Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: GVU Trojaner Windows Vista - abgesicherter Modus funktioniert nicht! Winunlocker schlägt fehl!

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 06.11.2012, 23:06   #1
Tito85
 
GVU Trojaner Windows Vista - abgesicherter Modus funktioniert nicht! Winunlocker schlägt fehl! - Standard

GVU Trojaner Windows Vista - abgesicherter Modus funktioniert nicht! Winunlocker schlägt fehl!



Hab mir nen GVU Trojaner eingefangen!
Nun geht weder der abgesicherte Modus, noch funktioniert der WindowsUnlocker.
Habe mir nun gerade OTLPE besorgt und du Schritte aus den anderen Thread durchgeführt!

OTL:
Code:
ATTFilter
OTL logfile created on: 11/6/2012 9:51:47 PM - Run 
OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE
Windows Vista (TM) Home Premium Service Pack 2 (Version = 6.0.6002) - Type = System
Internet Explorer (Version = 8.0.6001.19328)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 91.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 223.12 Gb Total Space | 24.94 Gb Free Space | 11.18% Space Free | Partition Type: NTFS
Drive D: | 7.43 Gb Total Space | 4.55 Gb Free Space | 61.14% Space Free | Partition Type: FAT32
Drive E: | 7.47 Gb Total Space | 1.50 Gb Free Space | 20.08% Space Free | Partition Type: FAT32
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012/10/27 06:02:51 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/10/08 16:39:13 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/09/04 11:42:44 | 000,722,528 | ---- | M] () [Auto] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe -- (vToolbarUpdater12.2.6)
SRV - [2012/07/13 06:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/01/31 09:02:52 | 007,391,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/11/22 03:59:30 | 000,018,432 | ---- | M] () [Auto] -- C:\Users\Jenny\AppData\LocalLow\StumbleUpon\IE\StumbleUponUpdater.exe -- (StumbleUponUpdater)
SRV - [2011/11/10 08:17:31 | 000,167,264 | ---- | M] () [On_Demand] -- C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2011/02/07 22:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010/03/18 04:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009/09/08 02:48:55 | 000,066,048 | ---- | M] (PostgreSQL Global Development Group) [Auto] -- C:\Program Files\PostgreSQL\8.4\bin\pg_ctl.exe -- (postgresql-8.4)
SRV - [2009/04/15 09:17:58 | 000,703,008 | ---- | M] (Acer Incorporated) [Auto] -- C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe -- (ePowerSvc)
SRV - [2009/04/11 12:32:00 | 000,061,184 | ---- | M] (NewTech Infosystems, Inc.) [Auto] -- C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2008/10/27 05:05:28 | 000,306,736 | ---- | M] () [Auto] -- C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe -- (MWLService)
SRV - [2008/03/18 14:27:12 | 000,013,312 | ---- | M] (Agere Systems) [Auto] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2008/01/20 21:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/10/26 08:28:06 | 001,524,512 | ---- | M] (Cisco Systems, Inc.) [Auto] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand] --  -- (USBModem)
DRV - File not found [Kernel | On_Demand] --  -- (UsbDiag)
DRV - File not found [Kernel | On_Demand] --  -- (usbbus)
DRV - File not found [Kernel | On_Demand] --  -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand] --  -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand] --  -- (LGVMODEM)
DRV - File not found [Kernel | On_Demand] --  -- (lgbusenum)
DRV - File not found [Kernel | On_Demand] --  -- (LgBttPort)
DRV - File not found [Kernel | On_Demand] --  -- (IpInIp)
DRV - [2012/09/04 11:42:45 | 000,027,496 | ---- | M] (AVG Technologies) [Kernel | System] -- C:\Windows\System32\drivers\avgtpx86.sys -- (avgtp)
DRV - [2011/05/27 12:05:18 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/04/04 17:59:56 | 000,297,168 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/03/16 09:03:20 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot] -- C:\Windows\System32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/03/01 07:25:18 | 000,034,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/02/22 01:12:38 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot] -- C:\Windows\System32\drivers\AVGIDSEH.sys -- (AVGIDSEH)
DRV - [2011/02/10 00:53:30 | 000,028,624 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/02/10 00:53:28 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/01/06 23:41:46 | 000,248,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2009/08/14 09:14:42 | 000,721,904 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2009/05/12 08:53:04 | 000,016,896 | ---- | M] (Danish Wireless Design A/S) [Kernel | On_Demand] -- C:\Windows\System32\drivers\FlashUsb.sys -- (FlashUSB)
DRV - [2008/12/29 17:57:56 | 000,952,832 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008/10/09 09:47:12 | 000,059,952 | ---- | M] (Egis Incorporated.) [Kernel | Auto] -- C:\Windows\System32\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV - [2008/10/09 09:47:12 | 000,019,504 | ---- | M] (Egis Incorporated.) [File_System | Auto] -- C:\Windows\System32\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV - [2008/10/09 09:47:12 | 000,016,432 | ---- | M] (Egis Incorporated.) [Kernel | Auto] -- C:\Windows\System32\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV - [2008/09/22 08:49:36 | 000,112,128 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel(R)
DRV - [2008/09/03 23:12:56 | 000,223,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\k57nd60x.sys -- (k57nd60x) Broadcom NetLink (TM)
DRV - [2008/02/29 18:13:38 | 001,202,560 | ---- | M] (Agere Systems) [Kernel | On_Demand] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2007/10/26 08:27:00 | 000,306,300 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto] -- C:\Windows\System32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2007/10/16 03:35:58 | 010,376,576 | ---- | M] (Sonix Co. Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\snpstd3.sys -- (SNPSTD3) USB PC Camera (SNPSTD3)
DRV - [2007/05/30 12:14:58 | 000,016,640 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter)
DRV - [2007/01/31 07:45:06 | 000,127,376 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE)
DRV - [2007/01/18 10:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2006/11/10 08:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\afc.sys -- (Afc)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0509&m=aspire_5738
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0509&m=aspire_5738
 
 
IE - HKU\.DEFAULT\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\Jenny_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0509&m=aspire_5738
IE - HKU\Jenny_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data]
IE - HKU\Jenny_ON_C\Software\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\Jenny_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
IE - HKU\Jenny_ON_C\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\Jenny_ON_C\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKU\Jenny_ON_C\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\Jenny_ON_C\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - Reg Error: Key error. File not found
IE - HKU\Jenny_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
 
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.sweetim.com/search.asp?src=2&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://start.icq.com/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.1
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:10.0.0.1178
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1209
FF - prefs.js..extensions.enabledItems: avg@igeared:6.103.018.001
FF - prefs.js..extensions.enabledItems: {271A3CF5-5A54-447B-A08F-BE805F0DA60A}:3.3.4.5
FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.36.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2
FF - prefs.js..extensions.enabledItems: 5
FF - prefs.js..extensions.enabledItems: 3
FF - prefs.js..extensions.enabledItems: 1
FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0
FF - prefs.js..extensions.enabledItems: {e7348bc0-16f6-11de-8c30-0800200c9a66}:3.6.19.02.10
FF - prefs.js..keyword.URL: "https://isearch.avg.com/search?cid={BA708AE4-C199-46AC-A3ED-AEBF98B58839}&mid=902ca0966561230000148316690605e4-a4bbd411b4220f8d158217d3b9c9962cc77ac3fb&lang=de&ds=AVG&pr=fr&d=2011-12-13 13:04:07&v=12.2.5.32&sap=ku&q="
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\System32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\System32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\12.2.6\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Windows\System32\TVUAx\npTVUAx.dll (TVU networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.19: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\Jenny\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2010/12/18 09:23:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2012/09/17 13:30:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\12.2.5.32\ [2012/09/04 11:42:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/10/27 06:02:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/10/27 06:02:46 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/10/27 06:02:52 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/10/27 06:02:46 | 000,000,000 | ---D | M]
 
[2009/07/23 09:32:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jenny\AppData\Roaming\Mozilla\Extensions
[2012/10/24 14:21:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jenny\AppData\Roaming\Mozilla\Firefox\Profiles\v7ymtcva.default\extensions
[2010/04/27 13:52:44 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Jenny\AppData\Roaming\Mozilla\Firefox\Profiles\v7ymtcva.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/07/06 05:41:17 | 000,000,000 | ---D | M] (DDBAC Plug-In) -- C:\Users\Jenny\AppData\Roaming\Mozilla\Firefox\Profiles\v7ymtcva.default\extensions\{271A3CF5-5A54-447B-A08F-BE805F0DA60A}
[2012/05/04 13:37:08 | 000,000,000 | ---D | M] (Pink Fox) -- C:\Users\Jenny\AppData\Roaming\Mozilla\Firefox\Profiles\v7ymtcva.default\extensions\{e7348bc0-16f6-11de-8c30-0800200c9a66}
[2010/10/27 15:42:41 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Users\Jenny\AppData\Roaming\Mozilla\Firefox\Profiles\v7ymtcva.default\extensions\firefox@tvunetworks.com
[2012/05/13 15:33:59 | 000,000,000 | ---D | M] (StumbleUpon) -- C:\Users\Jenny\AppData\Roaming\Mozilla\Firefox\Profiles\v7ymtcva.default\extensions\toolbar@stumbleupon.com
[2010/10/27 15:49:17 | 000,000,000 | ---D | M] (vShare Plugin) -- C:\Users\Jenny\AppData\Roaming\Mozilla\Firefox\Profiles\v7ymtcva.default\extensions\vshare@toolbar
[2012/11/04 15:02:26 | 000,001,056 | ---- | M] () -- C:\Users\Jenny\AppData\Roaming\Mozilla\Firefox\Profiles\v7ymtcva.default\searchplugins\icqplugin.xml
[2009/11/05 15:31:57 | 000,003,915 | ---- | M] () -- C:\Users\Jenny\AppData\Roaming\Mozilla\Firefox\Profiles\v7ymtcva.default\searchplugins\sweetim.xml
[2012/10/27 06:02:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/10/27 06:02:45 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
File not found (No name found) -- 
[2012/09/04 11:42:55 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\PROGRAMDATA\AVG SECURE SEARCH\12.2.5.32
() (No name found) -- C:\USERS\JENNY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V7YMTCVA.DEFAULT\EXTENSIONS\{DD05FD3D-18DF-4CE4-AE53-E795339C5F01}.XPI
[2012/10/27 06:02:52 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/02/02 14:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/06/22 23:34:12 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/09/04 11:42:56 | 000,003,769 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/09/08 15:14:27 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2009/10/07 08:09:39 | 000,001,779 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\clipfish.xml
[2009/10/07 08:09:40 | 000,001,013 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\conrad.xml
[2009/10/07 08:09:40 | 000,002,487 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\discount24.xml
[2012/06/22 23:34:12 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012/06/22 23:34:12 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2009/10/07 08:09:40 | 000,001,047 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\musicload.xml
[2009/10/07 08:09:40 | 000,002,120 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\myvideo.xml
[2009/10/07 08:09:40 | 000,002,023 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\otto.xml
[2009/10/07 08:09:40 | 000,000,758 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\quelle.xml
[2009/10/07 08:09:40 | 000,001,329 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\telefonbuch-de.xml
[2012/06/22 23:34:12 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/06/22 23:34:12 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
[2009/10/07 08:09:40 | 000,005,375 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yodl.xml
 
O1 HOSTS File: ([2006/09/18 16:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\12.2.5.32\AVG Secure Search_toolbar.dll ()
O2 - BHO: (StumbleUpon) - {DB616CFF-D989-48A8-9C85-E2A8D56AB2CA} - C:\Users\Jenny\AppData\LocalLow\StumbleUpon\IE\StumbleUpon.dll (StumbleUpon Inc.)
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O2 - BHO: (SweetIM Toolbar Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} -  File not found
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\12.2.5.32\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} -  File not found
O3 - HKU\Jenny_ON_C\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKU\Jenny_ON_C\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O3 - HKU\Jenny_ON_C\..\Toolbar\WebBrowser: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} -  File not found
O4 - HKLM..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe (Acer Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [EgisTecLiveUpdate] C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe (EgisTec Inc.)
O4 - HKLM..\Run: [FixCamera] C:\Windows\FixCamera.exe ()
O4 - HKLM..\Run: [HF_G_Jul] C:\Program Files\AVG Secure Search\HF_G_Jul.exe ()
O4 - HKLM..\Run: [iWareV3]  File not found
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [mwlDaemon] C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (EgisTec Inc.)
O4 - HKLM..\Run: [ROC_roc_dec12] C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe ()
O4 - HKLM..\Run: [ROC_ROC_JULY_P1] C:\Program Files\AVG Secure Search\ROC_ROC_JULY_P1.exe ()
O4 - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [snpstd3] C:\Windows\vsnpstd3.exe ()
O4 - HKLM..\Run: [tsnpstd3] C:\Windows\tsnpstd3.exe ()
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\Jenny_ON_C..\Run: [ProductReg] C:\Program Files\Acer\WR_PopUp\ProductReg.exe (Acer)
O4 - HKU\LocalService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\NetworkService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\postgres_ON_C..\Run: [ProductReg] C:\Program Files\Acer\WR_PopUp\ProductReg.exe (Acer)
O4 - HKU\postgres_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\postgres_ON_C..\RunOnce: [ScrSav]  File not found
O4 - HKU\postgres_ON_C..\RunOnce: [spchecker] C:\Program Files\AVG\AVG10\Notification\SPCheckerTE.exe ()
O4 - Startup: C:\Users\Jenny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk = C:\ProgramData\lsass.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Jenny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote Inhaltsverzeichnis.onetoc2 ()
O4 - Startup: C:\Users\Jenny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Orion.lnk =  File not found
O9 - Extra 'Tools' menuitem : &Gears-Einstellungen - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O13 - gopher Prefix: missing
O16 - DPF: {271A3CF5-5A54-447B-A08F-BE805F0DA60B} https://www.olb.de/olb_fb3_1867b/plugin/AXFOAM.CAB (B+S Banksysteme AG DDBAC Plug-In)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.6\ViProtocol.dll ()
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: 
O24 - Desktop BackupWallPaper: 
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{244db87b-779f-11de-b9a4-001f16961542}\Shell - "" = AutoRun
O33 - MountPoints2\{244db87b-779f-11de-b9a4-001f16961542}\Shell\AutoRun\command - "" = E:\USBAutoRun.exe
O33 - MountPoints2\{9666333e-97db-11df-9fb6-001f16961542}\Shell\AutoRun\command - "" = E:\installer.exe
O33 - MountPoints2\{9666333e-97db-11df-9fb6-001f16961542}\Shell\verb\command - "" = E:\installer.exe
O33 - MountPoints2\{e72fa858-88dc-11de-9332-001f16961542}\Shell - "" = AutoRun
O33 - MountPoints2\{e72fa858-88dc-11de-9332-001f16961542}\Shell\AutoRun\command - "" = F:\Autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/11/06 13:56:56 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\ProgramData\lsass.exe
[2012/10/27 06:02:44 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012/10/09 12:22:40 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2012/10/09 12:22:34 | 003,602,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2012/10/09 12:22:34 | 003,550,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2012/10/08 15:08:11 | 000,000,000 | ---D | C] -- C:\Users\Jenny\Desktop\vidhaar
[2010/08/25 12:59:08 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2009/07/23 13:54:08 | 000,155,648 | ---- | C] ( ) -- C:\Windows\System32\rsnpstd3.dll
[2009/07/23 13:54:08 | 000,057,344 | ---- | C] ( ) -- C:\Windows\System32\vsnpstd3.dll
[2009/07/23 13:54:08 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\csnpstd3.dll
[2009/07/23 13:54:08 | 000,053,248 | ---- | C] ( ) -- C:\Windows\csnpstd3.dll
[2009/05/19 05:10:14 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll
 
========== Files - Modified Within 30 Days ==========
 
[2012/11/06 15:30:43 | 3146,604,544 | -HS- | M] () -- C:\hiberfil.sys
[2012/11/06 15:30:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/11/06 15:27:29 | 083,023,306 | ---- | M] () -- C:\ProgramData\0tbpw.pad
[2012/11/06 15:26:56 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/11/06 15:26:56 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/11/06 15:26:51 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/11/06 14:46:25 | 000,671,196 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012/11/06 14:46:25 | 000,631,886 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/11/06 14:46:25 | 000,144,332 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012/11/06 14:46:25 | 000,118,512 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/11/06 14:28:24 | 000,007,052 | ---- | M] () -- C:\Users\Jenny\AppData\Local\d3d9caps.dat
[2012/11/06 13:56:58 | 000,000,760 | ---- | M] () -- C:\Users\Jenny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
[2012/11/06 13:56:56 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\ProgramData\lsass.exe
[2012/11/06 12:39:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/11/06 12:06:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/11/06 07:11:44 | 099,501,326 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2012/11/04 16:20:52 | 000,275,965 | ---- | M] () -- C:\Users\Jenny\Desktop\CIMG3178.JPG
[2012/11/04 16:02:39 | 000,185,856 | ---- | M] () -- C:\Users\Jenny\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/10/30 16:25:15 | 000,033,449 | ---- | M] () -- C:\Users\Jenny\Desktop\46546_300336726738544_2097091329_n.jpg
[2012/10/28 11:23:44 | 000,334,268 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm
[2012/10/28 10:07:13 | 000,038,298 | ---- | M] () -- C:\Users\Jenny\Desktop\224585_290273631078187_1216868661_n.jpg
[2012/10/27 09:08:34 | 000,076,502 | ---- | M] () -- C:\Users\Jenny\Desktop\unserbaby.jpg
[2012/10/24 15:12:47 | 000,208,047 | ---- | M] () -- C:\Users\Jenny\Desktop\lippis.jpg
[2012/10/24 15:11:00 | 000,032,269 | ---- | M] () -- C:\Users\Jenny\Desktop\icheut.jpg
[2012/10/21 03:33:49 | 000,024,798 | ---- | M] () -- C:\Users\Jenny\Desktop\haarprof.jpg
[2012/10/21 03:32:05 | 000,029,488 | ---- | M] () -- C:\Users\Jenny\Desktop\haare.jpg
[2012/10/21 03:25:41 | 000,012,006 | ---- | M] () -- C:\Users\Jenny\Desktop\ichsch.jpg
[2012/10/21 03:22:02 | 000,063,814 | ---- | M] () -- C:\Users\Jenny\Desktop\naddiundich.jpg
[2012/10/12 14:47:33 | 000,032,482 | ---- | M] () -- C:\Users\Jenny\Desktop\part.jpg
[2012/10/12 14:46:52 | 000,010,139 | ---- | M] () -- C:\Users\Jenny\Desktop\partamu.jpg
[2012/10/11 10:10:54 | 000,001,975 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/10/10 12:44:58 | 000,019,052 | ---- | M] () -- C:\Users\Jenny\Desktop\desktop.jpg
[2012/10/10 05:24:11 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works
[2012/10/09 07:12:26 | 000,480,650 | ---- | M] () -- C:\Users\Jenny\Desktop\2012-10-09 11.35.47.jpg
[2012/10/08 16:39:13 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/10/08 16:39:13 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/10/08 14:59:15 | 000,023,704 | ---- | M] () -- C:\Users\Jenny\Desktop\haarneu.jpg
[2012/10/08 14:58:50 | 000,041,309 | ---- | M] () -- C:\Users\Jenny\Desktop\neuhaar.jpg
 
========== Files Created - No Company Name ==========
 
[2012/11/06 15:30:43 | 3146,604,544 | -HS- | C] () -- C:\hiberfil.sys
[2012/11/06 13:56:58 | 000,000,760 | ---- | C] () -- C:\Users\Jenny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
[2012/11/06 13:56:56 | 083,023,306 | ---- | C] () -- C:\ProgramData\0tbpw.pad
[2012/11/04 16:19:11 | 000,275,965 | ---- | C] () -- C:\Users\Jenny\Desktop\CIMG3178.JPG
[2012/10/30 16:25:12 | 000,033,449 | ---- | C] () -- C:\Users\Jenny\Desktop\46546_300336726738544_2097091329_n.jpg
[2012/10/27 09:08:34 | 000,076,502 | ---- | C] () -- C:\Users\Jenny\Desktop\unserbaby.jpg
[2012/10/24 15:12:25 | 000,208,047 | ---- | C] () -- C:\Users\Jenny\Desktop\lippis.jpg
[2012/10/24 15:09:51 | 000,032,269 | ---- | C] () -- C:\Users\Jenny\Desktop\icheut.jpg
[2012/10/21 03:32:56 | 000,024,798 | ---- | C] () -- C:\Users\Jenny\Desktop\haarprof.jpg
[2012/10/21 03:25:40 | 000,012,006 | ---- | C] () -- C:\Users\Jenny\Desktop\ichsch.jpg
[2012/10/21 03:18:53 | 000,063,814 | ---- | C] () -- C:\Users\Jenny\Desktop\naddiundich.jpg
[2012/10/12 14:46:52 | 000,010,139 | ---- | C] () -- C:\Users\Jenny\Desktop\partamu.jpg
[2012/10/12 14:46:29 | 000,032,482 | ---- | C] () -- C:\Users\Jenny\Desktop\part.jpg
[2012/10/10 12:44:58 | 000,019,052 | ---- | C] () -- C:\Users\Jenny\Desktop\desktop.jpg
[2012/10/09 07:11:53 | 000,480,650 | ---- | C] () -- C:\Users\Jenny\Desktop\2012-10-09 11.35.47.jpg
[2012/10/08 15:02:43 | 000,029,488 | ---- | C] () -- C:\Users\Jenny\Desktop\haare.jpg
[2012/10/08 14:58:08 | 000,023,704 | ---- | C] () -- C:\Users\Jenny\Desktop\haarneu.jpg
[2012/10/08 14:57:54 | 000,041,309 | ---- | C] () -- C:\Users\Jenny\Desktop\neuhaar.jpg
[2012/05/23 16:38:02 | 000,005,804 | ---- | C] () -- C:\Users\Jenny\AppData\Local\recently-used.xbel
[2012/05/15 11:10:56 | 000,650,752 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2012/05/15 11:10:56 | 000,243,200 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2012/05/15 11:10:56 | 000,175,616 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2012/05/15 11:10:53 | 000,079,360 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2011/02/20 10:31:22 | 003,213,824 | ---- | C] () -- C:\Program Files\Common FilesDDBACSetup.msi
[2010/11/11 12:07:06 | 000,000,036 | ---- | C] () -- C:\Windows\IPokerscope.ini
[2010/08/25 13:30:02 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2010/08/25 13:30:00 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2010/08/25 13:30:00 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2010/08/25 12:57:00 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2010/08/25 12:52:00 | 000,208,896 | ---- | C] () -- C:\Windows\System32\iglhsip32.dll
[2010/08/25 12:52:00 | 000,143,360 | ---- | C] () -- C:\Windows\System32\iglhcp32.dll
[2010/03/26 06:19:57 | 000,000,000 | ---- | C] () -- C:\Windows\HMHud.INI
[2010/01/07 14:46:30 | 000,386,101 | ---- | C] () -- C:\Users\Jenny\AppData\Roaming\mdbu.bin
[2009/12/14 16:01:54 | 000,000,552 | ---- | C] () -- C:\Users\Jenny\AppData\Local\d3d8caps.dat
[2009/10/20 16:24:42 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/10/20 16:24:42 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/10/08 13:21:02 | 000,053,248 | ---- | C] () -- C:\Windows\System32\CommonDL.dll
[2009/10/08 13:21:02 | 000,002,412 | ---- | C] () -- C:\Windows\System32\lgAxconfig.ini
[2009/10/08 12:41:52 | 000,007,052 | ---- | C] () -- C:\Users\Jenny\AppData\Local\d3d9caps.dat
[2009/09/16 07:10:54 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/08/11 13:13:37 | 000,221,291 | ---- | C] () -- C:\Windows\Imei_dll.dll
[2009/08/11 13:13:37 | 000,040,960 | ---- | C] () -- C:\Windows\Sublock.dll
[2009/07/23 13:54:10 | 000,020,480 | ---- | C] () -- C:\Windows\FixCamera.exe
[2009/07/23 13:54:09 | 000,835,584 | ---- | C] () -- C:\Windows\vsnpstd3.exe
[2009/07/23 13:54:09 | 000,270,336 | ---- | C] () -- C:\Windows\tsnpstd3.exe
[2009/07/23 13:54:08 | 000,015,498 | ---- | C] () -- C:\Windows\snpstd3.ini
[2009/07/23 09:30:18 | 000,185,856 | ---- | C] () -- C:\Users\Jenny\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/05/19 05:03:52 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1624.dll
[2009/05/19 05:03:52 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll
[2009/05/19 05:03:51 | 000,147,172 | ---- | C] () -- C:\Windows\System32\igfcg550.bin
[2009/05/18 20:30:21 | 000,000,033 | ---- | C] () -- C:\Windows\LaunApp.ini
[2009/05/18 20:21:20 | 000,090,772 | ---- | C] () -- C:\Windows\System32\drivers\RtConvEQ.DAT
[2009/05/18 20:21:20 | 000,000,536 | ---- | C] () -- C:\Windows\System32\drivers\RtHdatEx.dat
[2009/05/18 20:21:20 | 000,000,008 | ---- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat
[2009/03/12 05:47:51 | 000,671,196 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2009/03/12 05:47:51 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2009/03/12 05:47:51 | 000,144,332 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2009/03/12 05:47:51 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2009/03/12 05:32:52 | 000,000,028 | ---- | C] () -- C:\Windows\WisLangCode.ini
[2009/03/11 21:09:35 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/02/11 15:03:58 | 000,872,448 | ---- | C] () -- C:\Windows\iconv.dll
[2009/02/11 15:03:58 | 000,743,424 | ---- | C] () -- C:\Windows\libxml2.dll
[2009/02/11 15:03:57 | 000,000,060 | ---- | C] () -- C:\Windows\Prelaunch.ini
[2007/10/26 08:28:18 | 000,197,408 | ---- | C] () -- C:\Windows\System32\vpnapi.dll
[2007/01/25 18:04:12 | 000,138,752 | ---- | C] () -- C:\Windows\System32\mase32.dll
[2007/01/25 18:04:12 | 000,027,648 | ---- | C] () -- C:\Windows\System32\ma32.dll
[2006/11/02 07:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:47:37 | 000,337,320 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:33:01 | 000,631,886 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 05:33:01 | 000,118,512 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
 
========== LOP Check ==========
 
[2009/03/11 22:07:02 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\Acer GameZone Console
[2009/08/14 09:54:46 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\Atari
[2010/11/25 07:54:51 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\AVG10
[2012/05/13 14:00:44 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\avidemux
[2011/07/17 13:53:48 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\Broken Sword 2.5
[2009/08/14 09:48:27 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\DAEMON Tools Lite
[2011/02/20 10:42:06 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\DataDesign
[2011/03/26 04:15:07 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\DiskAid
[2010/08/19 09:16:41 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\EA
[2009/07/23 09:40:10 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\eSobi
[2010/06/21 15:05:32 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\Facebook
[2010/09/11 14:47:41 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\Friday's games
[2011/07/28 06:29:40 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\HEM Data
[2011/10/29 06:29:20 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\HoldemManager
[2012/08/17 06:03:17 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\ICQ
[2012/05/23 15:34:56 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\IrfanView
[2010/08/23 11:24:07 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\iWin
[2009/08/14 09:52:14 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\Leadertech
[2010/07/19 13:22:07 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\LG Electronics
[2010/07/19 13:20:32 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\LGSync
[2010/04/14 14:56:11 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\McLoad
[2012/07/28 05:38:37 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\PacificPoker
[2009/07/25 06:30:43 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\PlayFirst
[2011/09/28 01:46:36 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\postgresql
[2011/09/19 06:38:48 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\PVProfit
[2009/08/26 06:20:08 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\QIP
[2011/02/10 06:06:47 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\Roaming
[2011/07/27 14:07:52 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\temp
[2010/05/28 06:07:01 | 000,000,000 | ---D | M] -- C:\ProgramData\AirportMania
[2009/07/23 16:10:31 | 000,000,000 | -HSD | M] -- C:\ProgramData\Anwendungsdaten
[2012/09/04 11:42:55 | 000,000,000 | ---D | M] -- C:\ProgramData\AVG Secure Search
[2011/06/05 16:14:26 | 000,000,000 | ---D | M] -- C:\ProgramData\AVG Security Toolbar
[2010/11/25 07:54:38 | 000,000,000 | ---D | M] -- C:\ProgramData\AVG10
[2011/04/16 12:18:29 | 000,000,000 | ---D | M] -- C:\ProgramData\Boss Media
[2010/11/25 07:54:15 | 000,000,000 | -H-D | M] -- C:\ProgramData\Common Files
[2009/08/14 09:43:08 | 000,000,000 | ---D | M] -- C:\ProgramData\DAEMON Tools Lite
[2009/07/23 16:10:31 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
[2009/07/23 16:10:31 | 000,000,000 | -HSD | M] -- C:\ProgramData\Dokumente
[2009/07/23 16:12:32 | 000,000,000 | ---D | M] -- C:\ProgramData\EgisTec
[2009/05/18 20:29:15 | 000,000,000 | ---D | M] -- C:\ProgramData\eSobi
[2009/07/23 16:10:31 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favoriten
[2010/10/11 12:41:12 | 000,000,000 | ---D | M] -- C:\ProgramData\ICQ
[2009/10/08 14:01:57 | 000,000,000 | ---D | M] -- C:\ProgramData\LGMOBILEAX
[2010/01/07 14:44:43 | 000,000,000 | ---D | M] -- C:\ProgramData\Lidl_Fotos
[2011/06/01 13:06:12 | 000,000,000 | ---D | M] -- C:\ProgramData\MFAData
[2009/07/23 14:54:52 | 000,000,000 | ---D | M] -- C:\ProgramData\Oberon Games
[2009/07/23 16:11:37 | 000,000,000 | ---D | M] -- C:\ProgramData\Partner
[2012/05/13 15:28:36 | 000,000,000 | ---D | M] -- C:\ProgramData\Pinnacle
[2012/05/13 15:36:19 | 000,000,000 | ---D | M] -- C:\ProgramData\Pinnacle VideoSpin
[2009/07/25 06:30:43 | 000,000,000 | ---D | M] -- C:\ProgramData\PlayFirst
[2012/09/22 14:19:22 | 000,000,000 | ---D | M] -- C:\ProgramData\regid.1995-09.com.example
[2009/07/23 16:10:31 | 000,000,000 | -HSD | M] -- C:\ProgramData\Startmenü
[2012/09/12 13:32:30 | 000,000,000 | ---D | M] -- C:\ProgramData\TechSmith
[2011/07/20 14:04:50 | 000,000,000 | ---D | M] -- C:\ProgramData\Temp
[2009/07/23 16:10:31 | 000,000,000 | -HSD | M] -- C:\ProgramData\Vorlagen
[2010/04/05 14:26:25 | 000,000,000 | ---D | M] -- C:\ProgramData\XHEO INC
[2010/12/19 10:28:14 | 000,000,000 | ---D | M] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2012/11/06 15:28:12 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2010/11/25 07:47:18 | 000,000,000 | -H-D | M] -- C:\$AVG
[2009/07/23 16:12:03 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN
[2009/07/23 16:11:37 | 000,000,000 | ---D | M] -- C:\Acer
[2009/05/19 05:10:17 | 000,000,000 | ---D | M] -- C:\Book
[2010/10/23 14:43:48 | 000,000,000 | -HSD | M] -- C:\Boot
[2009/07/23 16:10:31 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2009/07/23 16:13:03 | 000,000,000 | ---D | M] -- C:\Elements
[2011/10/29 06:29:18 | 000,000,000 | ---D | M] -- C:\HM2Archive
[2012/05/18 10:37:12 | 000,000,000 | ---D | M] -- C:\HMArchive
[2009/02/11 15:12:45 | 000,000,000 | ---D | M] -- C:\Intel
[2009/10/08 13:22:18 | 000,000,000 | ---D | M] -- C:\KM900
[2009/03/11 22:11:16 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2009/07/23 10:43:44 | 000,000,000 | -H-D | M] -- C:\MyWinLockerData
[2008/01/20 21:32:31 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2012/07/30 08:09:25 | 000,000,000 | ---D | M] -- C:\Poker
[2012/11/06 15:27:14 | 000,000,000 | R--D | M] -- C:\Program Files
[2012/11/06 13:56:56 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2009/07/23 16:10:31 | 000,000,000 | -HSD | M] -- C:\Programme
[2009/08/24 13:16:12 | 000,000,000 | ---D | M] -- C:\Sounds
[2012/11/06 11:28:01 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2009/08/11 13:30:12 | 000,000,000 | ---D | M] -- C:\Temp
[2010/03/26 05:58:53 | 000,000,000 | R--D | M] -- C:\Users
[2012/11/06 14:11:43 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
Invalid Environment Variable: %LOCALAPPDATA%\*.exe
 
< %systemroot%\*. /mp /s >
 
 
< MD5 for: AGP440.SYS  >
[2008/01/20 21:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008/01/20 21:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008/01/20 21:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008/01/20 21:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008/01/20 21:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006/11/02 04:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009/04/11 01:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009/04/11 01:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009/04/11 01:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/01/20 21:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/20 21:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 04:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006/11/02 04:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006/11/02 04:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: EXPLORER.EXE  >
[2009/05/19 05:06:46 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2009/05/19 05:06:45 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2009/05/19 05:06:45 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2009/05/19 05:06:46 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008/01/20 21:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe
 
< MD5 for: IASTOR.SYS  >
[2009/02/12 11:26:18 | 000,407,576 | ---- | M] (Intel Corporation) MD5=1ADAA4F16073FD0C7270F451FD024E97 -- C:\Acer\Preload\Autorun\DRV\AHCI\X64\IaStor.sys
[2009/02/12 11:11:50 | 000,329,752 | ---- | M] (Intel Corporation) MD5=71ECC07BC7C5E24C3DD01D8A29A24054 -- C:\Acer\Preload\Autorun\DRV\AHCI\X86\IaStor.sys
[2009/02/12 11:11:50 | 000,329,752 | ---- | M] (Intel Corporation) MD5=71ECC07BC7C5E24C3DD01D8A29A24054 -- C:\Windows\System32\drivers\iaStor.sys
[2009/02/12 11:11:50 | 000,329,752 | ---- | M] (Intel Corporation) MD5=71ECC07BC7C5E24C3DD01D8A29A24054 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_ea118ff5\iaStor.sys
[2009/02/12 11:11:50 | 000,329,752 | ---- | M] (Intel Corporation) MD5=71ECC07BC7C5E24C3DD01D8A29A24054 -- C:\Windows\System32\DriverStore\FileRepository\iastor.inf_c491546e\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2008/01/20 21:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008/01/20 21:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008/01/20 21:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006/11/02 04:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009/04/11 01:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009/04/11 01:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008/01/20 21:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006/11/02 04:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/20 21:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008/01/20 21:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008/01/20 21:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008/01/20 21:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009/04/11 01:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009/04/11 01:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009/04/11 01:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\System32\user32.dll
[2009/04/11 01:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
[2008/01/20 21:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008/01/20 21:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008/01/20 21:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009/04/11 01:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009/04/11 01:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008/01/20 21:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2008/01/20 21:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008/01/20 21:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2008/01/20 22:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008/01/20 22:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008/01/20 22:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 05:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 05:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\system32\*.dll /lockedfiles >
[2009/04/11 01:28:19 | 000,142,336 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\fontext.dll
[2012/08/25 06:44:11 | 011,111,424 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\ieframe.dll
[2012/08/25 06:44:12 | 002,000,384 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\iertutil.dll
[2012/06/08 12:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\shell32.dll
 
Invalid Environment Variable: %USERPROFILE%\*.*
 
Invalid Environment Variable: %USERPROFILE%\Local Settings\Temp\*.exe
 
Invalid Environment Variable: %USERPROFILE%\Local Settings\Temp\*.dll
 
Invalid Environment Variable: %USERPROFILE%\Application Data\*.exe
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 99 bytes -> C:\ProgramData\Temp:B203B914
@Alternate Data Stream - 64 bytes -> C:\Users\Jenny\Desktop\Volkume_-_Lets_have_a_Party_www.rappers.in.mp3:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Jenny\Desktop\FILE0028.MOV:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Jenny\Desktop\CrepZ_-_Spacy_www.rappers.in.mp3:TOC.WMV
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:E1982A23
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:814B9485
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:3B3A35EC
@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:CDFF58FE
@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:ADE16379
@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:ABE89FFE
@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:798A3728
@Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:4F636E25
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:35759C73
@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:DCAF903C
@Alternate Data Stream - 117 bytes -> C:\ProgramData\Temp:41099CE9
@Alternate Data Stream - 115 bytes -> C:\ProgramData\Temp:B623B5B8
@Alternate Data Stream - 113 bytes -> C:\ProgramData\Temp:9E22BBE8
@Alternate Data Stream - 110 bytes -> C:\ProgramData\Temp:8750DCE4
@Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:BB24555F
@Alternate Data Stream - 105 bytes -> C:\ProgramData\Temp:131C0EE9
< End of report >
         
Kann mir jemand helfen?

Vielen Dank und beste Grüße

Alt 07.11.2012, 04:54   #2
t'john
/// Helfer-Team
 
GVU Trojaner Windows Vista - abgesicherter Modus funktioniert nicht! Winunlocker schlägt fehl! - Standard

GVU Trojaner Windows Vista - abgesicherter Modus funktioniert nicht! Winunlocker schlägt fehl!





Fixen mit OTLpe


  • Starte den unbootbaren Computer erneut mit der OTLPE-CD,
  • warte bis der Reatogo-X-Pe-Desktop erscheint und doppelklicke das OTLPE-Icon.



  • Kopiere folgendes Skript in das Textfeld unterhalb von Custom Scans/Fixes:
  • Sollte das mangels Internet-Verbindung nicht möglich sein,
  • kopiere den Text aus der folgenden Code-Box und speichere ihn als Fix.txt auf einen USB-Stick.
  • Schließe den USB-Stick an den Computer an und öffne Fix.txt mit dem Explorer auf dem Reatogo-Desktop.
  • Kopiere den Inhalt von Fix.txt in das Textfeld unterhalb von Custom Scans/Fixes:


Code:
ATTFilter
:OTL
O4 - HKLM..\Run: [FixCamera] C:\Windows\FixCamera.exe () 
O4 - HKLM..\Run: [iWareV3] File not found 
O4 - HKU\postgres_ON_C..\RunOnce: [ScrSav] File not found 
O4 - Startup: C:\Users\Jenny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk = C:\ProgramData\lsass.exe (Microsoft Corporation) 
O4 - Startup: C:\Users\Jenny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Orion.lnk = File not found 
[2012/11/06 13:56:58 | 000,000,760 | ---- | M] () -- C:\Users\Jenny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk 
@Alternate Data Stream - 99 bytes -> C:\ProgramData\Temp:B203B914 
@Alternate Data Stream - 64 bytes -> C:\Users\Jenny\Desktop\Volkume_-_Lets_have_a_Party_www.rappers.in.mp3:TOC.WMV 
@Alternate Data Stream - 64 bytes -> C:\Users\Jenny\Desktop\FILE0028.MOV:TOC.WMV 
@Alternate Data Stream - 64 bytes -> C:\Users\Jenny\Desktop\CrepZ_-_Spacy_www.rappers.in.mp3:TOC.WMV 
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:E1982A23 
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:814B9485 
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:3B3A35EC 
@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:CDFF58FE 
@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:ADE16379 
@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:ABE89FFE 
@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:798A3728 
@Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:4F636E25 
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:35759C73 
@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:DCAF903C 
@Alternate Data Stream - 117 bytes -> C:\ProgramData\Temp:41099CE9 
@Alternate Data Stream - 115 bytes -> C:\ProgramData\Temp:B623B5B8 
@Alternate Data Stream - 113 bytes -> C:\ProgramData\Temp:9E22BBE8 
@Alternate Data Stream - 110 bytes -> C:\ProgramData\Temp:8750DCE4 
@Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:BB24555F 
@Alternate Data Stream - 105 bytes -> C:\ProgramData\Temp:131C0EE9 
[2012/11/06 15:27:29 | 083,023,306 | ---- | M] () -- C:\ProgramData\0tbpw.pad 
[2012/11/06 13:56:56 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\ProgramData\lsass.exe 
 
:Files
C:\ProgramData\*.exe
C:\ProgramData\TEMP
C:\Users\Jenny\*.tmp
C:\Users\Jenny\AppData\Local\{*}
C:\Users\Jenny\AppData\Local\Temp\*.exe
C:\Users\Jenny\AppData\LocalLow\Sun\Java\Deployment\cache
%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
ipconfig /flushdns /c
:Commands
[emptytemp]
         

  • Schließe alle Programme.
  • Klicke auf den Fix Button.
  • Klick auf .
  • Kopiere den Inhalt hier in Code-Tags in Deinen Thread.
    Nachträglich kannst Du das Logfile hier einsehen => C:\OTLpe\MovedFiles\<datum_nummer.log>
  • Teste, ob den Computer nun wieder in den normalen Windows-Modus booten kannst und berichte.
__________________

__________________

Alt 07.11.2012, 10:18   #3
Tito85
 
GVU Trojaner Windows Vista - abgesicherter Modus funktioniert nicht! Winunlocker schlägt fehl! - Standard

GVU Trojaner Windows Vista - abgesicherter Modus funktioniert nicht! Winunlocker schlägt fehl!



Es hat geklappt! Vielen Dank!!

Code:
ATTFilter
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\FixCamera deleted successfully.
C:\Windows\FixCamera.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\iWareV3 deleted successfully.
Registry value HKEY_USERS\postgres_ON_C\Software\Microsoft\Windows\CurrentVersion\RunOnce\\ScrSav deleted successfully.
C:\Users\Jenny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk moved successfully.
C:\ProgramData\lsass.exe moved successfully.
C:\Users\Jenny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Orion.lnk moved successfully.
File C:\Users\Jenny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk not found.
ADS C:\ProgramData\Temp:B203B914 deleted successfully.
ADS C:\Users\Jenny\Desktop\Volkume_-_Lets_have_a_Party_www.rappers.in.mp3:TOC.WMV deleted successfully.
ADS C:\Users\Jenny\Desktop\FILE0028.MOV:TOC.WMV deleted successfully.
ADS C:\Users\Jenny\Desktop\CrepZ_-_Spacy_www.rappers.in.mp3:TOC.WMV deleted successfully.
ADS C:\ProgramData\Temp:E1982A23 deleted successfully.
ADS C:\ProgramData\Temp:814B9485 deleted successfully.
ADS C:\ProgramData\Temp:3B3A35EC deleted successfully.
ADS C:\ProgramData\Temp:CDFF58FE deleted successfully.
ADS C:\ProgramData\Temp:ADE16379 deleted successfully.
ADS C:\ProgramData\Temp:ABE89FFE deleted successfully.
ADS C:\ProgramData\Temp:798A3728 deleted successfully.
ADS C:\ProgramData\Temp:4F636E25 deleted successfully.
ADS C:\ProgramData\Temp:35759C73 deleted successfully.
ADS C:\ProgramData\Temp:DCAF903C deleted successfully.
ADS C:\ProgramData\Temp:41099CE9 deleted successfully.
ADS C:\ProgramData\Temp:B623B5B8 deleted successfully.
ADS C:\ProgramData\Temp:9E22BBE8 deleted successfully.
ADS C:\ProgramData\Temp:8750DCE4 deleted successfully.
ADS C:\ProgramData\Temp:BB24555F deleted successfully.
ADS C:\ProgramData\Temp:131C0EE9 deleted successfully.
C:\ProgramData\0tbpw.pad moved successfully.
File C:\ProgramData\lsass.exe not found.
========== FILES ==========
File\Folder C:\ProgramData\*.exe not found.
C:\ProgramData\Temp\{5DB1DF0C-AABC-4362-8A6D-CEFDFB036E41} folder moved successfully.
C:\ProgramData\Temp\{2637C347-9DAD-11D6-9EA2-00055D0CA761} folder moved successfully.
C:\ProgramData\Temp folder moved successfully.
File\Folder C:\Users\Jenny\*.tmp not found.
File\Folder C:\Users\Jenny\AppData\Local\{*} not found.
C:\Users\Jenny\AppData\Local\Temp\AutoRun.exe moved successfully.
C:\Users\Jenny\AppData\Local\Temp\DelayInst.exe moved successfully.
C:\Users\Jenny\AppData\Local\Temp\DivXSetup.exe moved successfully.
C:\Users\Jenny\AppData\Local\Temp\FlashPlayerUpdate.exe moved successfully.
C:\Users\Jenny\AppData\Local\Temp\FlashPlayerUpdate01.exe moved successfully.
C:\Users\Jenny\AppData\Local\Temp\FlashPlayerUpdate02.exe moved successfully.
C:\Users\Jenny\AppData\Local\Temp\GoogleUpdate.exed157e3 moved successfully.
C:\Users\Jenny\AppData\Local\Temp\GoogleUpdate.exe5b059d moved successfully.
C:\Users\Jenny\AppData\Local\Temp\installservice.exe moved successfully.
C:\Users\Jenny\AppData\Local\Temp\instmsi.exe moved successfully.
C:\Users\Jenny\AppData\Local\Temp\instmsiw.exe moved successfully.
C:\Users\Jenny\AppData\Local\Temp\jre-6u19-windows-i586-iftw-rv.exe moved successfully.
C:\Users\Jenny\AppData\Local\Temp\jre-6u20-windows-i586-iftw-rv.exe moved successfully.
C:\Users\Jenny\AppData\Local\Temp\jre-6u24-windows-i586-iftw-rv.exe moved successfully.
C:\Users\Jenny\AppData\Local\Temp\msgCB9A.exe moved successfully.
C:\Users\Jenny\AppData\Local\Temp\RtkBtMnt.exe moved successfully.
C:\Users\Jenny\AppData\Local\Temp\setup.exe moved successfully.
C:\Users\Jenny\AppData\Local\Temp\SkypeSetup.exe moved successfully.
C:\Users\Jenny\AppData\Local\Temp\VP6Install.exe moved successfully.
C:\Users\Jenny\AppData\Local\Temp\vpnclient_setup.exe moved successfully.
C:\Users\Jenny\AppData\Local\Temp\war3_Install.exe moved successfully.
C:\Users\Jenny\AppData\Local\Temp\wlsetup-cvr.exe moved successfully.
C:\Users\Jenny\AppData\Local\Temp\ytb.exe moved successfully.
C:\Users\Jenny\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\tmp folder moved successfully.
C:\Users\Jenny\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\muffin folder moved successfully.
C:\Users\Jenny\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\host folder moved successfully.
C:\Users\Jenny\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9 folder moved successfully.
C:\Users\Jenny\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8 folder moved successfully.
C:\Users\Jenny\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7 folder moved successfully.
C:\Users\Jenny\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63 folder moved successfully.
C:\Users\Jenny\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62\6baea4fe-15045b4f-n folder moved successfully.
C:\Users\Jenny\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62 folder moved successfully.
C:\Users\Jenny\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61 folder moved successfully.
C:\Users\Jenny\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60 folder moved successfully.
C:\Users\Jenny\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6 folder moved successfully.
C:\Users\Jenny\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59 folder moved successfully.
C:\Users\Jenny\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58 folder moved successfully.
C:\Users\Jenny\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57 folder moved successfully.
C:\Users\Jenny\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56 folder moved successfully.
C:\Users\Jenny\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55 folder moved successfully.
C:\Users\Jenny\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54\1a209876-3bf29ac8-n folder moved successfully.
C:\Users\Jenny\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54 folder moved successfully.
C:\Users\Jenny\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53 folder moved successfully.
C:\Users\Jenny\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52 folder moved successfully.
C:\Users\Jenny\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51 folder moved successfully.
C:\Users\Jenny\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50 folder moved successfully.
C:\Users\Jenny\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5 folder moved successfully.
C:\Users\Jenny\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49 folder moved successfully.
C:\Users\Jenny\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48 folder moved successfully.
C:\Users\Jenny\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47 folder moved successfully.
C:\Users\Jenny\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46\759e98ee-704cabf4-n folder moved successfully.
C:\Users\Jenny\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46 folder moved successfully.
C:\Users\Jenny\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45\4f710eed-68d100da-n folder moved successfully.
C:\Users\Jenny\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45 folder moved successfully.
C:\Users\Jenny\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44 folder moved successfully.
C:\Users\Jenny\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43 folder moved successfully.
C:\Users\Jenny\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42 folder moved successfully.
C:\Users\Jenny\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41 folder moved successfully.
C:\Users\Jenny\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40 folder moved successfully.
C:\Users\Jenny\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4 folder moved successfully.
C:\Users\Jenny\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39 folder moved successfully.
C:\Users\Jenny\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38 folder moved successfully.
C:\Users\Jenny\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37 folder moved successfully.
C:\Users\Jenny\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36 folder moved successfully.
C:\Users\Jenny\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35 folder moved successfully.
C:\Users\Jenny\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34 folder moved successfully.
C:\Users\Jenny\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33 folder moved successfully.
C:\Users\Jenny\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32 folder moved successfully.
C:\Users\Jenny\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31 folder moved successfully.
C:\Users\Jenny\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30 folder moved successfully.
C:\Users\Jenny\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3 folder moved successfully.
C:\Users\Jenny\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29 folder moved successfully.
C:\Users\Jenny\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28 folder moved successfully.
C:\Users\Jenny\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27 folder moved successfully.
C:\Users\Jenny\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26 folder moved successfully.
C:\Users\Jenny\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25 folder moved successfully.
C:\Users\Jenny\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24 folder moved successfully.
C:\Users\Jenny\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23 folder moved successfully.
C:\Users\Jenny\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22 folder moved successfully.
C:\Users\Jenny\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21 folder moved successfully.
C:\Users\Jenny\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20 folder moved successfully.
C:\Users\Jenny\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2 folder moved successfully.
C:\Users\Jenny\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19 folder moved successfully.
C:\Users\Jenny\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18 folder moved successfully.
C:\Users\Jenny\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\6d0ad391-50014e02-n folder moved successfully.
C:\Users\Jenny\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17 folder moved successfully.
C:\Users\Jenny\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16 folder moved successfully.
C:\Users\Jenny\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15 folder moved successfully.
C:\Users\Jenny\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14 folder moved successfully.
C:\Users\Jenny\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13 folder moved successfully.
C:\Users\Jenny\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12 folder moved successfully.
C:\Users\Jenny\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11 folder moved successfully.
C:\Users\Jenny\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10 folder moved successfully.
C:\Users\Jenny\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1 folder moved successfully.
C:\Users\Jenny\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0 folder moved successfully.
C:\Users\Jenny\AppData\LocalLow\Sun\Java\Deployment\cache\6.0 folder moved successfully.
C:\Users\Jenny\AppData\LocalLow\Sun\Java\Deployment\cache folder moved successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
An internal error occurred: The system cannot find the file specified.
 
Please contact Microsoft Product Support Services for further help.
Additional information: Unable to open registry key for tcpip.
C:\cmd.bat deleted successfully.
C:\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 75 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Jenny
->Temp folder emptied: 2002 bytes
->Temporary Internet Files folder emptied: 56675047 bytes
->FireFox cache emptied: 780681799 bytes
->Google Chrome cache emptied: 97519523 bytes
->Flash cache emptied: 15879120 bytes
 
User: postgres
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 75 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 370562726 bytes
 
Total Files Cleaned = 1,260.00 mb
 
 
OTLPE by OldTimer - Version 3.1.48.0 log created on 11072012_105526
         
__________________

Alt 08.11.2012, 08:16   #4
t'john
/// Helfer-Team
 
GVU Trojaner Windows Vista - abgesicherter Modus funktioniert nicht! Winunlocker schlägt fehl! - Standard

GVU Trojaner Windows Vista - abgesicherter Modus funktioniert nicht! Winunlocker schlägt fehl!



Sehr gut!

Wie laeuft der Rechner?

1. Schritt
Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Malwarebytes Anti-Malware
- Anwendbar auf Windows 2000, XP, Vista und 7.
- Installiere das Programm in den vorgegebenen Pfad.
- Aktualisiere die Datenbank!
- Aktiviere "Komplett Scan durchführen" => Scan.
- Wähle alle verfügbaren Laufwerke (ausser CD/DVD) aus und starte den Scan.
- Funde bitte löschen lassen oder in Quarantäne.
- Wenn der Scan beendet ist, klicke auf "Zeige Resultate".
danach:

2. Schritt

Downloade Dir bitte AdwCleaner auf deinen Desktop.

  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Search.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.
__________________
Mfg, t'john
Das TB unterstützen

Alt 23.02.2013, 15:15   #5
t'john
/// Helfer-Team
 
GVU Trojaner Windows Vista - abgesicherter Modus funktioniert nicht! Winunlocker schlägt fehl! - Standard

GVU Trojaner Windows Vista - abgesicherter Modus funktioniert nicht! Winunlocker schlägt fehl!



Fehlende Rückmeldung

Gibt es Probleme beim Abarbeiten obiger Anleitung?

Um Kapazitäten für andere Hilfesuchende freizumachen, lösche ich dieses Thema aus meinen Benachrichtigungen.

Solltest Du weitermachen wollen, schreibe mir eine PN oder eröffne ein neues Thema.
http://www.trojaner-board.de/69886-a...-beachten.html


Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner sauber ist.

__________________
Mfg, t'john
Das TB unterstützen

Antwort

Themen zu GVU Trojaner Windows Vista - abgesicherter Modus funktioniert nicht! Winunlocker schlägt fehl!
autorun, avg, avg secure search, avg security toolbar, bho, cid, defender, desktop, error, firefox, format, google, helper, home, logfile, mozilla, mywinlocker, popup, port, realtek, registry, rundll, scan, secure search, security, software, trojaner, vista, vtoolbarupdater, windows



Ähnliche Themen: GVU Trojaner Windows Vista - abgesicherter Modus funktioniert nicht! Winunlocker schlägt fehl!


  1. GVU Trojaner Windows 7 64bit, abgesicherter Modus funktioniert nicht
    Plagegeister aller Art und deren Bekämpfung - 05.07.2014 (8)
  2. Windows XP - GVU-Trojaner abgesicherter Modus funktioniert nicht
    Plagegeister aller Art und deren Bekämpfung - 21.05.2014 (15)
  3. Windows 7 / Sperrbildschirm / Abgesicherter Modus funktioniert nicht
    Plagegeister aller Art und deren Bekämpfung - 17.03.2014 (5)
  4. Windows Vista: GVU-Trojaner + abgesicherter Modus funktioniert nicht
    Log-Analyse und Auswertung - 15.03.2014 (5)
  5. GVU Trojaner - Windows XP - Abgesicherter Modus funktioniert nicht :(
    Plagegeister aller Art und deren Bekämpfung - 11.11.2013 (5)
  6. GVU Trojaner (abgesicherter modus funktioniert nicht)
    Log-Analyse und Auswertung - 23.10.2013 (10)
  7. GVU Trojaner Abgesicherter Modus funktioniert nicht mehr! Windows XP
    Plagegeister aller Art und deren Bekämpfung - 02.10.2013 (8)
  8. Windows 7 64Bit Version, GVU Trojahner und weißer Bildschirm, booten im abgesicherten Modus schlägt fehl
    Plagegeister aller Art und deren Bekämpfung - 24.09.2013 (15)
  9. Windows Vista wei-er Bildschirm und abgesicherter Modus funktioniert nicht
    Plagegeister aller Art und deren Bekämpfung - 02.08.2013 (17)
  10. GVU Trojaner Windows Vista business- Abgesicherter Modus geht nicht
    Log-Analyse und Auswertung - 22.07.2013 (5)
  11. GVU Virus Windows 7 64bit abgesicherter modus funktioniert nicht
    Plagegeister aller Art und deren Bekämpfung - 18.07.2013 (17)
  12. Windows Vista Update schlägt fehl, teilweise kein Internet...
    Log-Analyse und Auswertung - 06.07.2013 (3)
  13. GVU Trojaner (Abgesicherter Modus funktioniert nicht)
    Plagegeister aller Art und deren Bekämpfung - 17.03.2013 (2)
  14. Trojaner blockiert Windows Vista Rechner, abgesicherter Modus geht auch nicht
    Plagegeister aller Art und deren Bekämpfung - 31.01.2013 (4)
  15. GVU Trojaner blockiert Windows Vista Rechner, abgesicherter Modus geht auch nicht
    Plagegeister aller Art und deren Bekämpfung - 30.01.2013 (1)
  16. Abgesicherter Modus funktioniert nicht / Windows XP 32
    Alles rund um Windows - 17.08.2012 (1)
  17. Windows 7 Pro gesperrt - 100 Euro- abgesicherter Modus funktioniert nicht
    Plagegeister aller Art und deren Bekämpfung - 14.02.2012 (17)

Zum Thema GVU Trojaner Windows Vista - abgesicherter Modus funktioniert nicht! Winunlocker schlägt fehl! - Hab mir nen GVU Trojaner eingefangen! Nun geht weder der abgesicherte Modus, noch funktioniert der WindowsUnlocker. Habe mir nun gerade OTLPE besorgt und du Schritte aus den anderen Thread durchgeführt! - GVU Trojaner Windows Vista - abgesicherter Modus funktioniert nicht! Winunlocker schlägt fehl!...
Archiv
Du betrachtest: GVU Trojaner Windows Vista - abgesicherter Modus funktioniert nicht! Winunlocker schlägt fehl! auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.