GVU-Trojaner eingefangen

sevenup8803 · 24.02.2013, 16:15

Hallo zusammen,

ich habe auch den GVU-Virus und habe mit OTLPE gescannt.
Die Logs der Extras.txt und OTL.txt werde ich euch nun posten.

Es waere nett, wenn ihr mir sagen koenntet, wie ich den Virus wieder von meinem Rechnen bekomme, damit ich ggf. das System neu aufsetzen kann.

Vielen Dank euch schonmal im Voraus.
Wenn ihr noch Infos braucht, fragt einfach, bin jetzt dann online

Extras.txt

Zitat:

OTL Extras logfile created on: 2/24/2013 4:01:35 PM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 85.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 94.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINXP | %ProgramFiles% = C:\Programme
Drive C: | 224.61 Gb Total Space | 44.04 Gb Free Space | 19.61% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = ChromeHTML] -- C:\Programme\Google\Chrome\Application\chrome.exe (Google Inc.)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Programme\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Programme\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Programme\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Programme\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Programme\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Programme\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Programme\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Programme\ICQ7M\ICQ.exe" = C:\Programme\ICQ7M\ICQ.exe:*:Enabled:ICQ7M -- (ICQ, LLC.)

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\ICQ7M\ICQ.exe" = C:\Programme\ICQ7M\ICQ.exe:*:Enabled:ICQ7M -- (ICQ, LLC.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0F6F6876-6334-4977-B5DD-CFC12E193420}" = iTunes
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{1ADE1AA0-7F82-4BB1-B1BD-727DE438057B}" = Cool & Quiet
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
"{28E82311-8616-11E1-BEB0-B8AC6F97B88E}" = Google Earth
"{32364CEA-7855-4A3C-B674-53D8E9B97936}" = TuneUp Utilities 2012
"{336D0C35-8A85-403a-B9D2-65C292C39087}_is1" = IB Updater 2.0.0.530
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3E983DED-9577-4B02-AA79-E55814AE9835}_is1" = Boilsoft AVI to DVD Converter 4.58
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate
"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
"{781B39EC-2E18-41FC-9B00-B84E4FFCA85F}" = ICQ7M
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo 1.10.03
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (German) 14
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.5) - Deutsch
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 136.27
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0213
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.8.15
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.16.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BBC0D330-C37B-4472-BFB9-AA217CF0C95F}" = Ulead Photo Express 4.0 SE
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C151CE54-E7EA-4804-854B-F515368B0798}" = AMD Processor Driver
"{C4688657-3541-4CAC-9C56-EE964732F8A6}" = Die drei Freunde von der Reitschule
"{CE026CFE-73FE-4FED-9D5F-2C8D4DB512B0}" = TuneUp Utilities Language Pack (de-DE)
"{D4DDFAA1-EC37-4529-AD5B-A433ADE68662}" = Apple Mobile Device Support
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F7338FA3-DAB5-49B2-900D-0AFB5760C166}" = PC Probe II
"1ClickDownload" = LSHunterTVApp
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AVI DivX to DVD SVCD VCD Converter_is1" = AVI DivX to DVD SVCD VCD Converter 5.2.0206
"CCleaner" = CCleaner
"CleanUp!" = CleanUp!
"FlashPeak BlazeFtp_is1" = FlashPeak BlazeFtp 2.0
"FLV Player2.0 " = FLV Player
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.29.824
"Google Chrome" = Google Chrome
"Guard.Mail.ru" = Guard.ICQ
"Icy Tower v1.3.1_is1" = Icy Tower v1.3.1
"iLivid" = iLivid
"incredibar" = Incredibar Toolbar on IE
"Indeo® Software" = Indeo® Software
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager
"InstallShield_{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"Nero - Burning Rom!UninstallKey" = Nero OEM
"NeroVision!UninstallKey" = NeroVision Express 2
"NMPUninstallKey" = Nero Media Player
"NVIDIA Drivers" = NVIDIA Drivers
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"Papier Lineal drucken 1" = Papier Lineal drucken 1
"PartyPoker" = PartyPoker
"QuickTime" = QuickTime
"RollerCoaster Tycoon Setup" = Roll
"Savings Sidekick" = Savings Sidekick
"SlimBrowser" = FlashPeak SlimBrowser
"SpecialSavings" = SpecialSavings
"Steam" = Steam
"Tierpension" = Meine Tierpension
"Trillian" = Trillian
"TuneUp Utilities 2012" = TuneUp Utilities 2012
"VLC media player" = VLC media player 2.0.3
"Winamp" = Winamp
"WNLT" = IB Updater Service

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\Sven_Heizmann_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Winamp Detect" = Winamp Erkennungs-Plug-in

< End of report >

OTL.txt

Zitat:

OTL logfile created on: 2/24/2013 4:01:35 PM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 85.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 94.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINXP | %ProgramFiles% = C:\Programme
Drive C: | 224.61 Gb Total Space | 44.04 Gb Free Space | 19.61% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled] -- -- (HidServ)
SRV - File not found [Auto] -- -- (Browser Manager)
SRV - [2013/02/02 06:56:15 | 000,186,368 | ---- | M] () [Auto] -- C:\Dokumente und Einstellungen\Sven Heizmann\Lokale Einstellungen\Temp\jrscpls.exe -- (winmgmt)
SRV - [2013/01/29 07:37:26 | 001,087,792 | ---- | M] () [Auto] -- C:\WINXP\system32\dmwu.exe -- (IBUpdaterService)
SRV - [2013/01/08 06:53:48 | 000,161,536 | R--- | M] (Skype Technologies) [Auto] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/12/12 14:26:33 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- C:\WINXP\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/10/04 09:56:35 | 001,564,368 | ---- | M] () [Auto] -- C:\Programme\Guard-ICQ\GuardICQ.exe -- (Guard.Mail.ru)
SRV - [2012/10/04 08:06:46 | 000,188,760 | ---- | M] () [Auto] -- C:\Programme\IB Updater\ExtensionUpdaterService.exe -- (IB Updater)
SRV - [2012/09/29 12:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/09/29 12:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto] -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/09/20 17:21:01 | 000,065,024 | ---- | M] () [Auto] -- C:\WINXP\system32\nvwrstrd.exe -- (nvusmb32)
SRV - [2012/08/11 09:43:06 | 000,055,184 | ---- | M] (Apple Inc.) [Auto] -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2012/07/05 15:07:00 | 000,161,704 | ---- | M] (Oracle Corporation) [Auto] -- C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2012/05/29 06:09:52 | 001,528,672 | ---- | M] (TuneUp Software) [Auto] -- C:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2012/05/15 05:18:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) [Auto] -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2010/01/09 15:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2010/01/09 15:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2009/07/23 11:23:56 | 000,178,720 | ---- | M] () [Auto] -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe -- (nSvcIp)
SRV - [2009/07/23 11:23:54 | 000,387,616 | ---- | M] () [Auto] -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM)) ForceWare Intelligent Application Manager (IAM)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (i2omgmt)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - [2012/10/17 16:14:33 | 000,436,792 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot] -- C:\WINXP\system32\drivers\sptd.sys -- (sptd)
DRV - [2012/09/29 12:54:26 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand] -- C:\WINXP\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/05/08 08:21:42 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand] -- C:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2012/04/18 12:08:05 | 000,123,840 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\WINXP\system32\drivers\nvhda32.sys -- (NVHDA)
DRV - [2009/08/17 06:16:06 | 001,390,976 | R--- | M] (VIA Technologies, Inc.) [Kernel | On_Demand] -- C:\WINXP\system32\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV - [2009/07/05 21:48:02 | 000,011,448 | R--- | M] () [Kernel | System] -- C:\WINXP\system32\drivers\AsUpIO.sys -- (AsUpIO)
DRV - [2009/06/30 22:53:34 | 000,013,824 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\WINXP\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2009/06/30 22:53:30 | 000,066,688 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\WINXP\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2009/06/28 11:36:36 | 000,017,920 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\WINXP\system32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2007/12/17 04:14:06 | 000,012,400 | R--- | M] () [Kernel | System] -- C:\WINXP\system32\drivers\AsIO.sys -- (AsIO)
DRV - [2006/07/01 17:30:28 | 000,043,520 | ---- | M] (Advanced Micro Devices) [Kernel | System] -- C:\WINXP\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2004/08/12 21:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand] -- C:\WINXP\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2001/12/10 08:35:58 | 000,253,909 | R--- | M] (Philips Components BU Imaging Solutions) [Kernel | On_Demand] -- C:\WINXP\system32\drivers\camdrv21.sys -- (camvid20)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINXP\system32\blank.htm

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Sven_Heizmann_ON_C\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://search.babylon.com/?affID=109958&tt=120912_pcp_3812_6&babsrc=HP_ss&mntrId=8899ee52000000000000002618e76ec0
IE - HKU\Sven_Heizmann_ON_C\Software\Microsoft\Internet Explorer\Main,BrowserMngr Start Page = hxxp://search.babylon.com/?affID=109958&tt=120912_pcp_3812_6&babsrc=HP_ss&mntrId=8899ee52000000000000002618e76ec0
IE - HKU\Sven_Heizmann_ON_C\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINXP\system32\blank.htm
IE - HKU\Sven_Heizmann_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://mystart.incredibar.com/mb128?a=6PQR7PwOQy&i=26
IE - HKU\Sven_Heizmann_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\Sven_Heizmann_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\Sven_Heizmann_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D0 E7 88 10 9A 97 C1 01 [binary data]
IE - HKU\Sven_Heizmann_ON_C\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\Sven_Heizmann_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\systemprofile_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINXP\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Programme\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\WINXP\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Programme\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\Programme\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Programme\Microsoft Office\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Programme\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Programme\IB Updater\Firefox [2012/11/28 15:34:21 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\specialsavings@superfish.com: C:\Dokumente und Einstellungen\Sven Heizmann\Anwendungsdaten\Mozilla\Firefox\Profiles/kovd80bq.default\extensions\specialsavings@superfish.com
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{dfefbe51-ca52-484b-adf0-6b158b05262d}: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Browser Manager\2.4.897.175\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\FirefoxExtension [2013/01/30 07:43:16 | 000,000,000 | ---D | M]

[2012/11/28 15:32:46 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Sven Heizmann\Anwendungsdaten\mozilla\Firefox\Profiles\0\extensions
[2012/10/23 14:08:10 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Sven Heizmann\Anwendungsdaten\mozilla\Firefox\Profiles\kovd80bq.default\extensions
[2012/10/23 14:08:06 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Sven Heizmann\Anwendungsdaten\mozilla\Firefox\Profiles\kovd80bq.default\extensions\firefox-hotfix@mozilla.org
[2012/11/28 15:34:45 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012/06/28 10:42:00 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Programme\mozilla firefox\plugins\npwachk.dll
[2012/10/18 09:23:32 | 000,006,522 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\babylon.xml

O1 HOSTS File: ([2008/04/14 04:00:00 | 000,000,820 | ---- | M]) - C:\WINXP\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {000F18F2-09EB-4A59-82B2-5AE4184C39C3} - No CLSID value found.
O2 - BHO: (Savings Sidekick) - {11111111-1111-1111-1111-110011501160} - C:\Programme\Savings Sidekick\Savings Sidekick.dll (215 Apps)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {2EECD738-5844-4a99-B4B6-146BF802613B} - No CLSID value found.
O2 - BHO: (IB Updater) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Programme\IB Updater\Extension32.dll ()
O2 - BHO: (no name) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - No CLSID value found.
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Incredibar.com Helper Object) - {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - C:\Programme\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll (Montera Technologeis LTD)
O2 - BHO: (SpecialSavings) - {74F475FA-6C75-43BD-AAB9-ECDA6184F600} - C:\Programme\SpecialSavings\SpecialSavingsSinged.dll (SpecialSavings)
O2 - BHO: (no name) - {75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - {98889811-442D-49dd-99D7-DC866BE87DBC} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Incredibar Toolbar) - {F9639E4A-801B-4843-AEE3-03D9DA199E77} - C:\Programme\Incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll (Montera Technologeis LTD)
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ASUS Update Checker] C:\Programme\ASUS\ASUSUpdate\UpdateChecker\UpdateChecker.exe ()
O4 - HKLM..\Run: [Guard.Mail.ru.gui] C:\Programme\Guard-ICQ\GuardICQ.exe ()
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINXP\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINXP\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINXP\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Programme\NVIDIA Corporation\nview\nwiz.exe ()
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKU\Sven_Heizmann_ON_C..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\Sven_Heizmann_ON_C..\Run: [Steam] C:\Programme\Steam\Steam.exe (Valve Corporation)
O4 - Startup: C:\Dokumente und Einstellungen\Administrator.BIE\Startmenü\Programme\Autostart\runctf.lnk = X:\I386\SYSTEM32\RUNDLL32.EXE (Microsoft Corporation)
O4 - Startup: C:\Dokumente und Einstellungen\Administrator.BIE.000\Startmenü\Programme\Autostart\runctf.lnk = X:\I386\SYSTEM32\RUNDLL32.EXE (Microsoft Corporation)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Ulead Kalendar Checker 4.0 SE.lnk = C:\Programme\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe (Ulead Systems, Inc.)
O4 - Startup: C:\Dokumente und Einstellungen\Sven Heizmann\Startmenü\Programme\Autostart\OpenOffice.org 3.4.1.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Dokumente und Einstellungen\Sven Heizmann\Startmenü\Programme\Autostart\runctf.lnk = X:\I386\SYSTEM32\RUNDLL32.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Sven_Heizmann_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\systemprofile_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\UpdatusUser_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Dokumente und Einstellungen\Sven Heizmann\Anwendungsdaten\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Programme\ICQ7M\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Programme\ICQ7M\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: SpecialSavings - {A69A551A-1AAE-4B67-8C2E-52F8B8A19504} - C:\Programme\SpecialSavings\SpecialSavingsSinged.dll (SpecialSavings)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - File not found
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (c:\dokume~1\alluse~1\anwend~1\browse~1\24897~1.175\{61d8b~1\browse~1.dll) - C:\dokume~1\alluse~1\anwend~1\browse~1\24897~1.175\{61d8b~1\browse~1.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINXP\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/01/03 16:48:13 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2013/02/14 02:01:43 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0
[2013/01/29 11:42:42 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Sven Heizmann\Desktop\katja
[5 C:\WINXP\System32\*.tmp files -> C:\WINXP\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/02/14 13:41:00 | 000,000,430 | -H-- | M] () -- C:\WINXP\tasks\User_Feed_Synchronization-{DD808132-CFFA-4C3D-A921-183EB5E71100}.job
[2013/02/14 13:41:00 | 000,000,286 | ---- | M] () -- C:\WINXP\tasks\Browser Manager.job
[2013/02/14 13:40:54 | 000,001,324 | ---- | M] () -- C:\WINXP\System32\d3d9caps.dat
[2013/02/14 13:40:49 | 095,023,320 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\slpcsrj.pad
[2013/02/14 13:27:00 | 000,001,104 | ---- | M] () -- C:\WINXP\tasks\GoogleUpdateTaskMachineUA.job
[2013/02/14 13:03:00 | 000,000,880 | ---- | M] () -- C:\WINXP\tasks\Adobe Flash Player Updater.job
[2013/02/14 12:03:17 | 000,001,100 | ---- | M] () -- C:\WINXP\tasks\GoogleUpdateTaskMachineCore.job
[2013/02/14 12:03:16 | 000,002,048 | --S- | M] () -- C:\WINXP\bootstat.dat
[2013/02/14 06:07:24 | 000,002,206 | ---- | M] () -- C:\WINXP\System32\wpa.dbl
[2013/02/04 06:35:17 | 000,003,181 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\slpcsrj.js
[2013/02/02 06:56:16 | 000,000,790 | ---- | M] () -- C:\Dokumente und Einstellungen\Sven Heizmann\Startmenü\Programme\Autostart\runctf.lnk
[2013/01/31 16:24:09 | 000,001,777 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Google Chrome.lnk
[2013/01/29 17:10:00 | 000,265,409 | ---- | M] () -- C:\Dokumente und Einstellungen\Sven Heizmann\Desktop\application for an internship.pdf
[2013/01/29 17:07:19 | 001,927,655 | ---- | M] () -- C:\Dokumente und Einstellungen\Sven Heizmann\Desktop\FAZ-Bewerbungsknigge.pdf
[2013/01/29 07:37:26 | 001,087,792 | ---- | M] () -- C:\WINXP\System32\dmwu.exe
[2013/01/29 07:34:46 | 000,028,160 | ---- | M] () -- C:\WINXP\System32\ImHttpComm.dll
[5 C:\WINXP\System32\*.tmp files -> C:\WINXP\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/02/02 06:56:16 | 000,003,181 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\slpcsrj.js
[2013/02/02 06:56:16 | 000,000,790 | ---- | C] () -- C:\Dokumente und Einstellungen\Sven Heizmann\Startmenü\Programme\Autostart\runctf.lnk
[2013/02/02 06:56:15 | 095,023,320 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\slpcsrj.pad
[2013/01/29 17:07:16 | 001,927,655 | ---- | C] () -- C:\Dokumente und Einstellungen\Sven Heizmann\Desktop\FAZ-Bewerbungsknigge.pdf
[2013/01/29 17:01:28 | 000,265,409 | ---- | C] () -- C:\Dokumente und Einstellungen\Sven Heizmann\Desktop\application for an internship.pdf
[2012/12/12 13:46:30 | 000,004,096 | ---- | C] () -- C:\WINXP\d3dx.dat
[2012/12/10 12:48:00 | 000,056,320 | ---- | C] () -- C:\WINXP\System32\iyvu9_32.dll
[2012/12/10 12:43:06 | 000,000,977 | ---- | C] () -- C:\WINXP\disney.ini
[2012/12/10 12:42:49 | 000,000,205 | ---- | C] () -- C:\WINXP\disneysy.ini
[2012/12/05 10:39:15 | 095,023,320 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\dsgsdgdsgdsgw.pad
[2012/11/28 15:34:24 | 001,087,792 | ---- | C] () -- C:\WINXP\System32\dmwu.exe
[2012/11/28 15:34:24 | 000,028,160 | ---- | C] () -- C:\WINXP\System32\ImHttpComm.dll
[2012/10/17 16:18:55 | 000,031,465 | ---- | C] () -- C:\Dokumente und Einstellungen\Sven Heizmann\Lokale Einstellungen\Anwendungsdaten\funmoods.crx
[2012/10/17 16:08:40 | 000,000,049 | ---- | C] () -- C:\WINXP\NeroDigital.ini
[2012/10/09 07:56:42 | 000,000,271 | ---- | C] () -- C:\WINXP\wininit.ini
[2012/09/20 17:21:01 | 000,065,024 | ---- | C] () -- C:\WINXP\System32\nvwrstrd.exe
[2012/09/20 09:54:37 | 000,076,336 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\yowljuoaklghdun
[2012/09/10 17:29:09 | 000,000,051 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\qygmktewysfpnvk
[2012/08/27 16:18:39 | 000,001,324 | ---- | C] () -- C:\WINXP\System32\d3d9caps.dat
[2012/08/25 07:33:53 | 000,000,377 | ---- | C] () -- C:\WINXP\PowerReg.dat
[2012/08/25 07:33:52 | 000,045,568 | ---- | C] () -- C:\WINXP\UniFish3.exe
[2012/08/24 08:43:31 | 000,080,896 | ---- | C] () -- C:\WINXP\cadkasdeinst01.exe
[2012/08/04 03:14:46 | 000,039,936 | ---- | C] () -- C:\Dokumente und Einstellungen\Sven Heizmann\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/07/08 04:58:18 | 001,724,416 | ---- | C] () -- C:\WINXP\System32\nvwdmcpl.dll
[2009/07/08 04:58:18 | 001,657,376 | ---- | C] () -- C:\WINXP\System32\nwiz.exe
[2009/07/08 04:58:18 | 001,507,328 | ---- | C] () -- C:\WINXP\System32\nview.dll
[2009/07/08 04:58:18 | 001,101,824 | ---- | C] () -- C:\WINXP\System32\nvwimg.dll
[2009/07/08 04:58:18 | 000,466,944 | ---- | C] () -- C:\WINXP\System32\nvshell.dll
[2009/07/08 04:58:18 | 000,449,056 | ---- | C] () -- C:\WINXP\System32\nvappbar.exe
[2009/07/08 04:58:18 | 000,436,768 | ---- | C] () -- C:\WINXP\System32\keystone.exe
[2009/07/07 20:07:00 | 001,580,550 | ---- | C] () -- C:\WINXP\System32\nvdata.bin
[2008/04/14 04:00:00 | 013,107,200 | ---- | C] () -- C:\WINXP\System32\oembios.bin
[2008/04/14 04:00:00 | 000,673,088 | ---- | C] () -- C:\WINXP\System32\mlang.dat
[2008/04/14 04:00:00 | 000,411,092 | ---- | C] () -- C:\WINXP\System32\perfh007.dat
[2008/04/14 04:00:00 | 000,397,368 | ---- | C] () -- C:\WINXP\System32\perfh009.dat
[2008/04/14 04:00:00 | 000,272,128 | ---- | C] () -- C:\WINXP\System32\perfi009.dat
[2008/04/14 04:00:00 | 000,269,480 | ---- | C] () -- C:\WINXP\System32\perfi007.dat
[2008/04/14 04:00:00 | 000,218,003 | ---- | C] () -- C:\WINXP\System32\dssec.dat
[2008/04/14 04:00:00 | 000,072,432 | ---- | C] () -- C:\WINXP\System32\perfc007.dat
[2008/04/14 04:00:00 | 000,059,648 | ---- | C] () -- C:\WINXP\System32\perfc009.dat
[2008/04/14 04:00:00 | 000,046,258 | ---- | C] () -- C:\WINXP\System32\mib.bin
[2008/04/14 04:00:00 | 000,034,478 | ---- | C] () -- C:\WINXP\System32\perfd007.dat
[2008/04/14 04:00:00 | 000,028,626 | ---- | C] () -- C:\WINXP\System32\perfd009.dat
[2008/04/14 04:00:00 | 000,004,569 | ---- | C] () -- C:\WINXP\System32\secupd.dat
[2008/04/14 04:00:00 | 000,004,463 | ---- | C] () -- C:\WINXP\System32\oembios.dat
[2008/04/14 04:00:00 | 000,001,804 | ---- | C] () -- C:\WINXP\System32\Dcache.bin
[2008/04/14 04:00:00 | 000,000,741 | ---- | C] () -- C:\WINXP\System32\noise.dat
[2002/01/07 11:44:15 | 001,074,636 | ---- | C] () -- C:\WINXP\System32\nvdrsdb1.bin
[2002/01/07 11:44:15 | 001,074,636 | ---- | C] () -- C:\WINXP\System32\nvdrsdb0.bin
[2002/01/07 11:44:15 | 000,000,001 | ---- | C] () -- C:\WINXP\System32\nvdrssel.bin
[2002/01/07 11:44:03 | 002,807,708 | ---- | C] () -- C:\WINXP\System32\nvdata.data
[2002/01/07 11:38:06 | 000,011,448 | R--- | C] () -- C:\WINXP\System32\drivers\AsUpIO.sys
[2002/01/07 11:36:45 | 000,024,576 | R--- | C] () -- C:\WINXP\System32\AsIO.dll
[2002/01/07 11:36:45 | 000,012,400 | R--- | C] () -- C:\WINXP\System32\drivers\AsIO.sys
[2002/01/07 11:36:42 | 000,011,832 | ---- | C] () -- C:\WINXP\System32\drivers\AsInsHelp64.sys
[2002/01/07 11:36:42 | 000,010,216 | ---- | C] () -- C:\WINXP\System32\drivers\AsInsHelp32.sys
[2002/01/07 11:33:56 | 000,006,136 | R--- | C] () -- C:\WINXP\System32\drivers\nvphy.bin
[2002/01/07 11:32:26 | 000,025,815 | ---- | C] () -- C:\WINXP\Ascd_log.ini
[2002/01/07 11:32:05 | 000,005,810 | R--- | C] () -- C:\WINXP\System32\drivers\ASACPI.sys
[2002/01/07 11:32:01 | 000,001,769 | ---- | C] () -- C:\WINXP\Language_trs.ini
[2002/01/07 11:31:58 | 000,020,542 | ---- | C] () -- C:\WINXP\Ascd_tmp.ini
[2002/01/07 11:31:58 | 000,010,296 | ---- | C] () -- C:\WINXP\System32\drivers\ASUSHWIO.SYS
[2002/01/03 16:50:31 | 000,002,048 | --S- | C] () -- C:\WINXP\bootstat.dat
[2002/01/03 16:45:29 | 000,021,740 | ---- | C] () -- C:\WINXP\System32\emptyregdb.dat
[2002/01/03 16:41:09 | 000,004,073 | ---- | C] () -- C:\WINXP\ODBCINST.INI
[2002/01/03 16:38:21 | 000,282,928 | ---- | C] () -- C:\WINXP\System32\FNTCACHE.DAT

========== LOP Check ==========

[2012/10/04 12:55:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\{DCD48218-E972-4d0c-9E5F-43462BC13E3B}
[2012/10/02 05:26:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sven Heizmann\Anwendungsdaten\Azkyam
[2012/10/15 11:09:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sven Heizmann\Anwendungsdaten\Babylon
[2012/10/01 00:09:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sven Heizmann\Anwendungsdaten\Biivig
[2012/10/17 16:14:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sven Heizmann\Anwendungsdaten\Boilsoft
[2013/02/14 02:10:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sven Heizmann\Anwendungsdaten\Byiln
[2012/10/02 09:26:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sven Heizmann\Anwendungsdaten\Byyres
[2012/10/04 13:14:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sven Heizmann\Anwendungsdaten\Dipeon
[2012/09/30 15:28:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sven Heizmann\Anwendungsdaten\Divuu
[2012/10/23 09:58:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sven Heizmann\Anwendungsdaten\Dropbox
[2012/10/01 07:26:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sven Heizmann\Anwendungsdaten\Duopy
[2012/08/26 05:19:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sven Heizmann\Anwendungsdaten\DVDVideoSoft
[2012/08/26 05:19:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sven Heizmann\Anwendungsdaten\DVDVideoSoftIEHelpers
[2012/10/03 17:08:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sven Heizmann\Anwendungsdaten\Efym
[2012/10/04 17:15:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sven Heizmann\Anwendungsdaten\Evhuaw
[2012/10/03 23:12:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sven Heizmann\Anwendungsdaten\Exumn
[2013/02/14 02:10:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sven Heizmann\Anwendungsdaten\Fakua
[2013/02/14 02:11:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sven Heizmann\Anwendungsdaten\Fimyyn
[2012/10/01 11:26:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sven Heizmann\Anwendungsdaten\Fisiab
[2012/10/01 07:26:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sven Heizmann\Anwendungsdaten\Gaedu
[2013/02/14 02:11:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sven Heizmann\Anwendungsdaten\Gafa
[2013/02/14 02:11:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sven Heizmann\Anwendungsdaten\Geik
[2013/02/14 02:11:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sven Heizmann\Anwendungsdaten\Hautb
[2013/02/14 02:11:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sven Heizmann\Anwendungsdaten\Hyavve
[2012/10/06 15:40:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sven Heizmann\Anwendungsdaten\ICQ
[2013/02/14 02:11:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sven Heizmann\Anwendungsdaten\Igoglu
[2013/02/14 02:11:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sven Heizmann\Anwendungsdaten\Ikxyek
[2012/11/29 14:28:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sven Heizmann\Anwendungsdaten\Incredibar.com
[2012/10/01 15:26:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sven Heizmann\Anwendungsdaten\Iwxexy
[2012/09/30 07:04:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sven Heizmann\Anwendungsdaten\Kyna
[2012/10/03 17:08:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sven Heizmann\Anwendungsdaten\Kyzuyq
[2012/10/04 17:15:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sven Heizmann\Anwendungsdaten\Maamaf
[2012/10/02 09:26:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sven Heizmann\Anwendungsdaten\Moaxri
[2012/10/23 13:42:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sven Heizmann\Anwendungsdaten\MSNInstaller
[2012/10/02 00:16:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sven Heizmann\Anwendungsdaten\Noont
[2013/02/14 02:10:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sven Heizmann\Anwendungsdaten\Nyet
[2012/10/03 23:12:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sven Heizmann\Anwendungsdaten\Ofriid
[2012/08/26 05:19:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sven Heizmann\Anwendungsdaten\OpenCandy
[2012/10/15 13:24:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sven Heizmann\Anwendungsdaten\OpenOffice.org
[2013/02/14 02:10:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sven Heizmann\Anwendungsdaten\Oqaq
[2012/08/12 05:15:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sven Heizmann\Anwendungsdaten\Oracle
[2012/10/18 09:33:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sven Heizmann\Anwendungsdaten\Party
[2012/09/30 07:04:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sven Heizmann\Anwendungsdaten\Pege
[2013/02/14 02:10:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sven Heizmann\Anwendungsdaten\Piygub
[2012/10/01 00:09:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sven Heizmann\Anwendungsdaten\Seku
[2013/02/02 08:56:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sven Heizmann\Anwendungsdaten\SlimBrowser
[2012/10/01 15:26:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sven Heizmann\Anwendungsdaten\Temyl
[2012/10/04 09:14:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sven Heizmann\Anwendungsdaten\Toiqi
[2012/08/26 05:23:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sven Heizmann\Anwendungsdaten\TuneUp Software
[2012/09/25 11:36:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sven Heizmann\Anwendungsdaten\Ufla
[2012/09/30 15:28:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sven Heizmann\Anwendungsdaten\Uhdo
[2012/10/04 03:15:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sven Heizmann\Anwendungsdaten\Uknyys
[2012/10/03 13:07:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sven Heizmann\Anwendungsdaten\Ukwi
[2013/02/14 02:11:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sven Heizmann\Anwendungsdaten\Ulax
[2012/08/06 01:21:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sven Heizmann\Anwendungsdaten\Ulead Systems
[2013/02/14 02:11:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sven Heizmann\Anwendungsdaten\Unyrob
[2013/02/14 02:11:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sven Heizmann\Anwendungsdaten\Upruo
[2012/10/01 11:26:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sven Heizmann\Anwendungsdaten\Upxaq
[2012/09/30 11:28:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sven Heizmann\Anwendungsdaten\Uqcub
[2012/10/04 13:14:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sven Heizmann\Anwendungsdaten\Utcyf
[2013/02/14 02:11:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sven Heizmann\Anwendungsdaten\Vicyis
[2012/09/30 11:28:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sven Heizmann\Anwendungsdaten\Vuzide
[2013/02/14 02:11:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sven Heizmann\Anwendungsdaten\Waut
[2012/10/04 09:14:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sven Heizmann\Anwendungsdaten\Woikys
[2012/10/02 00:16:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sven Heizmann\Anwendungsdaten\Wywa
[2012/10/02 05:26:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sven Heizmann\Anwendungsdaten\Xaka
[2012/10/04 03:15:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sven Heizmann\Anwendungsdaten\Xaki
[2013/02/04 06:12:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sven Heizmann\Anwendungsdaten\Xyodn
[2013/02/14 02:11:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sven Heizmann\Anwendungsdaten\Ydewiw
[2012/10/03 13:07:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sven Heizmann\Anwendungsdaten\Ypakag
[2012/08/30 00:09:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\UpdatusUser\Anwendungsdaten\TuneUp Software
[2012/10/04 09:56:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\UpdatusUser\Anwendungsdaten\{DCD48218-E972-4d0c-9E5F-43462BC13E3B}
[2012/10/06 15:56:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2012/10/15 11:09:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Babylon
[2012/10/24 12:44:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BlackPencil
[2012/11/05 06:16:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Browser Manager
[2012/08/26 05:22:51 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Common Files
[2012/10/15 11:09:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\IBUpdaterService
[2012/10/04 09:56:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ICQ
[2012/11/28 15:33:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Tarma Installer
[2012/08/26 05:23:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software
[2012/08/06 01:21:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ulead Systems
[2012/09/24 10:06:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\vuwprugtgfscwgc
[2012/08/26 05:22:51 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{32364CEA-7855-4A3C-B674-53D8E9B97936}
[2013/02/14 13:41:00 | 000,000,286 | ---- | M] () -- C:\WINXP\Tasks\Browser Manager.job
[2013/02/14 13:41:00 | 000,000,430 | -H-- | M] () -- C:\WINXP\Tasks\User_Feed_Synchronization-{DD808132-CFFA-4C3D-A921-183EB5E71100}.job

========== Purity Check ==========

< End of report >

GVU-Trojaner eingefangen

Log-Analyse und Auswertung: GVU-Trojaner eingefangen

GVU-Trojaner eingefangen

Ähnliche Themen: GVU-Trojaner eingefangen