ieframe.dll (Microsoft Corporation)
 
 
IE - HKU\UpdatusUser_ON_F\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - F:\Windows\System32\ieframe.dll (Microsoft Corporation)
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: F:\Windows\System32\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: F:\Windows\System32\Adobe\Director\np32dsw_1200112.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: F:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: F:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: F:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: F:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: F:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: F:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fe_7.0@nokia.com: C:\Program Files\Nokia\Nokia Suite\Connectors\Bookmarks Connector\FirefoxExtension_7.0 [2011/12/03 14:18:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/03/20 05:36:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\te_7.0@nokia.com: C:\Program Files\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_7.0 [2011/12/03 14:18:11 | 000,000,000 | ---D | M]
 
[2012/12/23 17:54:00 | 000,000,000 | ---D | M] (No name found) -- F:\Program Files\Mozilla Firefox\extensions
[2012/12/23 17:54:00 | 000,000,000 | ---D | M] (Default) -- F:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2012/11/29 04:26:57 | 000,262,112 | ---- | M] (Mozilla Foundation) -- F:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/11/29 05:19:31 | 000,001,392 | ---- | M] () -- F:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/11/29 05:19:31 | 000,002,465 | ---- | M] () -- F:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/11/29 05:19:31 | 000,001,153 | ---- | M] () -- F:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012/11/29 05:19:31 | 000,003,581 | ---- | M] () -- F:\Program Files\mozilla firefox\searchplugins\google.xml
[2012/11/29 05:19:32 | 000,006,805 | ---- | M] () -- F:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012/11/29 05:19:31 | 000,001,178 | ---- | M] () -- F:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/11/29 05:19:31 | 000,001,105 | ---- | M] () -- F:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009/06/10 17:39:37 | 000,000,824 | ---- | M]) - F:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - F:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (QuickShare WidgetEngine) - {31ad400d-1b06-4e33-a59a-90c2c140cba0} - F:\Windows\System32\mscoree.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - F:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - F:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - F:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - F:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (AdobeAir) - {DCA971EE-CB86-4592-AE52-A45B2E257A12} - F:\Users\Medion\AppData\LocalLow\AdobeAir\IE\AdobeAir.dll (Adobe Systems Inc.)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - F:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - F:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (QuickShare Widget) - {ae07101b-46d4-4a98-af68-0333ea26e113} - F:\Windows\System32\mscoree.dll (Microsoft Corporation)
O3 - HKU\Medion_ON_F\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKLM..\Run: [Adobe ARM] F:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] F:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [CLMLServer] F:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [HotkeyApp] F:\Program Files\Launch Manager\HotkeyApp.exe (Wistron)
O4 - HKLM..\Run: [HotKeysCmds] F:\Windows\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] F:\Windows\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [KiesTrayAgent] F:\Users\Medion\Desktop\*****\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [LMgrOSD]  File not found
O4 - HKLM..\Run: [LMgrVolOSD] F:\Program Files\Launch Manager\OSD.exe (Wistron Corp.)
O4 - HKLM..\Run: [NUSB3MON] F:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [Persistence] F:\Windows\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [RtHDVBg] F:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [RtHDVCpl] F:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SunJavaUpdateSched] F:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPEnh] F:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated)
O4 - HKLM..\Run: [Wbutton] F:\Program Files\Launch Manager\Wbutton.exe (Wistron Corp.)
O4 - HKU\LocalService_ON_F..\Run: [Sidebar] F:\Program Files\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\Medion_ON_F..\Run: [] F:\Users\Medion\Desktop\*****\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung)
O4 - HKU\Medion_ON_F..\Run: [KiesAirMessage] F:\Users\Medion\Desktop\*****\Samsung\Kies\KiesAirMessage.exe (Samsung Electronics)
O4 - HKU\Medion_ON_F..\Run: [KiesPreload] F:\Users\Medion\Desktop\*****\Samsung\Kies\Kies.exe (Samsung)
O4 - HKU\Medion_ON_F..\Run: [Sidebar] F:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_F..\Run: [Sidebar] F:\Program Files\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\UpdatusUser_ON_F..\Run: [Sidebar] F:\Program Files\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\LocalService_ON_F..\RunOnce: [mctadmin] F:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_F..\RunOnce: [mctadmin] F:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\UpdatusUser_ON_F..\RunOnce: [mctadmin] F:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\UpdatusUser_ON_F..\RunOnce: [Screensaver] F:\Windows\Web\Wallpaper\MEDION\start.vbs ()
O4 - Startup: Error locating startup folders.
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKU\Medion_ON_F\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Medion_ON_F\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\Medion_ON_F\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - F:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} -  File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} -  File not found
O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - F:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - F:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - F:\Program Files\ICQ7.7\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - F:\Program Files\ICQ7.7\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - F:\Windows\System32\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - F:\Windows\System32\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - F:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - F:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - F:\Program Files\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - F:\Program Files\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - F:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - F:\Windows\System32\winrnr.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - F:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - F:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - F:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - F:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - F:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - F:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - F:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - F:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - F:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - F:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - F:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - F:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - F:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - F:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - F:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - F:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - F:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - F:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - F:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - F:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - F:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - F:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - F:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - F:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - F:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - F:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - F:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - F:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - F:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - F:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - F:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - F:\Windows\System32\mswsock.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - F:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - F:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - F:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - F:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - F:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - F:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - F:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - F:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - F:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - F:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - F:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - F:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - F:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - F:\Program Files\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - F:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - F:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - F:\Windows\System32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - F:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - F:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - F:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - F:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - F:\Program Files\Common Files\microsoft shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - F:\Program Files\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - F:\Program Files\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - F:\Program Files\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - F:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - F:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - F:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - F:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - F:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - F:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - F:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - F:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - F:\Program Files\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\Windows\system32\nvinit.dll) - F:\Windows\System32\nvinit.dll (NVIDIA Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - F:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - F:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - F:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKU\Medion_ON_F Winlogon: Shell - (explorer.exe) - F:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKU\Medion_ON_F Winlogon: Shell - (C:\Users\Medion\AppData\Roaming\skype.dat) - F:\Users\Medion\AppData\Roaming\skype.dat ()
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - F:\Windows\System32\igfxdev.dll (Intel Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O29 - HKLM SecurityProviders - (credssp.dll) - F:\Windows\System32\credssp.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - F:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - F:\Windows\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - F:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - F:\Windows\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - F:\Windows\System32\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - F:\Windows\System32\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - F:\Windows\System32\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (livessp) - F:\Windows\System32\livessp.dll (Microsoft Corp.)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - F:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/05/26 16:17:27 | 002,877,440 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\jscript9.dll
[2013/05/26 16:17:27 | 002,706,432 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\mshtml.tlb
[2013/05/26 16:17:27 | 000,745,472 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\MsSpellCheckingFacility.exe
[2013/05/26 16:17:27 | 000,690,688 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\jscript.dll
[2013/05/26 16:17:27 | 000,523,264 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\vbscript.dll
[2013/05/26 16:17:27 | 000,493,056 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\msfeeds.dll
[2013/05/26 16:17:27 | 000,391,168 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\ieui.dll
[2013/05/26 16:17:27 | 000,185,344 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\elshyph.dll
[2013/05/26 16:17:27 | 000,163,840 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\msrating.dll
[2013/05/26 16:17:27 | 000,158,720 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\msls31.dll
[2013/05/26 16:17:27 | 000,150,528 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\iexpress.exe
[2013/05/26 16:17:27 | 000,138,752 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\wextract.exe
[2013/05/26 16:17:27 | 000,137,216 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\ieUnatt.exe
[2013/05/26 16:17:27 | 000,117,248 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\iepeers.dll
[2013/05/26 16:17:27 | 000,110,592 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\IEAdvpack.dll
[2013/05/26 16:17:27 | 000,109,056 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\iesysprep.dll
[2013/05/26 16:17:27 | 000,082,432 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\inseng.dll
[2013/05/26 16:17:27 | 000,073,728 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\SetIEInstalledDate.exe
[2013/05/26 16:17:27 | 000,071,680 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\RegisterIEPKEYs.exe
[2013/05/26 16:17:27 | 000,057,344 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\pngfilt.dll
[2013/05/26 16:17:27 | 000,048,640 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\mshtmler.dll
[2013/05/26 16:17:27 | 000,041,984 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\msfeedsbs.dll
[2013/05/26 16:17:27 | 000,039,424 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\jsproxy.dll
[2013/05/26 16:17:27 | 000,038,400 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\imgutil.dll
[2013/05/26 16:17:27 | 000,011,776 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\msfeedssync.exe
[2013/05/26 16:17:26 | 001,441,280 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\inetcpl.cpl
[2013/05/26 16:17:26 | 001,400,416 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\ieapfltr.dat
[2013/05/26 16:17:26 | 000,719,360 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\mshtmlmedia.dll
[2013/05/26 16:17:26 | 000,629,248 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\ieapfltr.dll
[2013/05/26 16:17:26 | 000,361,984 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\html.iec
[2013/05/26 16:17:26 | 000,357,888 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\dxtmsft.dll
[2013/05/26 16:17:26 | 000,242,200 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\iedkcs32.dll
[2013/05/26 16:17:26 | 000,232,960 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\url.dll
[2013/05/26 16:17:26 | 000,226,816 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\dxtrans.dll
[2013/05/26 16:17:26 | 000,061,440 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\iesetup.dll
[2013/05/26 16:17:26 | 000,042,496 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\ie4uinit.exe
[2013/05/26 16:17:26 | 000,033,280 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\iernonce.dll
[2013/05/26 16:17:26 | 000,023,040 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\licmgr10.dll
[2013/05/26 16:16:43 | 003,419,136 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\d2d1.dll
[2013/05/26 16:16:43 | 002,284,544 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\msmpeg2vdec.dll
[2013/05/26 16:16:43 | 001,988,096 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\d3d10warp.dll
[2013/05/26 16:16:43 | 001,504,768 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\d3d11.dll
[2013/05/26 16:16:43 | 001,247,744 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\DWrite.dll
[2013/05/26 16:16:43 | 001,158,144 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\XpsPrint.dll
[2013/05/26 16:16:43 | 001,080,832 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\d3d10.dll
[2013/05/26 16:16:43 | 000,604,160 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\d3d10level9.dll
[2013/05/26 16:16:43 | 000,417,792 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\WMPhoto.dll
[2013/05/26 16:16:43 | 000,364,544 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\XpsGdiConverter.dll
[2013/05/26 16:16:43 | 000,249,856 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\d3d10_1core.dll
[2013/05/26 16:16:43 | 000,220,160 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\d3d10core.dll
[2013/05/26 16:16:43 | 000,207,872 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\WindowsCodecsExt.dll
[2013/05/26 16:16:43 | 000,161,792 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\d3d10_1.dll
[2013/05/26 16:16:43 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- F:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013/05/26 16:16:43 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- F:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013/05/26 16:16:43 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- F:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013/05/26 16:16:43 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- F:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013/05/26 16:16:43 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- F:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
[2013/05/26 16:16:43 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- F:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013/05/26 16:16:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- F:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
[2013/05/26 16:16:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- F:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013/05/26 16:16:43 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- F:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013/05/26 16:16:42 | 000,293,376 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\dxgi.dll
[2013/05/26 16:16:42 | 000,187,392 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\UIAnimation.dll
[2013/05/14 14:49:33 | 000,040,960 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\wwanprotdim.dll
[2013/05/14 14:49:32 | 002,347,520 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\win32k.sys
[2013/05/14 14:49:24 | 000,218,984 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\drivers\dxgmms1.sys
[2013/05/14 14:49:21 | 001,796,096 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\authui.dll
[2013/05/14 14:49:21 | 000,101,720 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\consent.exe
[2013/04/30 15:58:21 | 000,000,000 | ---D | C] -- F:\Users\Public\Documents\CrashDump
[2012/01/10 15:14:34 | 000,004,096 | ---- | C] ( ) -- F:\Windows\System32\IGFXDEVLib.dll
[1 F:\Windows\*.tmp files -> F:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/05/29 10:35:24 | 000,067,584 | --S- | M] () -- F:\Windows\bootstat.dat
[2013/05/29 10:35:13 | 000,000,004 | ---- | M] () -- F:\Users\Medion\AppData\Roaming\skype.ini
[2013/05/29 10:34:57 | 000,009,888 | -H-- | M] () -- F:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/05/29 10:34:57 | 000,009,888 | -H-- | M] () -- F:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/05/29 10:31:47 | 000,654,400 | ---- | M] () -- F:\Windows\System32\perfh007.dat
[2013/05/29 10:31:47 | 000,616,242 | ---- | M] () -- F:\Windows\System32\perfh009.dat
[2013/05/29 10:31:47 | 000,130,240 | ---- | M] () -- F:\Windows\System32\perfc007.dat
[2013/05/29 10:31:47 | 000,106,622 | ---- | M] () -- F:\Windows\System32\perfc009.dat
[2013/05/29 10:27:24 | 2558,595,072 | -HS- | M] () -- F:\hiberfil.sys
[2013/05/29 09:13:33 | 000,000,884 | ---- | M] () -- F:\Windows\tasks\Adobe Flash Player Updater.job
[2013/05/29 07:12:25 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- F:\Windows\System32\FlashPlayerApp.exe
[2013/05/29 07:12:25 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- F:\Windows\System32\FlashPlayerCPLApp.cpl
[2013/05/26 16:17:27 | 002,877,440 | ---- | M] (Microsoft Corporation) -- F:\Windows\System32\jscript9.dll
[2013/05/26 16:17:27 | 002,706,432 | ---- | M] (Microsoft Corporation) -- F:\Windows\System32\mshtml.tlb
[2013/05/26 16:17:27 | 000,745,472 | ---- | M] (Microsoft Corporation) -- F:\Windows\System32\MsSpellCheckingFacility.exe
[2013/05/26 16:17:27 | 000,690,688 | ---- | M] (Microsoft Corporation) -- F:\Windows\System32\jscript.dll
[2013/05/26 16:17:27 | 000,523,264 | ---- | M] (Microsoft Corporation) -- F:\Windows\System32\vbscript.dll
[2013/05/26 16:17:27 | 000,493,056 | ---- | M] (Microsoft Corporation) -- F:\Windows\System32\msfeeds.dll
[2013/05/26 16:17:27 | 000,391,168 | ---- | M] (Microsoft Corporation) -- F:\Windows\System32\ieui.dll
[2013/05/26 16:17:27 | 000,185,344 | ---- | M] (Microsoft Corporation) -- F:\Windows\System32\elshyph.dll
[2013/05/26 16:17:27 | 000,163,840 | ---- | M] (Microsoft Corporation) -- F:\Windows\System32\msrating.dll
[2013/05/26 16:17:27 | 000,158,720 | ---- | M] (Microsoft Corporation) -- F:\Windows\System32\msls31.dll
[2013/05/26 16:17:27 | 000,150,528 | ---- | M] (Microsoft Corporation) -- F:\Windows\System32\iexpress.exe
[2013/05/26 16:17:27 | 000,138,752 | ---- | M] (Microsoft Corporation) -- F:\Windows\System32\wextract.exe
[2013/05/26 16:17:27 | 000,137,216 | ---- | M] (Microsoft Corporation) -- F:\Windows\System32\ieUnatt.exe
[2013/05/26 16:17:27 | 000,117,248 | ---- | M] (Microsoft Corporation) -- F:\Windows\System32\iepeers.dll
[2013/05/26 16:17:27 | 000,110,592 | ---- | M] (Microsoft Corporation) -- F:\Windows\System32\IEAdvpack.dll
[2013/05/26 16:17:27 | 000,109,056 | ---- | M] (Microsoft Corporation) -- F:\Windows\System32\iesysprep.dll
[2013/05/26 16:17:27 | 000,082,432 | ---- | M] (Microsoft Corporation) -- F:\Windows\System32\inseng.dll
[2013/05/26 16:17:27 | 000,073,728 | ---- | M] (Microsoft Corporation) -- F:\Windows\System32\SetIEInstalledDate.exe
[2013/05/26 16:17:27 | 000,071,680 | ---- | M] (Microsoft Corporation) -- F:\Windows\System32\RegisterIEPKEYs.exe
[2013/05/26 16:17:27 | 000,057,344 | ---- | M] (Microsoft Corporation) -- F:\Windows\System32\pngfilt.dll
[2013/05/26 16:17:27 | 000,048,640 | ---- | M] (Microsoft Corporation) -- F:\Windows\System32\mshtmler.dll
[2013/05/26 16:17:27 | 000,041,984 | ---- | M] (Microsoft Corporation) -- F:\Windows\System32\msfeedsbs.dll
[2013/05/26 16:17:27 | 000,039,424 | ---- | M] (Microsoft Corporation) -- F:\Windows\System32\jsproxy.dll
[2013/05/26 16:17:27 | 000,038,400 | ---- | M] (Microsoft Corporation) -- F:\Windows\System32\imgutil.dll
[2013/05/26 16:17:27 | 000,011,776 | ---- | M] (Microsoft Corporation) -- F:\Windows\System32\msfeedssync.exe
[2013/05/26 16:17:26 | 001,441,280 | ---- | M] (Microsoft Corporation) -- F:\Windows\System32\inetcpl.cpl
[2013/05/26 16:17:26 | 001,400,416 | ---- | M] (Microsoft Corporation) -- F:\Windows\System32\ieapfltr.dat
[2013/05/26 16:17:26 | 000,719,360 | ---- | M] (Microsoft Corporation) -- F:\Windows\System32\mshtmlmedia.dll
[2013/05/26 16:17:26 | 000,629,248 | ---- | M] (Microsoft Corporation) -- F:\Windows\System32\ieapfltr.dll
[2013/05/26 16:17:26 | 000,361,984 | ---- | M] (Microsoft Corporation) -- F:\Windows\System32\html.iec
[2013/05/26 16:17:26 | 000,357,888 | ---- | M] (Microsoft Corporation) -- F:\Windows\System32\dxtmsft.dll
[2013/05/26 16:17:26 | 000,242,200 | ---- | M] (Microsoft Corporation) -- F:\Windows\System32\iedkcs32.dll
[2013/05/26 16:17:26 | 000,232,960 | ---- | M] (Microsoft Corporation) -- F:\Windows\System32\url.dll
[2013/05/26 16:17:26 | 000,226,816 | ---- | M] (Microsoft Corporation) -- F:\Windows\System32\dxtrans.dll
[2013/05/26 16:17:26 | 000,061,440 | ---- | M] (Microsoft Corporation) -- F:\Windows\System32\iesetup.dll
[2013/05/26 16:17:26 | 000,042,496 | ---- | M] (Microsoft Corporation) -- F:\Windows\System32\ie4uinit.exe
[2013/05/26 16:17:26 | 000,033,280 | ---- | M] (Microsoft Corporation) -- F:\Windows\System32\iernonce.dll
[2013/05/26 16:17:26 | 000,025,185 | ---- | M] () -- F:\Windows\System32\ieuinit.inf
[2013/05/26 16:17:26 | 000,023,040 | ---- | M] (Microsoft Corporation) -- F:\Windows\System32\licmgr10.dll
[2013/05/26 16:16:43 | 003,419,136 | ---- | M] (Microsoft Corporation) -- F:\Windows\System32\d2d1.dll
[2013/05/26 16:16:43 | 002,284,544 | ---- | M] (Microsoft Corporation) -- F:\Windows\System32\msmpeg2vdec.dll
[2013/05/26 16:16:43 | 001,988,096 | ---- | M] (Microsoft Corporation) -- F:\Windows\System32\d3d10warp.dll
[2013/05/26 16:16:43 | 001,504,768 | ---- | M] (Microsoft Corporation) -- F:\Windows\System32\d3d11.dll
[2013/05/26 16:16:43 | 001,247,744 | ---- | M] (Microsoft Corporation) -- F:\Windows\System32\DWrite.dll
[2013/05/26 16:16:43 | 001,158,144 | ---- | M] (Microsoft Corporation) -- F:\Windows\System32\XpsPrint.dll
[2013/05/26 16:16:43 | 001,080,832 | ---- | M] (Microsoft Corporation) -- F:\Windows\System32\d3d10.dll
[2013/05/26 16:16:43 | 000,604,160 | ---- | M] (Microsoft Corporation) -- F:\Windows\System32\d3d10level9.dll
[2013/05/26 16:16:43 | 000,417,792 | ---- | M] (Microsoft Corporation) -- F:\Windows\System32\WMPhoto.dll
[2013/05/26 16:16:43 | 000,364,544 | ---- | M] (Microsoft Corporation) -- F:\Windows\System32\XpsGdiConverter.dll
[2013/05/26 16:16:43 | 000,293,376 | ---- | M] (Microsoft Corporation) -- F:\Windows\System32\dxgi.dll
[2013/05/26 16:16:43 | 000,249,856 | ---- | M] (Microsoft Corporation) -- F:\Windows\System32\d3d10_1core.dll
[2013/05/26 16:16:43 | 000,220,160 | ---- | M] (Microsoft Corporation) -- F:\Windows\System32\d3d10core.dll
[2013/05/26 16:16:43 | 000,207,872 | ---- | M] (Microsoft Corporation) -- F:\Windows\System32\WindowsCodecsExt.dll
[2013/05/26 16:16:43 | 000,161,792 | ---- | M] (Microsoft Corporation) -- F:\Windows\System32\d3d10_1.dll
[2013/05/26 16:16:43 | 000,010,752 | -H-- | M] (Microsoft Corporation) -- F:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013/05/26 16:16:43 | 000,009,728 | -H-- | M] (Microsoft Corporation) -- F:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013/05/26 16:16:43 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- F:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013/05/26 16:16:43 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- F:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013/05/26 16:16:43 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- F:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
[2013/05/26 16:16:43 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- F:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013/05/26 16:16:43 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- F:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
[2013/05/26 16:16:43 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- F:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013/05/26 16:16:43 | 000,002,560 | -H-- | M] (Microsoft Corporation) -- F:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013/05/26 16:16:42 | 000,187,392 | ---- | M] (Microsoft Corporation) -- F:\Windows\System32\UIAnimation.dll
[2013/05/26 16:04:05 | 000,430,872 | ---- | M] () -- F:\Windows\System32\FNTCACHE.DAT
[2013/05/01 20:06:08 | 000,238,872 | ---- | M] (Microsoft Corporation) -- F:\Windows\System32\MpSigStub.exe
[2013/04/30 15:20:27 | 000,001,111 | ---- | M] () -- F:\Users\Medion\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook starten.lnk
[1 F:\Windows\*.tmp files -> F:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/05/26 16:17:26 | 000,025,185 | ---- | C] () -- F:\Windows\System32\ieuinit.inf
[2013/05/26 15:51:27 | 000,000,004 | ---- | C] () -- F:\Users\Medion\AppData\Roaming\skype.ini
[2013/02/16 17:19:48 | 000,110,592 | ---- | C] () -- F:\Windows\System32\FsUsbExDevice.Dll
[2013/02/16 17:19:48 | 000,037,344 | ---- | C] () -- F:\Windows\System32\FsUsbExDisk.Sys
[2012/12/18 05:06:10 | 000,030,568 | ---- | C] () -- F:\Windows\MusiccityDownload.exe
[2012/12/18 05:06:06 | 000,974,848 | ---- | C] () -- F:\Windows\System32\cis-2.4.dll
[2012/12/18 05:06:06 | 000,081,920 | ---- | C] () -- F:\Windows\System32\issacapi_bs-2.3.dll
[2012/12/18 05:06:06 | 000,065,536 | ---- | C] () -- F:\Windows\System32\issacapi_pe-2.3.dll
[2012/12/18 05:06:06 | 000,057,344 | ---- | C] () -- F:\Windows\System32\issacapi_se-2.3.dll
[2012/09/06 15:34:35 | 000,000,400 | ---- | C] () -- F:\Windows\ODBC.INI
[2012/08/05 13:36:38 | 000,000,530 | ---- | C] () -- F:\Windows\eReg.dat
[2012/01/12 13:52:10 | 000,058,880 | ---- | C] () -- F:\Users\Medion\AppData\Roaming\skype.dat
[2012/01/10 15:29:54 | 013,904,384 | ---- | C] () -- F:\Windows\System32\ig4icd32.dll
[2011/11/12 15:57:25 | 000,252,928 | ---- | C] () -- F:\Windows\System32\DShowRdpFilter.dll
[2011/08/31 14:46:18 | 000,128,204 | ---- | C] () -- F:\Windows\System32\igcompkrng575.bin
[2011/08/31 14:46:12 | 000,105,608 | ---- | C] () -- F:\Windows\System32\igfcg575m.bin
[2011/08/31 14:46:10 | 000,867,020 | ---- | C] () -- F:\Windows\System32\igkrng575.bin
[2011/08/31 14:13:52 | 000,094,208 | ---- | C] () -- F:\Windows\System32\IccLibDll.dll
[2010/08/13 18:50:46 | 000,127,184 | ---- | C] () -- F:\Windows\Unwise.exe
[2010/08/13 18:50:45 | 000,149,504 | ---- | C] () -- F:\Windows\unwise32_setup.exe
[2010/08/09 09:26:45 | 000,451,072 | ---- | C] () -- F:\Windows\System32\ISSRemoveSP.exe
[2010/08/09 08:23:48 | 000,072,017 | ---- | C] () -- F:\Windows\System32\Uninstall ALDI SÜD Mah Jong.exe
[2010/08/09 00:37:38 | 000,000,151 | ---- | C] () -- F:\Windows\System32\GfxUI.exe.config
[2010/07/27 02:56:50 | 000,408,168 | ---- | C] () -- F:\Windows\System32\easyUpdatusAPIU.dll
[2010/07/27 02:56:50 | 000,352,325 | ---- | C] () -- F:\Windows\System32\nvcoproc.bin
[2010/05/12 09:13:56 | 000,654,400 | ---- | C] () -- F:\Windows\System32\perfh007.dat
[2010/05/12 09:13:56 | 000,295,922 | ---- | C] () -- F:\Windows\System32\perfi007.dat
[2010/05/12 09:13:56 | 000,130,240 | ---- | C] () -- F:\Windows\System32\perfc007.dat
[2010/05/12 09:13:56 | 000,038,104 | ---- | C] () -- F:\Windows\System32\perfd007.dat
[2009/10/06 03:16:02 | 000,819,200 | ---- | C] () -- F:\Windows\System32\xvidcore.dll
[2009/07/14 00:57:37 | 000,067,584 | --S- | C] () -- F:\Windows\bootstat.dat
[2009/07/14 00:33:53 | 000,430,872 | ---- | C] () -- F:\Windows\System32\FNTCACHE.DAT
[2009/07/13 22:05:48 | 000,616,242 | ---- | C] () -- F:\Windows\System32\perfh009.dat
[2009/07/13 22:05:48 | 000,291,294 | ---- | C] () -- F:\Windows\System32\perfi009.dat
[2009/07/13 22:05:48 | 000,106,622 | ---- | C] () -- F:\Windows\System32\perfc009.dat
[2009/07/13 22:05:48 | 000,031,548 | ---- | C] () -- F:\Windows\System32\perfd009.dat
[2009/07/13 22:05:05 | 000,000,741 | ---- | C] () -- F:\Windows\System32\NOISE.DAT
[2009/07/13 22:04:11 | 000,215,943 | ---- | C] () -- F:\Windows\System32\dssec.dat
[2009/07/13 19:55:01 | 000,043,131 | ---- | C] () -- F:\Windows\mib.bin
[2009/07/13 19:51:43 | 000,073,728 | ---- | C] () -- F:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- F:\Windows\System32\BWContextHandler.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- F:\Windows\System32\mlang.dat
[2003/02/20 11:53:42 | 000,005,702 | ---- | C] () -- F:\Windows\System32\OUTLPERF.INI
 
========== LOP Check ==========
 
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- F:\ProgramData\Application Data
[2012/01/10 06:31:35 | 000,000,000 | -H-D | M] -- F:\ProgramData\CanonBJ
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- F:\ProgramData\Desktop
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- F:\ProgramData\Documents
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- F:\ProgramData\Favorites
[2013/04/15 17:11:25 | 000,000,000 | ---D | M] -- F:\ProgramData\IBUpdaterService
[2011/11/09 13:20:21 | 000,000,000 | ---D | M] -- F:\ProgramData\ICQ
[2011/12/03 14:18:07 | 000,000,000 | ---D | M] -- F:\ProgramData\Nokia
[2011/12/03 14:16:45 | 000,000,000 | ---D | M] -- F:\ProgramData\NokiaInstallerCache
[2011/12/03 14:18:54 | 000,000,000 | ---D | M] -- F:\ProgramData\PC Suite
[2012/04/01 16:17:55 | 000,000,000 | ---D | M] -- F:\ProgramData\PopCap Games
[2012/04/01 16:10:06 | 000,000,000 | ---D | M] -- F:\ProgramData\PopCapY
[2013/04/21 15:42:08 | 000,000,000 | ---D | M] -- F:\ProgramData\Samsung
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- F:\ProgramData\Start Menu
[2010/08/14 14:03:19 | 000,000,000 | ---D | M] -- F:\ProgramData\Temp
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- F:\ProgramData\Templates
[2010/08/13 18:51:56 | 000,000,000 | ---D | M] -- F:\ProgramData\X10 Settings
[2013/03/31 12:54:04 | 000,032,640 | ---- | M] () -- F:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
< End of report >

Alt 29.05.2013, 16:06   #8
markusg
/// Malware-holic
 
GVU Trojaner, Windows7 - Standard

GVU Trojaner, Windows7


Hi,
auf deinem zweiten pc gehe auf start, programme zubehör editor, kopiere dort
rein:
Code:
ATTFilter
:OTL
O20 - HKU\Medion_ON_F Winlogon: Shell - (C:\Users\Medion\AppData\Roaming\skype.dat) - F:\Users\Medion\AppData\Roaming\skype.dat ()
[2013/05/29 10:35:13 | 000,000,004 | ---- | M] () -- F:\Users\Medion\AppData\Roaming\skype.ini
:Files
:Commands
[EMPTYFLASH] 
[emptytemp]


dieses speicherst du auf nem usb stick als fix.txt
nutze nun wieder OTLPENet.exe (starte also von der erstellten cd) und hake alles an, wie es bereits im post zu OTLPENet.exe beschrieben ist.
• Klicke nun bitte auf den Fix Button.
es sollte nun eine meldung ähnlich dieser: "load fix from file" erscheinen, lade also die fix.txt von deinem stick.
wenn dies nicht funktioniert, bitte den fix manuell eintragen.
dann klicke erneut den fix buton. pc startet evtl. neu. wenn ja, nimm die cd aus dem laufwerk, windows sollte nun normal starten und die otl.txt öffnen,
log posten bitte.


falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden

Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang
in den Thread posten!



Drücke bitte die + E Taste.
  • Öffne dein Systemlaufwerk ( meistens C: )
  • Suche nun
    folgenden Ordner: _OTL und öffne diesen.
  • Mache einen Rechtsklick auf den Ordner Movedfiles --> Senden an --> Zip-Komprimierter Ordner

  • Dies wird eine Movedfiles.zip Datei in _OTL erstellen
  • Lade diese bitte in unseren Uploadchannel
    hoch. ( Durchsuchen --> C:\_OTL\Movedfiles.zip )
Teile mir mit ob der Upload problemlos geklappt hat. Danke im voraus
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 29.05.2013, 17:59   #9
Hulkster
 
GVU Trojaner, Windows7 - Standard

GVU Trojaner, Windows7


Hallo nochmal,

ja der Upload hat problemlos funktioniert.

Jedoch beim Eintragen/Übernehmen des Fixes kam wohl der geschädigte PC nicht klar und hat mir mehrfach den USB-Stick nicht erkannt und angezeigt, bis ich dann die Schnauze ( ) voll hatte und es mit der Hand eingegeben (und somit auch den Laufwerkbuchstabe F in E umgewandelt) habe. So habe ich dann auch mal die US-Tastatur etwas näher kennenlernen dürfen.

Jedoch hats am Ende denke ich erfolgreich geklappt und der PC fährt nach der Umstellung im BIOS auf den vorherigen Modus normal hoch. Nun kann eine Sicherung der wichtigsten Daten gemacht werden und vermutlich sollte der PC neu aufgesetzt werden?!

Sehe ich das nun so richtig oder habe ich noch etwas übersehen/vergessen? Achja, selbstverständlich ein großes LOB und DANK an das komplette Board und heute an markusg

Alt 29.05.2013, 18:53   #10
markusg
/// Malware-holic
 
GVU Trojaner, Windows7 - Standard

GVU Trojaner, Windows7


Hi,
ob du neu aufsetzen willst liegt natürlich in deiner Hand wir können den PC weiter prüfen oder neu aufsetzen, wie du willst
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Antwort

Themen zu GVU Trojaner, Windows7
0x0000007b, 0xc0000034, abgesicherten, automatisch, beseitigen, beseitigung, betriebssystem, bildschirm, bluescreen, booten, bruder, direkt, forum, hallo zusammen, information, laptop, modus, neu, startbildschirm, starten, startet, stop: 0x0000007b (0xf78da528, trojaner, weiße, windows, windows 7, windows xp


« Problem mit dem PC Start und SoftwareUpdater.ui.exe | Backdoor.Generic12.CDKZ nach Einschalten einer PPPoE Pass Through-Verbindung im öffentlichen Benutzer-Ordner (Win7/64bit) entdeckt »


Ähnliche Themen: GVU Trojaner, Windows7


  1. Windows7 - Trojaner(?) blockiert Virenscanner etc
    Log-Analyse und Auswertung - 13.06.2014 (13)
  2. Interpol-BKA Trojaner / Windows7 Ultimate
    Plagegeister aller Art und deren Bekämpfung - 14.03.2014 (12)
  3. GVU Trojaner Windows7
    Log-Analyse und Auswertung - 12.02.2014 (17)
  4. GVU Trojaner - Windows7
    Log-Analyse und Auswertung - 21.01.2014 (9)
  5. Windows7: Vermutung auf Trojaner
    Plagegeister aller Art und deren Bekämpfung - 24.12.2013 (9)
  6. Windows7, Trojaner
    Log-Analyse und Auswertung - 14.12.2013 (9)
  7. Windows7, Interpol Trojaner
    Plagegeister aller Art und deren Bekämpfung - 22.10.2013 (30)
  8. ihavenet trojaner WINDOWS7
    Log-Analyse und Auswertung - 29.08.2013 (9)
  9. GVU Trojaner Windows7
    Log-Analyse und Auswertung - 06.08.2013 (4)
  10. GVU-Trojaner Windows7
    Plagegeister aller Art und deren Bekämpfung - 25.07.2013 (25)
  11. GVU Trojaner auf Windows7 64bit
    Log-Analyse und Auswertung - 17.06.2013 (48)
  12. Gvu Trojaner windows7
    Plagegeister aller Art und deren Bekämpfung - 19.05.2013 (2)
  13. BKA-Trojaner auf Windows7 Starter
    Plagegeister aller Art und deren Bekämpfung - 16.04.2013 (4)
  14. GVU Trojaner Windows7 32bit
    Log-Analyse und Auswertung - 14.08.2012 (11)
  15. Windows7 Verschlüsselungs Trojaner
    Plagegeister aller Art und deren Bekämpfung - 13.07.2012 (1)
  16. Probleme mit Internetverbindung - Windows7, Trojaner o.ä.?
    Log-Analyse und Auswertung - 15.01.2010 (5)
  17. Windows7 Virus/Trojaner? Freeze?
    Alles rund um Windows - 17.12.2009 (1)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema GVU Trojaner, Windows7 - Hallo zusammen! Mein Bruder brachte mir gestern seinen Laptop mit dem Betriebssystem Windows 7 und dem GVU-Trojaner damit ich ihn beseitige, da ich den Bundespolizei-Trojaner bei mir selbst mit Hilfe - GVU Trojaner, Windows7...
Archiv
Du betrachtest: GVU Trojaner, Windows7 auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131