Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
GVU Trojaner 2.07 auf Windows Vista

GVU Trojaner 2.07 auf Windows Vista


Log-Analyse und Auswertung: GVU Trojaner 2.07 auf Windows Vista

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 25.10.2012, 15:08   #1
Horstmann
 
GVU Trojaner 2.07 auf Windows Vista - Standard

GVU Trojaner 2.07 auf Windows Vista


Hallo,

auch ich habe mir leider einen GVU Trojaner eingefangen und möchte Euch um Hilfe bitten. Der Anleitung auf Trojaner Board bin ich gefolgt und habe die Log Files angehängt.OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 23.10.2012 21:10:30 - Run 4
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Arian\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 0,78 Gb Available Physical Memory | 39,08% Memory free
4,23 Gb Paging File | 2,45 Gb Available in Paging File | 57,95% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 127,21 Gb Total Space | 8,59 Gb Free Space | 6,75% Space Free | Partition Type: NTFS
Drive D: | 10,00 Gb Total Space | 6,28 Gb Free Space | 62,84% Space Free | Partition Type: NTFS
Drive G: | 11,75 Gb Total Space | 1,98 Gb Free Space | 16,87% Space Free | Partition Type: NTFS
 
Computer Name: VW | User Name: Arian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.10.22 19:41:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Arian\Desktop\OTL.exe
PRC - [2012.10.12 12:27:54 | 000,692,152 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\Macromed\Flash\FlashUtil32_11_4_402_287_ActiveX.exe
PRC - [2012.10.11 22:15:43 | 000,388,576 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Thunderbird\thunderbird.exe
PRC - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012.09.25 11:00:45 | 000,084,256 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2012.09.25 10:52:56 | 000,108,320 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.09.25 10:52:48 | 000,386,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.09.19 19:20:40 | 000,079,136 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012.08.23 15:16:44 | 001,193,176 | ---- | M] () -- C:\Users\Arian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
PRC - [2012.08.08 21:04:06 | 000,070,656 | ---- | M] (Nike) -- C:\Program Files\Nike\Nike+ Connect\Nike+ Connect daemon.exe
PRC - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.01.23 06:43:08 | 000,092,592 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.05.08 01:29:38 | 000,122,880 | ---- | M] (CrypKey (Canada) Ltd.) -- C:\Windows\System32\Crypserv.exe
PRC - [2007.09.02 14:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files\RocketDock\RocketDock.exe
PRC - [2007.01.12 10:51:28 | 000,303,104 | ---- | M] (SigmaTel, Inc.) -- C:\Windows\sttray.exe
PRC - [2006.11.02 20:40:12 | 000,174,656 | ---- | M] () -- C:\Windows\System32\PSIService.exe
PRC - [2005.04.02 03:51:48 | 000,217,600 | ---- | M] (Rocket Division Software) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.10.11 22:15:52 | 002,111,456 | ---- | M] () -- C:\Program Files\Mozilla Thunderbird\mozjs.dll
MOD - [2012.10.11 22:15:50 | 000,157,664 | ---- | M] () -- C:\Program Files\Mozilla Thunderbird\nsldap32v60.dll
MOD - [2012.10.11 22:15:50 | 000,021,984 | ---- | M] () -- C:\Program Files\Mozilla Thunderbird\nsldappr32v60.dll
MOD - [2012.09.22 19:24:34 | 000,008,704 | ---- | M] () -- C:\Users\Arian\AppData\Roaming\Thunderbird\Profiles\hayg3c5x.default\extensions\mintrayr@tn123.ath.cx\lib\tray_x86-msvc.dll
MOD - [2012.08.23 15:16:44 | 001,193,176 | ---- | M] () -- C:\Users\Arian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
MOD - [2011.06.24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.06.24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2007.09.02 14:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files\RocketDock\RocketDock.exe
MOD - [2007.09.02 14:57:36 | 000,069,632 | ---- | M] () -- C:\Program Files\RocketDock\RocketDock.dll
MOD - [2006.09.16 22:19:36 | 000,126,976 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
 
 
========== Services (SafeList) ==========
 
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Common Files\SureThing Shared\stllssvr.exe -- (stllssvr)
SRV - [2012.10.12 12:27:55 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.10.11 22:15:54 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.09.29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.09.25 11:00:45 | 000,084,256 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.09.25 10:52:56 | 000,108,320 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.07.06 19:19:23 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012.06.07 19:12:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.01.23 06:43:08 | 000,092,592 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2011.08.10 15:22:38 | 002,200,832 | ---- | M] (Agnitum Ltd.) [Auto | Stopped] -- C:\Program Files\Agnitum\Outpost Security Suite Pro\acs.exe -- (acssrv)
SRV - [2009.07.20 13:28:10 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2009.06.15 11:55:14 | 000,431,384 | ---- | M] (Acronis) [Disabled | Stopped] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2008.05.08 01:29:38 | 000,122,880 | ---- | M] (CrypKey (Canada) Ltd.) [Auto | Running] -- C:\Windows\System32\Crypserv.exe -- (Crypkey License)
SRV - [2008.01.19 00:38:26 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2006.11.07 14:27:02 | 000,070,656 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2006.11.02 20:40:12 | 000,174,656 | ---- | M] () [Auto | Running] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing)
SRV - [2005.04.02 03:51:48 | 000,217,600 | ---- | M] (Rocket Division Software) [Auto | Running] -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe -- (StarWindService)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\usbaapl.sys -- (USBAAPL)
DRV - File not found [File_System | On_Demand | Stopped] --  -- (StarOpen)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\\SystemRoot\System32\Drivers\sptd.sys -- (sptd)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\pcouffin.sys -- (pcouffin)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | Boot | Stopped] -- system32\DRIVERS\ntcdrdrv.sys -- (ntcdrdrv)
DRV - File not found [File_System | Boot | Stopped] -- system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\Arian\AppData\Local\Temp\fxldypow.sys -- (fxldypow)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2012.09.29 19:54:26 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012.09.24 09:58:11 | 000,036,552 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2012.09.13 10:58:24 | 000,134,184 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.09.13 10:58:17 | 000,083,792 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012.08.27 15:50:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2011.08.19 17:01:27 | 000,121,464 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2011.06.15 15:21:16 | 000,338,520 | ---- | M] (Agnitum Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afwcore.sys -- (afwcore)
DRV - [2011.06.15 15:21:12 | 000,084,312 | ---- | M] (Agnitum Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Filt\VBFilt.dll -- (VBFilt)
DRV - [2011.06.15 15:21:10 | 000,078,656 | ---- | M] (Agnitum Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Filt\ASWFilt.dll -- (ASWFilt)
DRV - [2011.06.15 15:21:04 | 000,764,880 | ---- | M] (Agnitum Ltd.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SandBox.sys -- (SandBox)
DRV - [2011.03.28 19:53:12 | 000,033,880 | ---- | M] (Agnitum Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\afw.sys -- (afw)
DRV - [2011.02.02 18:04:22 | 000,242,040 | ---- | M] (VirusBuster Kft.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VBEngNT.sys -- (VBEngNT)
DRV - [2011.01.14 20:11:15 | 000,223,128 | ---- | M] (Alcohol Soft Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vaxscsi.sys -- (vaxscsi)
DRV - [2011.01.05 21:18:25 | 000,441,760 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\timntr.sys -- (timounter)
DRV - [2011.01.05 21:18:25 | 000,044,384 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\Windows\System32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2011.01.05 21:18:07 | 000,132,480 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\snapman.sys -- (snapman)
DRV - [2011.01.05 21:17:56 | 000,368,480 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\tdrpman.sys -- (tdrpman)
DRV - [2010.12.02 23:30:44 | 000,025,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nx6000.sys -- (MSHUSBVideo)
DRV - [2010.09.28 13:03:09 | 000,101,376 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\acedrv07.sys -- (acedrv07)
DRV - [2010.09.28 13:03:09 | 000,099,840 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\acedrv06.sys -- (acedrv06)
DRV - [2010.09.28 13:03:09 | 000,097,792 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\acedrv05.sys -- (acedrv05)
DRV - [2010.09.28 13:03:09 | 000,097,280 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\acedrv04.sys -- (acedrv04)
DRV - [2010.09.28 13:03:09 | 000,097,280 | ---- | M] (ACE GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\acedrv03.sys -- (acedrv03)
DRV - [2010.09.28 13:03:09 | 000,097,280 | ---- | M] (ACE GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\acedrv02.sys -- (acedrv02)
DRV - [2010.09.28 13:03:09 | 000,093,696 | ---- | M] (ACE GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\acedrv01.sys -- (acedrv01)
DRV - [2010.02.19 17:56:18 | 000,385,544 | ---- | M] (Paragon) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\Uim_IM.sys -- (Uim_IM)
DRV - [2010.02.19 17:56:18 | 000,034,392 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\UimBus.sys -- (UimBus)
DRV - [2009.09.02 15:21:38 | 000,195,424 | ---- | M] (Jungo) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\windrvr6.sys -- (WinDriver6)
DRV - [2009.06.17 18:56:16 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2009.06.17 18:56:06 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2009.06.17 18:55:58 | 000,010,384 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidEqd.sys -- (LHidEqd)
DRV - [2009.06.17 18:55:50 | 000,040,720 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LEqdUsb.sys -- (LEqdUsb)
DRV - [2009.04.23 11:42:08 | 000,564,088 | ---- | M] (DiBcom) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dvb7700all.sys -- (mod7700)
DRV - [2009.03.18 18:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2009.02.17 12:19:44 | 000,057,672 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ftdibus.sys -- (FTDIBUS)
DRV - [2009.02.17 12:17:40 | 000,072,520 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ftser2k.sys -- (FTSER2K)
DRV - [2008.03.17 18:45:52 | 000,019,584 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\Ckldrv.sys -- (NetworkX)
DRV - [2007.10.04 22:24:00 | 007,628,608 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007.09.26 09:12:00 | 002,251,776 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32)
DRV - [2007.02.08 07:11:04 | 000,647,680 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2006.12.08 14:02:50 | 000,275,072 | ---- | M] (Guillemont Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HDvid.sys -- (APL531)
DRV - [2006.11.20 21:13:58 | 000,043,520 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006.11.20 21:13:58 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2006.11.20 21:13:56 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2006.11.16 16:01:42 | 000,024,192 | ---- | M] (Guillemot Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\camfilt.sys -- (camfilt)
DRV - [2006.11.12 01:10:40 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2006.11.02 09:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006.11.02 09:30:55 | 000,200,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express)
DRV - [2006.11.02 09:30:53 | 000,045,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006.10.30 19:42:28 | 001,786,880 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32)
DRV - [2006.10.05 17:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2006.08.17 16:43:52 | 000,007,424 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\Program Files\DellSupport\Drivers\dsunidrv.sys -- (dsunidrv)
DRV - [2005.09.23 23:18:32 | 000,171,520 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MarvinBus.sys -- (MarvinBus)
DRV - [2004.09.29 12:45:08 | 000,026,356 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\I-magic.sys -- (TACXDEV)
DRV - [2004.07.26 11:01:00 | 000,007,140 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\cvintdrv.sys -- (cvintdrv)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.de/ig/dell?hl=de&client=dell-row&channel=de&ibd=6070405
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7DADE
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ig?hl=de&ie=UTF-8
IE - HKCU\..\SearchScopes,DefaultScope = {BD7AF474-87E6-4D84-91DB-6E20CABD2968}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}: "URL" = hxxp://www.crawler.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=60342
IE - HKCU\..\SearchScopes\{624F85FF-C226-4D55-BEDB-9947BC90BD07}: "URL" = hxxp://en.wikipedia.org/w/index.php?title=Special:Search&search={searchTerms}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGIT_deDE321
IE - HKCU\..\SearchScopes\{BD7AF474-87E6-4D84-91DB-6E20CABD2968}: "URL" = hxxp://de.wikipedia.org/wiki/Spezial:Search?search={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local localhost localhost localhost localhost localhost;*.local localhost;*.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://de.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:de:official"
FF - prefs.js..extensions.enabledAddons: ich@maltegoetz.de:1.4.3
FF - prefs.js..extensions.enabledAddons: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.10
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2
FF - prefs.js..extensions.enabledItems: 4
FF - prefs.js..extensions.enabledItems: 9
FF - prefs.js..extensions.enabledItems: 1
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..network.proxy.type: 2
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=13: C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll (Google)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Windows\system32\TVUAx\npTVUAx.dll (TVU networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Users\Arian\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.10.12 16:07:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.10.12 16:07:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.06.26 14:38:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{d5bc46d8-67c7-11dc-8c1d-0097498c2b7a}: C:\Users\Arian\Program Files\DNA [2009.02.19 17:02:53 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.10.12 16:07:43 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.10.12 16:07:32 | 000,000,000 | ---D | M]
 
[2010.06.30 10:35:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Arian\AppData\Roaming\mozilla\Extensions
[2010.06.30 10:35:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Arian\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2008.05.22 11:26:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Arian\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2012.10.14 22:41:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Arian\AppData\Roaming\mozilla\Firefox\Profiles\3zzhvudk.default\extensions
[2010.04.29 09:47:24 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Arian\AppData\Roaming\mozilla\Firefox\Profiles\3zzhvudk.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.01.04 01:30:29 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Arian\AppData\Roaming\mozilla\Firefox\Profiles\3zzhvudk.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2012.09.18 20:52:53 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Arian\AppData\Roaming\mozilla\Firefox\Profiles\3zzhvudk.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2007.09.25 23:13:09 | 000,000,000 | ---D | M] ("Fasterfox") -- C:\Users\Arian\AppData\Roaming\mozilla\Firefox\Profiles\3zzhvudk.default\extensions\{c36177c0-224a-11da-8cd6-0800200c9a66}
[2009.11.10 23:07:29 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Users\Arian\AppData\Roaming\mozilla\Firefox\Profiles\3zzhvudk.default\extensions\firefox@tvunetworks.com
[2012.09.15 18:00:38 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\Arian\AppData\Roaming\mozilla\Firefox\Profiles\3zzhvudk.default\extensions\ich@maltegoetz.de
[2011.11.24 19:57:12 | 000,079,365 | ---- | M] () (No name found) -- C:\Users\Arian\AppData\Roaming\mozilla\firefox\profiles\3zzhvudk.default\extensions\anticontainer@downthemall.net.xpi
[2012.10.14 22:41:15 | 000,340,281 | ---- | M] () (No name found) -- C:\Users\Arian\AppData\Roaming\mozilla\firefox\profiles\3zzhvudk.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi
[2012.10.11 15:02:07 | 000,529,404 | ---- | M] () (No name found) -- C:\Users\Arian\AppData\Roaming\mozilla\firefox\profiles\3zzhvudk.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2012.07.30 14:38:34 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\Arian\AppData\Roaming\mozilla\firefox\profiles\3zzhvudk.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.09.15 17:11:04 | 000,698,867 | ---- | M] () (No name found) -- C:\Users\Arian\AppData\Roaming\mozilla\firefox\profiles\3zzhvudk.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi
[2012.10.14 22:37:03 | 000,000,944 | ---- | M] () -- C:\Users\Arian\AppData\Roaming\mozilla\firefox\profiles\3zzhvudk.default\searchplugins\icqplugin.xml
[2012.10.12 16:07:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012.10.12 16:07:21 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2012.10.12 16:07:15 | 000,000,000 | ---D | M] ("Yummy CONDUIT Player") -- C:\Program Files\Mozilla Firefox\extensions\YPlayer@yummy.net
[2012.10.12 16:07:43 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010.07.17 06:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012.10.12 16:07:39 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.10.12 16:07:39 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2009.09.21 12:24:16 | 000,001,329 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\crawlersrch.xml
[2012.10.12 16:07:39 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.10.12 16:07:39 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.10.12 16:07:39 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.10.12 16:07:39 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage: hxxp://www.google.com/
CHR - homepage: hxxp://www.google.com/
CHR - Extension: Gmail = C:\Users\Arian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2008.01.20 16:29:03 | 000,223,006 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O1 - Hosts: 127.0.0.1	007guard.com
O1 - Hosts: 127.0.0.1	www.007guard.com
O1 - Hosts: 127.0.0.1	008i.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	www.008k.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	www.00hq.com
O1 - Hosts: 127.0.0.1	010402.com
O1 - Hosts: 127.0.0.1	032439.com
O1 - Hosts: 127.0.0.1	www.032439.com
O1 - Hosts: 127.0.0.1	1001-search.info
O1 - Hosts: 127.0.0.1	www.1001-search.info
O1 - Hosts: 127.0.0.1	100888290cs.com
O1 - Hosts: 127.0.0.1	www.100888290cs.com
O1 - Hosts: 127.0.0.1	100sexlinks.com
O1 - Hosts: 127.0.0.1	www.100sexlinks.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	www.10sek.com
O1 - Hosts: 127.0.0.1	123topsearch.com
O1 - Hosts: 127.0.0.1	www.123topsearch.com
O1 - Hosts: 127.0.0.1	132.com
O1 - Hosts: 127.0.0.1	www.132.com
O1 - Hosts: 127.0.0.1	136136.net
O1 - Hosts: 7827 more lines...
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {22E03916-85C5-44B0-8DC9-1830C11238D9} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Nike+ Connect] C:\Program Files\Nike\Nike+ Connect\Nike+ Connect daemon.exe (Nike)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NVHotkey] C:\Windows\System32\nvHotkey.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [OutpostMonitor] C:\Program Files\Agnitum\Outpost Security Suite Pro\op_mon.exe (Agnitum Ltd.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Windows\sttray.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Remote Control Editor] "C:\Program Files\Common Files\TerraTec\Remote\TTTvRc.exe" File not found
O4 - HKCU..\Run: [RocketDock] C:\Program Files\RocketDock\RocketDock.exe ()
O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\Arian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe ()
O4 - HKCU..\Run: [TomTom] C:\Users\Arian\AppData\Roaming\E80161\E80161.exe ()
O4 - HKCU..\Run: [Xileobmyw] C:\Users\Arian\AppData\Roaming\Gybaz\dulik.exe File not found
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
F3 - HKCU WinNT: Load - (C:\Users\Arian\LOCALS~1\Temp\mswgqqq.com) -  File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.10.115.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BAF018CD-C243-4E7B-B0DC-380877BB67CA}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F00ED8B3-C96D-49B1-8E48-CCA13BA1D7AE}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (c:\progra~1\agnitum\outpos~1\wl_hook.dll) - c:\Program Files\Agnitum\Outpost Security Suite Pro\wl_hook.dll (Agnitum Ltd.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Arian\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Users\Arian\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O30 - LSA: Authentication Packages - (relog_ap) - C:\Windows\System32\relog_ap.dll (Acronis)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{67292b95-71da-11dc-b0aa-0019b96596e7}\Shell\AutoRun\command - "" = H:\PortableApps\PortableAppsMenu\PortableAppsMenu.exe
O33 - MountPoints2\{774f485d-1ef3-11de-bd00-0019b96596e7}\Shell - "" = AutoRun
O33 - MountPoints2\{774f485d-1ef3-11de-bd00-0019b96596e7}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
O33 - MountPoints2\{a174a8e7-10de-11dc-9ef3-0019b96596e7}\Shell\AutoRun\command - "" = .\Recycled\Driveinfo.exe
O33 - MountPoints2\{a174a8e7-10de-11dc-9ef3-0019b96596e7}\Shell\Open\Command - "" = .\Recycled\Driveinfo.exe
O33 - MountPoints2\{e7f5ca22-bfb1-11e0-966f-0019b96596e7}\Shell - "" = AutoRun
O33 - MountPoints2\{e7f5ca22-bfb1-11e0-966f-0019b96596e7}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL E:\index.html
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (SsiEfr.exe)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.10.22 19:41:09 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Arian\Desktop\OTL.exe
[2012.10.16 21:44:42 | 000,000,000 | ---D | C] -- C:\Users\Arian\AppData\Roaming\Malwarebytes
[2012.10.16 21:42:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.10.16 21:42:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.10.16 21:42:36 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.10.16 21:42:34 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.10.16 21:01:43 | 000,000,000 | ---D | C] -- C:\Users\Arian\AppData\Local\CrashDumps
[2012.10.16 20:10:50 | 000,000,000 | ---D | C] -- C:\Users\Arian\AppData\Roaming\Rouvez
[2012.10.16 20:10:49 | 000,000,000 | ---D | C] -- C:\Users\Arian\AppData\Roaming\Gybaz
[2012.10.16 20:10:49 | 000,000,000 | ---D | C] -- C:\Users\Arian\AppData\Roaming\Eguc
[2012.10.15 20:40:33 | 000,000,000 | ---D | C] -- C:\Users\Arian\AppData\Roaming\Ubma
[2012.10.15 20:40:32 | 000,000,000 | ---D | C] -- C:\Users\Arian\AppData\Roaming\Qiyq
[2012.10.15 20:40:32 | 000,000,000 | ---D | C] -- C:\Users\Arian\AppData\Roaming\Qalium
[2012.10.15 20:39:55 | 000,000,000 | ---D | C] -- C:\Users\Arian\Local Settings
[2012.10.12 16:07:06 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012.10.12 10:59:46 | 000,000,000 | ---D | C] -- C:\Users\Arian\Desktop\Medizinbücher
[2012.09.27 18:06:54 | 000,000,000 | ---D | C] -- C:\Users\Arian\AppData\Roaming\Avira
[2012.09.27 17:53:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012.09.27 17:51:38 | 000,134,184 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys
[2012.09.27 17:51:38 | 000,083,792 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys
[2012.09.27 17:51:38 | 000,036,552 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys
[2012.09.27 17:51:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012.09.27 17:51:01 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2012.09.25 22:30:26 | 000,000,000 | ---D | C] -- C:\ProgramData\DVD Shrink
[2012.09.25 22:30:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVD Shrink deutsch
[2012.09.25 22:30:21 | 000,000,000 | ---D | C] -- C:\Program Files\DVD Shrink DE
[2012.09.25 22:20:45 | 000,000,000 | ---D | C] -- C:\Users\Arian\Documents\Alcohol 120%
[2012.09.25 22:07:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TechSmith
[2012.09.25 22:06:44 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\TechSmith Shared
[2012.09.25 22:06:03 | 000,000,000 | ---D | C] -- C:\Program Files\TechSmith
[2012.09.24 22:13:09 | 000,000,000 | ---D | C] -- C:\Users\Arian\AppData\Roaming\TechSmith
[2012.09.24 22:12:56 | 000,000,000 | ---D | C] -- C:\Users\Arian\AppData\Local\TechSmith
[2012.09.24 22:12:14 | 000,000,000 | ---D | C] -- C:\Users\Arian\Documents\Camtasia Studio
[2012.09.24 17:32:29 | 000,000,000 | ---D | C] -- C:\ProgramData\TechSmith
[2008.01.26 22:17:42 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Arian\AppData\Roaming\pcouffin.sys
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]
[1 C:\Users\Arian\*.tmp files -> C:\Users\Arian\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.10.23 21:11:01 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.10.23 21:07:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.10.23 20:51:16 | 000,003,568 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.10.23 20:51:16 | 000,003,568 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.10.23 20:42:32 | 000,302,592 | ---- | M] () -- C:\Users\Arian\Desktop\g59dx8n2.exe
[2012.10.23 19:58:34 | 000,000,868 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.10.23 18:53:15 | 000,262,183 | ---- | M] () -- C:\Users\Arian\AppData\Roaming\nvModes.001
[2012.10.23 18:51:25 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.10.23 18:51:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.10.22 19:41:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Arian\Desktop\OTL.exe
[2012.10.22 19:13:01 | 000,000,020 | ---- | M] () -- C:\Users\Arian\defogger_reenable
[2012.10.22 19:10:57 | 000,050,477 | ---- | M] () -- C:\Users\Arian\Desktop\Defogger.exe
[2012.10.17 19:27:35 | 000,213,504 | ---- | M] () -- C:\Users\Arian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.10.16 20:15:19 | 000,000,047 | ---- | M] () -- C:\Users\Arian\AppData\Roaming\msconfig.ini
[2012.10.09 22:34:56 | 000,304,389 | ---- | M] () -- C:\Users\Arian\Desktop\EKG-Kochbuch.pdf
[2012.10.08 18:36:33 | 000,262,183 | ---- | M] () -- C:\Users\Arian\AppData\Roaming\nvModes.dat
[2012.09.29 19:54:26 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.09.25 22:07:35 | 000,000,995 | ---- | M] () -- C:\Users\Public\Desktop\Camtasia Studio 8.lnk
[2012.09.24 21:18:15 | 000,843,844 | ---- | M] () -- C:\Users\Arian\Desktop\bend_u.pdf
[2012.09.24 16:45:30 | 000,060,864 | ---- | M] () -- C:\Users\Arian\g2mdlhlpx.exe
[2012.09.24 09:58:11 | 000,036,552 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]
[1 C:\Users\Arian\*.tmp files -> C:\Users\Arian\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.10.23 20:42:06 | 000,302,592 | ---- | C] () -- C:\Users\Arian\Desktop\g59dx8n2.exe
[2012.10.22 19:12:02 | 000,000,020 | ---- | C] () -- C:\Users\Arian\defogger_reenable
[2012.10.22 19:10:56 | 000,050,477 | ---- | C] () -- C:\Users\Arian\Desktop\Defogger.exe
[2012.10.16 21:42:52 | 000,000,868 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.10.15 20:40:44 | 000,000,047 | ---- | C] () -- C:\Users\Arian\AppData\Roaming\msconfig.ini
[2012.10.09 22:34:51 | 000,304,389 | ---- | C] () -- C:\Users\Arian\Desktop\EKG-Kochbuch.pdf
[2012.09.25 22:07:35 | 000,000,995 | ---- | C] () -- C:\Users\Public\Desktop\Camtasia Studio 8.lnk
[2012.09.24 21:18:12 | 000,843,844 | ---- | C] () -- C:\Users\Arian\Desktop\bend_u.pdf
[2012.09.23 10:14:33 | 000,060,864 | ---- | C] () -- C:\Users\Arian\g2mdlhlpx.exe
[2012.02.05 11:32:53 | 000,000,004 | ---- | C] () -- C:\Windows\vx86036.dat
[2012.02.05 11:32:06 | 000,000,127 | ---- | C] () -- C:\Windows\Crypkey.ini
[2012.02.05 11:29:49 | 000,019,584 | ---- | C] () -- C:\Windows\System32\Ckldrv.sys
[2012.02.05 11:29:48 | 000,027,648 | R--- | C] () -- C:\Windows\Setup_ck.exe
[2012.02.05 11:29:48 | 000,018,432 | ---- | C] () -- C:\Windows\Setup_ck.dll
[2012.02.05 11:29:48 | 000,011,776 | ---- | C] () -- C:\Windows\Ckrfresh.exe
[2012.01.11 09:54:41 | 000,097,792 | -HS- | C] () -- C:\Users\Arian\AppData\Roaming\msconfig.dat
[2011.09.10 14:14:48 | 000,000,261 | ---- | C] () -- C:\ProgramData\lxdi
[2011.06.17 18:09:28 | 000,015,873 | ---- | C] () -- C:\Windows\System32\Inetde.dll
[2011.05.17 21:45:15 | 000,088,576 | R--- | C] () -- C:\Windows\rauninst.exe
[2011.04.12 20:21:56 | 000,000,112 | ---- | C] () -- C:\Windows\wininit.ini
[2010.08.04 16:45:55 | 000,019,456 | ---- | C] () -- C:\Users\Arian\AppData\Local\WebpageIcons.db
[2009.12.22 18:11:09 | 000,000,701 | ---- | C] () -- C:\Users\Arian\AppData\Roaming\init.dll
[2009.12.22 18:11:09 | 000,000,006 | ---- | C] () -- C:\Users\Arian\AppData\Roaming\SYSTEM32.dll
[2009.12.22 18:11:06 | 000,000,701 | ---- | C] () -- C:\Users\Arian\AppData\Roaming\sound.dll
[2008.05.14 17:59:37 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2008.01.26 22:17:42 | 000,087,608 | ---- | C] () -- C:\Users\Arian\AppData\Roaming\inst.exe
[2008.01.26 22:17:42 | 000,007,887 | ---- | C] () -- C:\Users\Arian\AppData\Roaming\pcouffin.cat
[2008.01.26 22:17:42 | 000,001,144 | ---- | C] () -- C:\Users\Arian\AppData\Roaming\pcouffin.inf
[2008.01.23 19:26:12 | 000,000,093 | ---- | C] () -- C:\Users\Arian\AppData\Local\fusioncache.dat
[2007.11.23 19:17:35 | 000,000,032 | ---- | C] () -- C:\ProgramData\ezsid.dat
[2007.08.19 18:57:10 | 000,007,268 | ---- | C] () -- C:\Users\Arian\AppData\Local\d3d9caps.dat
[2007.05.04 20:25:55 | 000,000,305 | ---- | C] () -- C:\ProgramData\addr_file.html
[2007.04.29 13:34:35 | 000,000,040 | -HS- | C] () -- C:\Users\Arian\AppData\Roaming\.zreglib
[2007.04.29 11:27:33 | 000,000,081 | -HS- | C] () -- C:\ProgramData\.zreglib
[2007.04.27 21:41:09 | 000,022,869 | ---- | C] () -- C:\Users\Arian\AppData\Roaming\UserTile.png
[2007.04.24 21:43:52 | 000,000,020 | ---- | C] () -- C:\Users\Arian\AppData\Roaming\anzds
[2007.04.12 22:41:43 | 000,000,114 | ---- | C] () -- C:\Users\Arian\AppData\Roaming\wklnhst.dat
[2007.04.12 22:29:26 | 000,262,183 | ---- | C] () -- C:\Users\Arian\AppData\Roaming\nvModes.001
[2007.04.12 20:10:43 | 000,262,183 | ---- | C] () -- C:\Users\Arian\AppData\Roaming\nvModes.dat
[2007.04.12 18:01:59 | 000,213,504 | ---- | C] () -- C:\Users\Arian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== ZeroAccess Check ==========
 
[2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
"ThreadingModel" = Both
"" = C:\$Recycle.Bin\S-1-5-21-2617123096-2108651821-2447131207-1000\$a0b26d9b9a24ea4ea452b72e1356577e\n.
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 08:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2010.07.04 20:45:33 | 000,000,000 | ---D | M] -- C:\Users\Arian\AppData\Roaming\.pknowledge
[2011.12.20 11:25:57 | 000,000,000 | ---D | M] -- C:\Users\Arian\AppData\Roaming\Agnitum
[2012.03.28 17:40:59 | 000,000,000 | ---D | M] -- C:\Users\Arian\AppData\Roaming\Amazon
[2010.12.28 01:10:15 | 000,000,000 | ---D | M] -- C:\Users\Arian\AppData\Roaming\Armagetron
[2011.12.09 10:36:04 | 000,000,000 | ---D | M] -- C:\Users\Arian\AppData\Roaming\ASCOMP Software
[2011.12.22 11:43:46 | 000,000,000 | ---D | M] -- C:\Users\Arian\AppData\Roaming\Ashampoo
[2010.12.25 20:55:24 | 000,000,000 | ---D | M] -- C:\Users\Arian\AppData\Roaming\Azureus
[2010.12.25 20:55:23 | 000,000,000 | ---D | M] -- C:\Users\Arian\AppData\Roaming\BitTorrent
[2012.09.18 20:46:48 | 000,000,000 | ---D | M] -- C:\Users\Arian\AppData\Roaming\BOM
[2010.08.09 00:23:55 | 000,000,000 | ---D | M] -- C:\Users\Arian\AppData\Roaming\Canneverbe Limited
[2009.05.20 22:27:00 | 000,000,000 | ---D | M] -- C:\Users\Arian\AppData\Roaming\Ciclo
[2011.12.22 21:54:16 | 000,000,000 | ---D | M] -- C:\Users\Arian\AppData\Roaming\Command & Conquer 3 Tiberium Wars
[2007.05.12 16:32:51 | 000,000,000 | ---D | M] -- C:\Users\Arian\AppData\Roaming\concept design
[2008.06.18 10:37:17 | 000,000,000 | ---D | M] -- C:\Users\Arian\AppData\Roaming\Crossword Compiler Deutsch 8
[2011.12.25 18:24:42 | 000,000,000 | ---D | M] -- C:\Users\Arian\AppData\Roaming\DAEMON Tools Lite
[2010.12.09 10:00:07 | 000,000,000 | RHSD | M] -- C:\Users\Arian\AppData\Roaming\dll
[2008.08.30 11:01:53 | 000,000,000 | ---D | M] -- C:\Users\Arian\AppData\Roaming\DNA
[2011.05.04 14:58:14 | 000,000,000 | ---D | M] -- C:\Users\Arian\AppData\Roaming\Downloaded Installations
[2008.05.01 17:32:15 | 000,000,000 | ---D | M] -- C:\Users\Arian\AppData\Roaming\drms
[2012.10.17 17:00:33 | 000,000,000 | ---D | M] -- C:\Users\Arian\AppData\Roaming\Dropbox
[2010.04.28 10:28:39 | 000,000,000 | ---D | M] -- C:\Users\Arian\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.01.02 17:57:31 | 000,000,000 | ---D | M] -- C:\Users\Arian\AppData\Roaming\Dyyzy
[2009.04.11 08:28:17 | 000,000,000 | -HSD | M] -- C:\Users\Arian\AppData\Roaming\E80161
[2012.10.22 18:54:27 | 000,000,000 | ---D | M] -- C:\Users\Arian\AppData\Roaming\Eguc
[2012.10.09 19:51:51 | 000,000,000 | ---D | M] -- C:\Users\Arian\AppData\Roaming\EndNote
[2011.08.06 17:11:55 | 000,000,000 | ---D | M] -- C:\Users\Arian\AppData\Roaming\GHISLER
[2010.06.28 09:47:52 | 000,000,000 | ---D | M] -- C:\Users\Arian\AppData\Roaming\GlarySoft
[2008.01.26 23:44:11 | 000,000,000 | ---D | M] -- C:\Users\Arian\AppData\Roaming\gtk-2.0
[2012.10.22 19:02:54 | 000,000,000 | ---D | M] -- C:\Users\Arian\AppData\Roaming\Gybaz
[2010.02.08 10:20:53 | 000,000,000 | ---D | M] -- C:\Users\Arian\AppData\Roaming\ICQ
[2007.04.12 20:06:33 | 000,000,000 | ---D | M] -- C:\Users\Arian\AppData\Roaming\ICQLite
[2009.11.20 16:22:51 | 000,000,000 | ---D | M] -- C:\Users\Arian\AppData\Roaming\ImgBurn
[2011.12.25 12:05:54 | 000,000,000 | ---D | M] -- C:\Users\Arian\AppData\Roaming\Leadertech
[2011.10.01 15:04:08 | 000,000,000 | ---D | M] -- C:\Users\Arian\AppData\Roaming\Lexmark Productivity Studio
[2007.08.10 20:02:19 | 000,000,000 | ---D | M] -- C:\Users\Arian\AppData\Roaming\LimeWire
[2011.12.14 19:04:12 | 000,000,000 | ---D | M] -- C:\Users\Arian\AppData\Roaming\LowRateVoip
[2011.08.28 19:26:03 | 000,000,000 | ---D | M] -- C:\Users\Arian\AppData\Roaming\mkvtoolnix
[2011.05.04 15:04:28 | 000,000,000 | ---D | M] -- C:\Users\Arian\AppData\Roaming\Nitro PDF
[2007.09.20 20:05:28 | 000,000,000 | ---D | M] -- C:\Users\Arian\AppData\Roaming\PeerNetworking
[2012.10.15 20:40:56 | 000,000,000 | ---D | M] -- C:\Users\Arian\AppData\Roaming\Qalium
[2012.10.15 20:40:32 | 000,000,000 | ---D | M] -- C:\Users\Arian\AppData\Roaming\Qiyq
[2012.10.16 20:10:51 | 000,000,000 | ---D | M] -- C:\Users\Arian\AppData\Roaming\Rouvez
[2011.03.19 23:23:54 | 000,000,000 | ---D | M] -- C:\Users\Arian\AppData\Roaming\Rovio
[2011.09.05 11:58:20 | 000,000,000 | ---D | M] -- C:\Users\Arian\AppData\Roaming\SanDisk
[2011.05.15 22:49:28 | 000,000,000 | ---D | M] -- C:\Users\Arian\AppData\Roaming\Simfy
[2011.03.19 11:50:46 | 000,000,000 | ---D | M] -- C:\Users\Arian\AppData\Roaming\Similarity
[2007.04.29 11:29:24 | 000,000,000 | ---D | M] -- C:\Users\Arian\AppData\Roaming\SlySoft
[2010.08.12 18:26:12 | 000,000,000 | ---D | M] -- C:\Users\Arian\AppData\Roaming\Sports Interactive
[2012.10.23 20:22:42 | 000,000,000 | ---D | M] -- C:\Users\Arian\AppData\Roaming\Spotify
[2010.03.11 19:55:11 | 000,000,000 | ---D | M] -- C:\Users\Arian\AppData\Roaming\Tacx
[2012.09.24 22:13:09 | 000,000,000 | ---D | M] -- C:\Users\Arian\AppData\Roaming\TechSmith
[2012.07.17 15:12:08 | 000,000,000 | ---D | M] -- C:\Users\Arian\AppData\Roaming\Teleca
[2007.04.26 17:31:15 | 000,000,000 | ---D | M] -- C:\Users\Arian\AppData\Roaming\Template
[2012.07.17 17:02:40 | 000,000,000 | ---D | M] -- C:\Users\Arian\AppData\Roaming\TerraTec
[2010.03.25 10:29:40 | 000,000,000 | ---D | M] -- C:\Users\Arian\AppData\Roaming\TheFixerUpper
[2010.06.30 10:35:02 | 000,000,000 | ---D | M] -- C:\Users\Arian\AppData\Roaming\Thunderbird
[2007.09.14 21:50:18 | 000,000,000 | ---D | M] -- C:\Users\Arian\AppData\Roaming\TomTom
[2010.08.11 22:57:05 | 000,000,000 | ---D | M] -- C:\Users\Arian\AppData\Roaming\TS3Client
[2007.04.22 10:57:53 | 000,000,000 | ---D | M] -- C:\Users\Arian\AppData\Roaming\TuneUp Software
[2012.10.15 20:40:33 | 000,000,000 | ---D | M] -- C:\Users\Arian\AppData\Roaming\Ubma
[2011.11.18 22:20:13 | 000,000,000 | ---D | M] -- C:\Users\Arian\AppData\Roaming\Unity
[2008.01.26 23:38:42 | 000,000,000 | ---D | M] -- C:\Users\Arian\AppData\Roaming\Vso
[2011.02.14 23:26:28 | 000,000,000 | ---D | M] -- C:\Users\Arian\AppData\Roaming\Windows Live Writer
[2011.08.28 19:55:25 | 000,000,000 | ---D | M] -- C:\Users\Arian\AppData\Roaming\XMedia Recode
[2010.03.25 16:49:30 | 000,000,000 | ---D | M] -- C:\Users\Arian\AppData\Roaming\XWindows Dock
[2010.01.23 15:20:45 | 000,000,000 | ---D | M] -- C:\Users\Arian\AppData\Roaming\YCanPDF
[2011.12.29 12:00:17 | 000,000,000 | ---D | M] -- C:\Users\Arian\AppData\Roaming\Zavy
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 76 bytes -> C:\Users\Arian\Documents\Meine Projekte:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Arian\Documents\Hercules webcam:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Arian\Documents\Eigene Google Gadgets:Roxio EMC Stream
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:66E02052
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:C39E55C5

< End of report >
--- --- ---
Geändert von Horstmann (25.10.2012 um 15:17 Uhr)

 

Themen zu GVU Trojaner 2.07 auf Windows Vista
acedrv05.sys, angehängt, anleitung, board, eingefangen, files, gefangen, gen, gvu trojaner, gvu trojaner 2.07, leitung, log, log files, plug-in, recycle.bin, remote control, spotify web helper, troja, trojaner, trojaner board, trojaner eingefangen, vista, windows, windows vista


« Uninstallierbares "mystart.incredibar.com", Dateien nicht auffindbar, Bootdauer gestiegen und Eine-Seite-zurück-Funktion unter FF fehlerhaft | Windows Vista Weisser Bildschirm bei start + abgesicherter modus geht nicht »


Ähnliche Themen: GVU Trojaner 2.07 auf Windows Vista


  1. GVU Trojaner auf Windows Vista
    Log-Analyse und Auswertung - 19.04.2014 (12)
  2. GVU - Trojaner in Windows Vista
    Plagegeister aller Art und deren Bekämpfung - 09.12.2013 (2)
  3. Windows Vista Trojaner
    Log-Analyse und Auswertung - 09.10.2013 (17)
  4. GVU Trojaner auf windows vista
    Plagegeister aller Art und deren Bekämpfung - 02.09.2013 (1)
  5. Windows Vista GVU-Trojaner
    Plagegeister aller Art und deren Bekämpfung - 25.08.2013 (1)
  6. gvu trojaner windows vista
    Plagegeister aller Art und deren Bekämpfung - 21.08.2013 (23)
  7. GVU Trojaner Windows Vista
    Log-Analyse und Auswertung - 22.07.2013 (1)
  8. GVU/Trojaner Windows Vista
    Plagegeister aller Art und deren Bekämpfung - 09.05.2013 (5)
  9. GVU-Trojaner auf Windows Vista
    Plagegeister aller Art und deren Bekämpfung - 27.03.2013 (1)
  10. GVU- Trojaner Windows Vista
    Log-Analyse und Auswertung - 20.01.2013 (7)
  11. GVU Trojaner , Windows Vista
    Plagegeister aller Art und deren Bekämpfung - 13.01.2013 (23)
  12. BKA Trojaner 1.15 (Windows Vista)
    Log-Analyse und Auswertung - 05.10.2012 (37)
  13. GUV Trojaner Windows Vista
    Log-Analyse und Auswertung - 01.08.2012 (3)
  14. Windows Vista GVU Trojaner
    Plagegeister aller Art und deren Bekämpfung - 27.05.2012 (8)
  15. Infiziert mit Windows-Verschlüsselungs Trojaner -Mail mit Telefonrechnung - windows vista
    Plagegeister aller Art und deren Bekämpfung - 06.05.2012 (12)
  16. BKA-Trojaner Windows Vista
    Plagegeister aller Art und deren Bekämpfung - 25.03.2012 (1)
  17. Windows Vista Home Premium 32-Bit Trojaner Windows gesperrt 50€ zahlen.
    Log-Analyse und Auswertung - 23.01.2012 (1)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema GVU Trojaner 2.07 auf Windows Vista - Hallo, auch ich habe mir leider einen GVU Trojaner eingefangen und möchte Euch um Hilfe bitten. Der Anleitung auf Trojaner Board bin ich gefolgt und habe die Log Files angehängt.OTL - GVU Trojaner 2.07 auf Windows Vista...
Archiv
Du betrachtest: GVU Trojaner 2.07 auf Windows Vista auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131