Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: GVU Trojaner Win XP

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 08.10.2013, 00:03   #1
puablo1
 
GVU Trojaner Win XP - Standard

GVU Trojaner Win XP



Hallo,
habe die OTL.txt und die Extras.txt fertig.
Wie poste ich diese?
Danke

Alt 08.10.2013, 00:47   #2
Arrows73
 
GVU Trojaner Win XP - Standard

GVU Trojaner Win XP



Einfach in reinkopieren (also dazwischen rein). Eventuell Benutzername etc. per CTRL+F vorher entfernen, falls du das willst.
__________________


Alt 09.10.2013, 10:57   #3
puablo1
 
GVU Trojaner Win XP - Standard

GVU Trojaner Win XP



Hallo,
hier die Auswertung OTL.txtOTL Logfile:
Code:
ATTFilter
OTL logfile created on: 10/8/2013 2:11:59 AM - Run 
OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 90.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 232.88 Gb Total Space | 210.93 Gb Free Space | 90.57% Space Free | Partition Type: NTFS
Drive E: | 3.80 Gb Total Space | 3.80 Gb Free Space | 100.00% Space Free | Partition Type: FAT32
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Win32 Services (SafeList) ==========
 
SRV - (HidServ) --  File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirWebService) -- C:\Programme\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (Sony PC Companion) -- C:\Programme\Sony\Sony PC Companion\PCCService.exe (Avanquest Software)
SRV - (TGCM_ImportWiFiSvc) -- C:\Programme\o2\Mobile Connection Manager\ImpWiFiSvc.exe (Telefónica I+D)
SRV - (NMSAccess) -- C:\Programme\CDBurnerXP\NMSAccessU.exe ()
SRV - (YahooAUService) -- C:\Programme\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
SRV - (WisLMSvc) -- C:\Programme\Launch Manager\WisLMSvc.exe (Wistron Corp.)
SRV - (ProtexisLicensing) -- C:\WINDOWS\system32\PSIService.exe ()
 
 
========== Driver Services (SafeList) ==========
 
DRV - (WDICA) --  File not found
DRV - (PDRFRAME) --  File not found
DRV - (PDRELI) --  File not found
DRV - (PDFRAME) --  File not found
DRV - (PDCOMP) --  File not found
DRV - (PCIDump) --  File not found
DRV - (lbrtfdc) --  File not found
DRV - (i2omgmt) --  File not found
DRV - (Changer) --  File not found
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV - (avkmgr) -- C:\WINDOWS\system32\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (ggsemc) -- C:\WINDOWS\system32\drivers\ggsemc.sys (Sony Ericsson Mobile Communications)
DRV - (ggflt) -- C:\WINDOWS\system32\drivers\ggflt.sys (Sony Ericsson Mobile Communications)
DRV - (dg_ssudbus) SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.) -- C:\WINDOWS\system32\drivers\ssudbus.sys (DEVGURU Co., LTD.(???? | ????? ???? ?????.))
DRV - (tidnet) -- C:\WINDOWS\system32\drivers\tidnet.sys (Telefónica I+D)
DRV - (huawei_enumerator) -- C:\WINDOWS\system32\drivers\ew_jubusenum.sys (Huawei Technologies Co., Ltd.)
DRV - (hwdatacard) -- C:\WINDOWS\system32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (ew_hwusbdev) -- C:\WINDOWS\system32\drivers\ew_hwusbdev.sys (Huawei Technologies Co., Ltd.)
DRV - (ewusbnet) -- C:\WINDOWS\system32\drivers\ewusbnet.sys (Huawei Technologies Co., Ltd.)
DRV - (s1039mdm) -- C:\WINDOWS\system32\drivers\s1039mdm.sys (MCCI Corporation)
DRV - (s1039unic) Sony Ericsson Device 1039 USB Ethernet Emulation (WDM) -- C:\WINDOWS\system32\drivers\s1039unic.sys (MCCI Corporation)
DRV - (s1039mgmt) Sony Ericsson Device 1039 USB WMC Device Management Drivers (WDM) -- C:\WINDOWS\system32\drivers\s1039mgmt.sys (MCCI Corporation)
DRV - (s1039obex) -- C:\WINDOWS\system32\drivers\s1039obex.sys (MCCI Corporation)
DRV - (s1039bus) Sony Ericsson Device 1039 driver (WDM) -- C:\WINDOWS\system32\drivers\s1039bus.sys (MCCI Corporation)
DRV - (s1039nd5) Sony Ericsson Device 1039 USB Ethernet Emulation (NDIS) -- C:\WINDOWS\system32\drivers\s1039nd5.sys (MCCI Corporation)
DRV - (s1039mdfl) -- C:\WINDOWS\system32\drivers\s1039mdfl.sys (MCCI Corporation)
DRV - (StarOpen) -- C:\WINDOWS\System32\drivers\StarOpen.sys ()
DRV - (RT80x86) -- C:\WINDOWS\system32\drivers\rt2860.sys (Ralink Technology, Corp.)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (Si3531) -- C:\WINDOWS\system32\drivers\Si3531.sys (Silicon Image, Inc)
DRV - (RTLE8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation                           )
DRV - (SiFilter) -- C:\WINDOWS\system32\drivers\SiWinAcc.sys (Silicon Image, Inc.)
DRV - (SiRemFil) -- C:\WINDOWS\system32\drivers\SiRemFil.sys (Silicon Image, Inc.)
DRV - (Hotkey) -- C:\WINDOWS\System32\drivers\HOTKEY.sys ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = Search Free: Avira Search Free powered by Ask.com
IE - HKU\.DEFAULT\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Programme\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
IE - HKU\Antje_und_Dirk_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = Suche
IE - HKU\Antje_und_Dirk_ON_C\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Programme\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
IE - HKU\Antje_und_Dirk_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\systemprofile_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = Search Free: Avira Search Free powered by Ask.com
IE - HKU\systemprofile_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@playstation.com/PsndlCheck,version=1.00: C:\Programme\Sony\PLAYSTATION Network Downloader\nppsndl.dll (Sony Computer Entertainment Inc.)
FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: C:\Programme\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
 
 
O1 HOSTS File: ([2008/04/14 08:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.)
O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (no name) - !{D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [ApnUpdater] C:\Programme\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Corel File Shell Monitor] C:\Programme\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe ()
O4 - HKLM..\Run: [Corel Photo Downloader]  File not found
O4 - HKLM..\Run: [CtrlVol]  File not found
O4 - HKLM..\Run: [HotkeyApp] C:\Programme\Launch Manager\HotkeyApp.exe (Wistron)
O4 - HKLM..\Run: [LaunchAp] C:\Programme\Launch Manager\LaunchAp.exe ()
O4 - HKLM..\Run: [LMgrOSD] C:\Programme\Launch Manager\OSD.exe (Wistron Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPStart] C:\Programme\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [Wbutton] C:\Programme\Launch Manager\Wbutton.exe (Wistron)
O4 - HKU\Antje_und_Dirk_ON_C..\Run: [Cyboalq]  File not found
O4 - HKU\Antje_und_Dirk_ON_C..\Run: [qcgce2mrvjq91kk1e7pnbb19m52fx] C:\Dokumente und Einstellungen\Antje und Dirk\Lokale Einstellungen\Temp\pretctpcuegwpomqmlg.bfg (ValveCorporation)
O4 - HKU\Antje_und_Dirk_ON_C..\Run: [Sony PC Companion] C:\Programme\Sony\Sony PC Companion\PCCompanion.exe (Sony)
O4 - HKU\Antje_und_Dirk_ON_C..\Run: [Vozew]  File not found
O4 - Startup: C:\Dokumente und Einstellungen\Antje und Dirk\Startmenü\Programme\Autostart\OpenOffice.org 3.3.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Administrator.HAUSCH-E2D58BC7_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Antje_und_Dirk_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\systemprofile_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000034 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: 
O24 - Desktop BackupWallPaper: 
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Programme\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/03/12 07:11:01 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{25ff8443-3f58-11e1-90be-000ae4cdfc77}\Shell - "" = AutoRun
O33 - MountPoints2\{25ff8443-3f58-11e1-90be-000ae4cdfc77}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{25ff8443-3f58-11e1-90be-000ae4cdfc77}\Shell\AutoRun\command - "" = F:\Startme.exe
O33 - MountPoints2\{cbc9dcb0-76d2-11e2-916f-000ae4cdfc77}\Shell - "" = AutoRun
O33 - MountPoints2\{cbc9dcb0-76d2-11e2-916f-000ae4cdfc77}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{cbc9dcb0-76d2-11e2-916f-000ae4cdfc77}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{cbc9dcb2-76d2-11e2-916f-000ae4cdfc77}\Shell - "" = AutoRun
O33 - MountPoints2\{cbc9dcb2-76d2-11e2-916f-000ae4cdfc77}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{cbc9dcb2-76d2-11e2-916f-000ae4cdfc77}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{e934b470-aef9-11e0-903c-000ae4cdfc77}\Shell - "" = AutoRun
O33 - MountPoints2\{e934b470-aef9-11e0-903c-000ae4cdfc77}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{e934b470-aef9-11e0-903c-000ae4cdfc77}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{e934b474-aef9-11e0-903c-000ae4cdfc77}\Shell - "" = AutoRun
O33 - MountPoints2\{e934b474-aef9-11e0-903c-000ae4cdfc77}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{e934b474-aef9-11e0-903c-000ae4cdfc77}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/10/07 00:05:27 | 000,000,000 | --SD | C] -- C:\Dokumente und Einstellungen\Administrator.HAUSCH-E2D58BC7\Anwendungsdaten\Microsoft
[2013/10/07 00:05:27 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Administrator.HAUSCH-E2D58BC7\SendTo
[2013/10/07 00:05:27 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Administrator.HAUSCH-E2D58BC7\Anwendungsdaten
[2013/10/07 00:05:27 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Administrator.HAUSCH-E2D58BC7\Startmenü\Programme\Zubehör
[2013/10/07 00:05:27 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Administrator.HAUSCH-E2D58BC7\Startmenü
[2013/10/07 00:05:27 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Administrator.HAUSCH-E2D58BC7\Startmenü\Programme\Autostart
[2013/10/07 00:05:27 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\Administrator.HAUSCH-E2D58BC7\Cookies
[2013/10/07 00:05:27 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Administrator.HAUSCH-E2D58BC7\Vorlagen
[2013/10/07 00:05:27 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Administrator.HAUSCH-E2D58BC7\Recent
[2013/10/07 00:05:27 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Administrator.HAUSCH-E2D58BC7\Netzwerkumgebung
[2013/10/07 00:05:27 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Administrator.HAUSCH-E2D58BC7\Lokale Einstellungen
[2013/10/07 00:05:27 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Administrator.HAUSCH-E2D58BC7\Druckumgebung
[2013/10/07 00:05:27 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator.HAUSCH-E2D58BC7\Lokale Einstellungen\Anwendungsdaten\Microsoft
[2013/10/07 00:05:27 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator.HAUSCH-E2D58BC7\Favoriten
[2013/10/07 00:05:27 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator.HAUSCH-E2D58BC7\Desktop
[2013/10/07 00:05:27 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator.HAUSCH-E2D58BC7\Lokale Einstellungen\Anwendungsdaten\AskToolbar
[2013/09/29 09:33:04 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Barbie(R)
[2013/09/29 09:32:57 | 000,000,000 | ---D | C] -- C:\Programme\Mattel Media
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/10/07 00:09:59 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/10/07 00:07:47 | 000,013,692 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/10/07 00:07:10 | 000,000,388 | ---- | M] () -- C:\WINDOWS\tasks\Final Media Player Update Checker.job
[2013/10/07 00:07:03 | 000,001,102 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/10/04 07:25:02 | 000,000,228 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2013/10/04 07:23:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/10/04 07:21:29 | 000,163,061 | ---- | M] () -- C:\Dokumente und Einstellungen\Antje und Dirk\Anwendungsdaten\2433f433
[2013/10/04 07:21:29 | 000,163,034 | ---- | M] () -- C:\Dokumente und Einstellungen\Antje und Dirk\Lokale Einstellungen\Anwendungsdaten\2433f433
[2013/10/04 07:21:29 | 000,163,026 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\2433f433
[2013/09/30 15:11:00 | 000,001,106 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/09/29 09:33:04 | 000,001,230 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Barbie® als Dornröschen.lnk
[2013/09/29 09:33:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Barbie(R)
[2013/09/27 16:30:37 | 000,024,064 | ---- | M] () -- C:\Dokumente und Einstellungen\Antje und Dirk\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/09/27 16:27:09 | 000,055,141 | ---- | M] () -- C:\WINDOWS\System32\QuickTime.qtp
[2013/09/19 15:23:21 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013/09/19 15:23:21 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013/09/19 13:41:10 | 000,001,703 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Sony PC Companion 2.1.lnk
[2013/09/19 13:41:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Sony
[2013/09/19 11:33:52 | 060,372,206 | ---- | M] () -- C:\Dokumente und Einstellungen\Antje und Dirk\Desktop\legetrick blume.f4v
[2013/09/13 14:30:34 | 000,125,320 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/09/13 14:28:16 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/10/07 00:05:27 | 000,001,599 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator.HAUSCH-E2D58BC7\Startmenü\Programme\Remoteunterstützung.lnk
[2013/10/07 00:05:27 | 000,000,772 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator.HAUSCH-E2D58BC7\Startmenü\Programme\Windows Media Player.lnk
[2013/10/04 07:21:29 | 000,163,061 | ---- | C] () -- C:\Dokumente und Einstellungen\Antje und Dirk\Anwendungsdaten\2433f433
[2013/10/04 07:21:29 | 000,163,034 | ---- | C] () -- C:\Dokumente und Einstellungen\Antje und Dirk\Lokale Einstellungen\Anwendungsdaten\2433f433
[2013/10/04 07:21:29 | 000,163,026 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\2433f433
[2013/09/29 09:33:04 | 000,001,230 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Barbie® als Dornröschen.lnk
[2013/09/27 16:25:06 | 060,372,206 | ---- | C] () -- C:\Dokumente und Einstellungen\Antje und Dirk\Desktop\legetrick blume.f4v
[2013/03/29 08:18:20 | 000,000,019 | ---- | C] () -- C:\WINDOWS\BibiKart.ini
[2013/02/23 16:51:54 | 000,001,247 | ---- | C] () -- C:\WINDOWS\disney.ini
[2013/02/16 12:27:51 | 000,000,180 | ---- | C] () -- C:\WINDOWS\BenEnglischV.ini
[2013/02/16 12:03:30 | 000,000,211 | ---- | C] () -- C:\WINDOWS\Bibi_Tina7.ini
[2012/03/02 14:53:45 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/06/13 13:42:57 | 000,024,064 | ---- | C] () -- C:\Dokumente und Einstellungen\Antje und Dirk\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/03/12 10:12:24 | 000,000,088 | RHS- | C] () -- C:\WINDOWS\System32\B50A6ED890.sys
[2011/03/12 10:09:48 | 000,003,140 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2011/03/12 09:23:16 | 000,005,504 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2011/03/12 08:11:14 | 000,015,312 | ---- | C] () -- C:\WINDOWS\System32\RaCoInst.dat
[2011/03/12 07:55:38 | 001,399,880 | ---- | C] () -- C:\WINDOWS\System32\igklg450.dll
[2011/03/12 07:55:37 | 001,843,784 | ---- | C] () -- C:\WINDOWS\System32\igklg400.dll
[2011/03/12 07:55:37 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
[2011/03/12 07:55:37 | 000,104,636 | ---- | C] () -- C:\WINDOWS\System32\igmedcompkrn.dll
[2011/03/12 07:55:15 | 000,009,867 | ---- | C] () -- C:\WINDOWS\System32\drivers\HOTKEY.sys
[2011/03/12 07:52:30 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2011/03/12 07:13:16 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/03/12 07:08:15 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/03/12 07:04:54 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011/03/12 07:03:48 | 000,125,320 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/05/26 17:23:36 | 000,016,834 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2008/05/26 17:23:34 | 000,024,188 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2008/05/26 17:23:32 | 000,016,568 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2008/05/26 16:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 16:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2008/04/14 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008/04/14 08:00:00 | 000,542,186 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat
[2008/04/14 08:00:00 | 000,493,966 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008/04/14 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008/04/14 08:00:00 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat
[2008/04/14 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008/04/14 08:00:00 | 000,111,152 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat
[2008/04/14 08:00:00 | 000,084,422 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008/04/14 08:00:00 | 000,064,000 | ---- | C] () -- C:\Dokumente und Einstellungen\Antje und Dirk\Anwendungsdaten\skype.dat
[2008/04/14 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008/04/14 08:00:00 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat
[2008/04/14 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008/04/14 08:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/04/14 08:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008/04/14 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2007/06/05 08:20:32 | 000,177,704 | ---- | C] () -- C:\WINDOWS\System32\PSIService.exe
[2002/05/28 13:55:42 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2002/05/28 13:54:40 | 000,004,605 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
 
========== LOP Check ==========
 
[2011/03/12 09:23:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Antje und Dirk\Anwendungsdaten\Canneverbe Limited
[2013/02/10 12:59:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Antje und Dirk\Anwendungsdaten\Egodo
[2013/03/19 15:57:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Antje und Dirk\Anwendungsdaten\Enap
[2012/05/28 14:54:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Antje und Dirk\Anwendungsdaten\FinalMediaPlayer
[2013/03/11 15:14:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Antje und Dirk\Anwendungsdaten\Geap
[2011/06/09 15:49:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Antje und Dirk\Anwendungsdaten\Haufe
[2011/03/12 09:06:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Antje und Dirk\Anwendungsdaten\OpenOffice.org
[2013/03/13 14:43:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Antje und Dirk\Anwendungsdaten\Pafa
[2012/12/30 13:02:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Antje und Dirk\Anwendungsdaten\PriceGong
[2012/07/04 16:56:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Antje und Dirk\Anwendungsdaten\searchquband
[2013/06/12 15:32:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Antje und Dirk\Anwendungsdaten\Sony
[2011/07/15 11:50:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Antje und Dirk\Anwendungsdaten\Telefónica
[2013/01/16 16:58:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Antje und Dirk\Anwendungsdaten\Toamum
[2011/03/12 09:43:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Antje und Dirk\Anwendungsdaten\Windows Desktop Search
[2013/04/17 13:54:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Antje und Dirk\Anwendungsdaten\Windows Search
[2013/03/19 15:57:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Antje und Dirk\Anwendungsdaten\Wuniog
[2011/03/12 09:23:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Canneverbe Limited
[2013/02/16 12:27:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Kiddinx
[2012/03/08 13:36:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Sony
[2013/10/07 00:07:10 | 000,000,388 | ---- | M] () -- C:\WINDOWS\Tasks\Final Media Player Update Checker.job
[2013/10/04 07:25:02 | 000,000,228 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
 
========== Purity Check ==========
 
 
 
========== Files - Unicode (All) ==========
[2013/10/04 07:23:16 | 099,176,917 | ---- | M] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\???6
[2013/10/04 07:17:23 | 099,176,917 | ---- | C] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\???6
< End of report >
         
--- --- ---
Und hier Extra.txtOTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 10/8/2013 2:11:59 AM - Run 
OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 90.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 232.88 Gb Total Space | 210.93 Gb Free Space | 90.57% Space Free | Partition Type: NTFS
Drive E: | 3.80 Gb Total Space | 3.80 Gb Free Space | 100.00% Space Free | Partition Type: FAT32
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "C:\Programme\File Type Assistant\tsassist.exe" "%1" (Trusted Software ApS)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\FinalMediaPlayer\FMPCheckForUpdates.exe" = C:\Programme\FinalMediaPlayer\FMPCheckForUpdates.exe:*:Enabled:Final Media Player Update Checker -- (Bitberry Software)
"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Disabled:Windows Explorer -- (Microsoft Corporation)
"C:\Programme\Sony Ericsson\Update Engine\Sony Ericsson Update Engine.exe" = C:\Programme\Sony Ericsson\Update Engine\Sony Ericsson Update Engine.exe:*:Enabled:Update Engine -- ()
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}" = PlayStation(R)Store
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 26
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{362AB21A-E2C4-40CE-81C2-8C4D62B0635A}" = Media Go
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{54215B8A-6212-8DB8-39B4-98EE2BB98BD1}" = Media Go Video Playback Engine 1.116.105.02020
"{64E72FB1-2343-4977-B4A8-262CD53D0BD3}" = Corel Paint Shop Pro Photo X2
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38}" = Microsoft .NET Framework 2.0 Language Pack - DEU
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}" = Azurewave Wireless LAN
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.7) - Deutsch
"{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}" = PlayStation(R)Network Downloader
"{BD1587F7-B8D0-4111-8F1F-3327628AB02F}" = 3531-W-D
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0846526-66DD-4DC9-A02C-98F9A2806812}" = Launch Manager V1.4.9
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony PC Companion 2.10.174
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"09DE32C4F7BD75AFC4FD14FE55D82891A5C397E0" = Windows Driver Package - Intel net  (04/30/2007 11.1.1.11)
"6455D19F3BFC2585EA48D0648505F8DA7DAC3629" = Windows Driver Package - Intel (NETw4x32) net  (04/30/2007 11.1.1.11)
"737C4F107F61FFE46CE45CCA503223FBA5BD00FC" = Windows Driver Package - Intel net  (04/30/2007 11.1.1.11)
"A52334752DB8BF051DEADD0BADDDA32C2255FDC0" = Windows Driver Package - Intel (w29n51) net  (04/04/2007 9.0.4.36)
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Avira AntiVir Desktop" = Avira Free Antivirus
"Barbie® als Dornröschen" = Barbie® als Dornröschen
"Der Löwe ist los" = Der Löwe ist los
"Disney's Princess Fashion Boutique" = Disneys Prinzessinnen Mode Boutique
"FinalMediaPlayer_is1" = Final Media Player 2011
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HUAWEI DataCard Driver" = HUAWEI DataCard Driver 4.05.00.00
"ie8" = Windows Internet Explorer 8
"Microsoft .NET Framework 2.0 Language Pack - DEU" = Microsoft .NET Framework 2.0 Language Pack - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"o2DE" = Mobile Connection Manager
"QuickTime" = QuickTime
"Siebenstein 1" = Siebenstein 1
"Siebenstein 2" = Siebenstein 2
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Trusted Software Assistant_is1" = File Type Assistant
"Unsere lustige Spielesammlung" = Unsere lustige Spielesammlung
"Update Engine" = Sony Ericsson Update Engine
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Software Update" = Yahoo! Software Update
"Zauberhafte Pferdewelt" = Zauberhafte Pferdewelt
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Avira SearchFree Toolbar plus Web Protection Updater
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\Antje_und_Dirk_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Avira SearchFree Toolbar plus Web Protection Updater
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\systemprofile_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Avira SearchFree Toolbar plus Web Protection Updater
 
< End of report >
         
--- --- ---

Vielen Dank
Gruß
Puablo1
__________________

Antwort

Themen zu GVU Trojaner Win XP
extras.txt, gvu trojaner, otl.txt, poste, troja, trojaner, win, win xp




Zum Thema GVU Trojaner Win XP - Hallo, habe die OTL.txt und die Extras.txt fertig. Wie poste ich diese? Danke - GVU Trojaner Win XP...
Archiv
Du betrachtest: GVU Trojaner Win XP auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.