Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: GVU Trojaner Windows Vista

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 16.05.2013, 21:36   #1
Liese77
 
GVU Trojaner Windows Vista - Standard

GVU Trojaner Windows Vista



Schönen guten Abend,

ich habe mir offensichtlich den GVU-Trojaner eingefangen. Eine Systemwiederherstellung über einen Wiederherstellungspunkt funktioniert nicht.

Habe mir im abgesicherten Modus OTL.exe runtergeladen und durchlaufen lassen.
Die zwei kreierten Log-Files hänge ich hier mal mit dran.

Was muss ich nun tun? Kann mir jemand helfen?

Vielen Dank im Voraus!

Die Liese.

OTL logfile created on: 16.05.2013 21:51:47 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\LinNancyUwe\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

1,99 Gb Total Physical Memory | 1,40 Gb Available Physical Memory | 70,52% Memory free
2,39 Gb Paging File | 1,96 Gb Available in Paging File | 81,75% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 68,77 Gb Total Space | 0,23 Gb Free Space | 0,34% Space Free | Partition Type: NTFS
Drive D: | 68,56 Gb Total Space | 56,62 Gb Free Space | 82,59% Space Free | Partition Type: NTFS

Computer Name: LINNANCYUWE-PC | User Name: LinNancyUwe | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\LinNancyUwe\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe (Adobe Systems, Inc.)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Ad-Aware\aawservice.exe (Lavasoft)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)


========== Modules (No Company Name) ==========

MOD - C:\Windows\System32\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
MOD - C:\Programme\Mozilla Firefox\mozjs.dll ()


========== Services (SafeList) ==========

SRV - (Winmgmt) -- C:\Users\LINNAN~1\AppData\Local\Temp\MVbCn7d.exe File not found
SRV - (gupdatem) -- C:\Program Files\Google\Update\GoogleUpdate.exe /medsvc File not found
SRV - (gupdate) -- C:\Program Files\Google\Update\GoogleUpdate.exe /svc File not found
SRV - (SProtection) -- C:\Programme\Common Files\Umbrella\umbrella.exe (Iminent)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (TelevisionFanaticService) -- C:\Programme\TelevisionFanatic\bar\1.bin\64barsvc.exe (COMPANYVERS_NAME)
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (Application Updater) -- C:\Programme\Application Updater\ApplicationUpdater.exe (Spigot, Inc.)
SRV - (Web Assistant) -- C:\Programme\Web Assistant\ExtensionUpdaterService.exe ()
SRV - (BrowserProtect) -- C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe ()
SRV - (IBUpdaterService) -- C:\Windows\System32\dmwu.exe ()
SRV - (Netzmanager Service) -- C:\Programme\Netzmanager\NMInfraIS2\Netzmanager_Service.exe (Deutsche Telekom AG)
SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (aawservice) -- C:\Programme\Ad-Aware\aawservice.exe (Lavasoft)
SRV - (eDataSecurity Service) -- C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
SRV - (eNet Service) -- C:\Acer\Empowering Technology\eNet\eNet Service.exe (Acer Inc.)
SRV - (eSettingsService) -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe ()
SRV - (MobilityService) -- C:\Acer\Mobility Center\MobilityService.exe ()
SRV - (eLockService) -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe (Acer Inc.)
SRV - (WMIService) -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe (acer)
SRV - (ALaunchService) -- C:\Acer\ALaunch\ALaunchSvc.exe ()
SRV - (eRecoveryService) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (Acer Inc.)
SRV - (lxda_device) -- C:\Windows\System32\lxdacoms.exe ( )
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)


========== Driver Services (SafeList) ==========

DRV - (USBModem) -- system32\DRIVERS\lgusbmodem.sys File not found
DRV - (UsbDiag) -- system32\DRIVERS\lgusbdiag.sys File not found
DRV - (usbbus) -- system32\DRIVERS\lgusbbus.sys File not found
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (TelekomNM3) -- C:\Programme\Netzmanager\NMInfraIS2\Driver\TelekomNM3.sys (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (winusb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (ACEDRV07) -- C:\Windows\System32\drivers\ACEDRV07.sys (Protect Software GmbH)
DRV - (UsbserFilt) -- C:\Windows\System32\drivers\usbser_lowerfltj.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (nmwcdc) -- C:\Windows\System32\drivers\ccdcmbo.sys (Nokia)
DRV - (upperdev) -- C:\Windows\System32\drivers\usbser_lowerflt.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (nmwcd) -- C:\Windows\System32\drivers\ccdcmb.sys (Nokia)
DRV - (fwlanusbn) -- C:\Windows\System32\drivers\fwlanusbn.sys (AVM GmbH)
DRV - (avmeject) -- C:\Windows\System32\drivers\avmeject.sys (AVM Berlin)
DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (int15) -- C:\Acer\Empowering Technology\eRecovery\int15.sys (Acer, Inc.)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (DritekPortIO) -- C:\Programme\Launch Manager\DPortIO.sys (Dritek System Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.intl.acer.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.intl.acer.yahoo.com
IE - HKLM\..\URLSearchHook: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Programme\MyAshampoo\prxtbMyA2.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2475029


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3438887808-3780490940-1782055248-1000\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = about:blank
IE - HKU\S-1-5-21-3438887808-3780490940-1782055248-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.web.de/br/ie9_startpage
IE - HKU\S-1-5-21-3438887808-3780490940-1782055248-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-3438887808-3780490940-1782055248-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3438887808-3780490940-1782055248-1000\..\URLSearchHook: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Programme\MyAshampoo\prxtbMyA2.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-3438887808-3780490940-1782055248-1000\..\URLSearchHook: {E634228A-03CF-4BC8-B0AB-668257F1FD8C} - C:\Programme\FreeRIP Toolbar\IE\7.0\freeripToolbarIE.dll (Spigot, Inc.)
IE - HKU\S-1-5-21-3438887808-3780490940-1782055248-1000\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-3438887808-3780490940-1782055248-1000\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-3438887808-3780490940-1782055248-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3438887808-3780490940-1782055248-1000\..\SearchScopes\{09038620-190C-402B-A92F-18864E6AB22F}: "URL" = hxxp://go.1und1.de/br/ie9_search_web/?su={searchTerms}
IE - HKU\S-1-5-21-3438887808-3780490940-1782055248-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://www.delta-search.com/?q={searchTerms}&affID=119528&babsrc=SP_ss&mntrId=90510165000000000000001fe1a5795e
IE - HKU\S-1-5-21-3438887808-3780490940-1782055248-1000\..\SearchScopes\{40064957-18EB-412d-9146-3F57E8D92EEC}: "URL" = hxxp://go.web.de/br/ie9_search_pic/?su={searchTerms}
IE - HKU\S-1-5-21-3438887808-3780490940-1782055248-1000\..\SearchScopes\{52BF31C9-3282-4A5C-A778-28443656EA0F}: "URL" = hxxp://go.web.de/br/ie8_search_amazon/?keywords={searchTerms}
IE - HKU\S-1-5-21-3438887808-3780490940-1782055248-1000\..\SearchScopes\{5A817CF6-92D5-4DE5-AC38-82DF8A73EF28}: "URL" = hxxp://go.gmx.net/br/ie9_search_web/?su={searchTerms}
IE - HKU\S-1-5-21-3438887808-3780490940-1782055248-1000\..\SearchScopes\{6B1D1FB7-7233-4F7C-802C-21A1DDB12754}: "URL" = hxxp://go.web.de/br/ie9_search_web/?su={searchTerms}
IE - HKU\S-1-5-21-3438887808-3780490940-1782055248-1000\..\SearchScopes\{7E3E102D-8AA1-41B1-AC7C-727676868C44}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=386496&p={searchTerms}
IE - HKU\S-1-5-21-3438887808-3780490940-1782055248-1000\..\SearchScopes\{81CE708B-5104-4C62-B333-94B417473B29}: "URL" = hxxp://go.mail.com/br/ie8_search_web/?su={searchTerms}
IE - HKU\S-1-5-21-3438887808-3780490940-1782055248-1000\..\SearchScopes\{8D27B32E-89EE-460e-82D2-5FC354078EAD}: "URL" = hxxp://go.web.de/br/ie9_search_produkte/?su={searchTerms}
IE - HKU\S-1-5-21-3438887808-3780490940-1782055248-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2475029
IE - HKU\S-1-5-21-3438887808-3780490940-1782055248-1000\..\SearchScopes\{CF6AF45C-94AA-4FD5-9893-63A0F7BC7BC8}: "URL" = hxxp://go.web.de/br/ie8_search_ebay/?q={searchTerms}
IE - HKU\S-1-5-21-3438887808-3780490940-1782055248-1000\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = hxxp://mystart.incredibar.com/mb178/?search={searchTerms}&loc=IB_DS&a=6R8D5gul0x&i=26
IE - HKU\S-1-5-21-3438887808-3780490940-1782055248-1000\..\SearchScopes\{DCE59F23-A446-45a5-9459-E68FDC0DE38D}: "URL" = hxxp://go.web.de/br/ie9_search_maps/?su={searchTerms}
IE - HKU\S-1-5-21-3438887808-3780490940-1782055248-1000\..\SearchScopes\{E9F4F12C-21E9-477E-9EC7-6A1CBD2D4FA8}: "URL" = hxxp://go.web.de/br/ie8_search_web/?su={searchTerms}
IE - HKU\S-1-5-21-3438887808-3780490940-1782055248-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3438887808-3780490940-1782055248-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "My Web Search"
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.selectedEngine: "My Web Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://home.mywebsearch.com/index.jhtml?ptb=9F66AD19-1D6B-41D2-AFEC-1F72224DEAB4&n=77fcb509&p2=^XP^xdm116^YY^de&si=CLWGxO-R87YCFVDMtAodxTIARw"
FF - prefs.js..extensions.enabledAddons: %7BE6C1199F-E687-42da-8C24-E7770CC3AE66%7D:1.8.0
FF - prefs.js..extensions.enabledAddons: %7Be4a8a97b-f2ed-450b-b12d-ee082ba24781%7D:1.8
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1
FF - prefs.js..keyword.URL: "hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?st=kwd&ptb=9F66AD19-1D6B-41D2-AFEC-1F72224DEAB4&n=77fcb509&ind=2013050121&p2=^XP^xdm116^YY^de&si=CLWGxO-R87YCFVDMtAodxTIARw&searchfor="
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX OVS Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@TelevisionFanatic.com/Plugin: C:\Program Files\TelevisionFanatic\bar\1.bin\NP64Stub.dll (MindSpark)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\LinNancyUwe\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.04.14 20:44:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2010.12.18 10:51:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2010.12.18 10:51:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\Web Assistant\Firefox [2013.03.11 05:26:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}: C:\Program Files\Web Assistant\Firefox [2013.03.11 05:26:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\64ffxtbr@TelevisionFanatic.com: C:\Program Files\TelevisionFanatic\bar\1.bin [2013.04.30 21:48:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.04.21 22:05:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.04.14 20:44:06 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{58bd07eb-0ee0-4df0-8121-dc9b693373df}: C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension [2013.02.10 19:13:23 | 000,000,000 | ---D | M]

[2010.05.02 15:00:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\LinNancyUwe\AppData\Roaming\mozilla\Extensions
[2010.05.02 15:00:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\LinNancyUwe\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2013.05.01 21:23:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\LinNancyUwe\AppData\Roaming\mozilla\Firefox\Profiles\czto7yrt.default\extensions
[2013.04.30 21:42:40 | 000,000,000 | ---D | M] (TelevisionFanatic) -- C:\Users\LinNancyUwe\AppData\Roaming\mozilla\Firefox\Profiles\czto7yrt.default\extensions\64ffxtbr@TelevisionFanatic.com
[2013.03.17 17:56:03 | 000,269,007 | ---- | M] () (No name found) -- C:\Users\LinNancyUwe\AppData\Roaming\mozilla\firefox\profiles\czto7yrt.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
[2013.03.17 17:37:30 | 000,014,714 | ---- | M] () (No name found) -- C:\Users\LinNancyUwe\AppData\Roaming\mozilla\firefox\profiles\czto7yrt.default\extensions\{E6C1199F-E687-42da-8C24-E7770CC3AE66}.xpi
[2013.04.30 21:48:30 | 000,009,631 | ---- | M] () -- C:\Users\LinNancyUwe\AppData\Roaming\mozilla\firefox\profiles\czto7yrt.default\searchplugins\my-web-search.xml
[2013.03.17 14:58:01 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2013.04.21 22:05:53 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2013.03.07 17:45:15 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013.03.07 17:45:15 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2013.03.07 17:45:15 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2013.03.07 17:45:15 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2013.03.07 17:45:15 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2013.03.07 17:45:15 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,736 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (WEB.DE Konfiguration) - {17166733-40EA-4432-A85C-AE672FF0E236} - C:\ProgramData\1und1InternetExplorerAddon\BHOXML.dll (1&1 Mail & Media GmbH)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Programme\Web Assistant\Extension32.dll ()
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Incredibar.com Helper Object) - {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - C:\Programme\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll (Montera Technologeis LTD)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (HiTRUST)
O2 - BHO: (IMinent WebBooster (BHO)) - {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} - C:\Programme\Iminent\Iminent.WebBooster.InternetExplorer.dll (Iminent)
O2 - BHO: (MyAshampoo Toolbar) - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Programme\MyAshampoo\prxtbMyA2.dll (Conduit Ltd.)
O2 - BHO: (WEB.DE MailCheck BHO) - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Programme\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH)
O2 - BHO: (delta Helper Object) - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Programme\Delta\delta\1.8.10.0\bh\delta.dll (Delta-search.com)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (FreeRIP Toolbar) - {E634228A-03CF-4BC8-B0AB-668257F1FD8C} - C:\Programme\FreeRIP Toolbar\IE\7.0\freeripToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll File not found
O3 - HKLM\..\Toolbar: (Delta Toolbar) - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Programme\Delta\delta\1.8.10.0\deltaTlbr.dll (Delta-search.com)
O3 - HKLM\..\Toolbar: (MyAshampoo Toolbar) - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Programme\MyAshampoo\prxtbMyA2.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (WEB.DE MailCheck) - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Programme\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH)
O3 - HKLM\..\Toolbar: (FreeRIP Toolbar) - {E634228A-03CF-4BC8-B0AB-668257F1FD8C} - C:\Programme\FreeRIP Toolbar\IE\7.0\freeripToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (Incredibar Toolbar) - {F9639E4A-801B-4843-AEE3-03D9DA199E77} - C:\Programme\Incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll (Montera Technologeis LTD)
O3 - HKU\S-1-5-21-3438887808-3780490940-1782055248-1000\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll File not found
O3 - HKU\S-1-5-21-3438887808-3780490940-1782055248-1000\..\Toolbar\WebBrowser: (MyAshampoo Toolbar) - {A1E75A0E-4397-4BA8-BB50-E19FB66890F4} - C:\Programme\MyAshampoo\prxtbMyA2.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-3438887808-3780490940-1782055248-1000\..\Toolbar\WebBrowser: (WEB.DE MailCheck) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Programme\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe File not found
O4 - HKLM..\Run: [ALaunch] C:\Acer\ALaunch\AlaunchClient.exe File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [DivX Download Manager] C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe (DivX, LLC)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated)
O4 - HKLM..\Run: [eRecoveryService] File not found
O4 - HKLM..\Run: [hpqSRMon] File not found
O4 - HKLM..\Run: [Iminent] C:\Program Files\Iminent\Iminent.exe (Iminent)
O4 - HKLM..\Run: [IminentMessenger] C:\Programme\Iminent\Iminent.Messengers.exe (Iminent)
O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [MailCheck IE Broker] C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe (1und1 Mail und Media GmbH)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - HKLM..\Run: [SetPanel] C:\Acer\APanel\APanel.cmd File not found
O4 - HKLM..\Run: [Smart File Advisor] C:\Program Files\Smart File Advisor\sfa.exe (Filefacts.net)
O4 - HKLM..\Run: [TelevisionFanatic Search Scope Monitor] C:\Programme\TelevisionFanatic\bar\1.bin\64SrchMn.exe (MindSpark)
O4 - HKLM..\Run: [WarReg_PopUp] C:\Programme\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Incorporated)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-3438887808-3780490940-1782055248-1000..\Run: [905101ca] rundll32.exe "C:\Users\LINNAN~1\AppData\Local\Temp\jlxdxwja.dll",b File not found
O4 - HKU\S-1-5-21-3438887808-3780490940-1782055248-1000..\Run: [cmds] rundll32.exe C:\Users\LINNAN~1\AppData\Local\Temp\pmnmjJYr.dll,c File not found
O4 - HKU\S-1-5-21-3438887808-3780490940-1782055248-1000..\Run: [ctfmon.exe] C:\ProgramData\rlofoa.dat (Microsoft Corporation)
O4 - HKU\S-1-5-21-3438887808-3780490940-1782055248-1000..\Run: [EWABQAF7KL] C:\Users\LinNancyUwe\AppData\Local\Temp\Bbu.exe File not found
O4 - HKU\S-1-5-21-3438887808-3780490940-1782055248-1000..\Run: [Hyycu] C:\Users\LinNancyUwe\AppData\Roaming\Ydyn\xuuq.exe File not found
O4 - HKU\S-1-5-21-3438887808-3780490940-1782055248-1000..\Run: [MSServer] rundll32.exe C:\Users\LINNAN~1\AppData\Local\Temp\xxyYOiIB.dll,#1 File not found
O4 - HKU\S-1-5-21-3438887808-3780490940-1782055248-1000..\Run: [Spiele Post] C:\Program Files\OXXOGames\GPlayer\GameCenterNotifier.exe File not found
O4 - HKU\S-1-5-21-3438887808-3780490940-1782055248-1000..\Run: [UBC5AB1IDP] C:\Users\LINNAN~1\AppData\Local\Temp\Bbz.exe File not found
O4 - HKU\S-1-5-21-3438887808-3780490940-1782055248-1000..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [SPUpdSentinel] C:\Program Files\Common Files\Umbrella\umbrella_bkp.exe (Iminent)
O4 - Startup: C:\Users\LinNancyUwe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Netzmanager.lnk = C:\Programme\Netzmanager\netzmanager.exe (Deutsche Telekom AG)
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-3438887808-3780490940-1782055248-1000\Software\Policies\Microsoft\Internet Explorer\Recovery present
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - %SystemRoot%\System32\winrnr.dll File not found
O13 - gopher Prefix: missing
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{45741D7D-8C6C-48E5-9E37-D729D5B459CC}: NameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BC2C1E82-C41A-4C02-A68C-D91BF5A0EBB3}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F6178BEA-00B2-4DA0-8444-52FBB445F204}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\webde {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Programme\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (c:\progra~2\browse~1\261095~1.52\{c16c1~1\browse~1.dll) - c:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll ()
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\LinNancyUwe\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\LinNancyUwe\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{5f0c5a6c-f259-11df-ad3c-001eec502328}\Shell - "" = AutoRun
O33 - MountPoints2\{5f0c5a6c-f259-11df-ad3c-001eec502328}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL G:\Vertriebsportal.exe
O33 - MountPoints2\{f2f7b056-7f95-11dd-a024-8cf8afea5608}\Shell - "" = AutoRun
O33 - MountPoints2\{f2f7b056-7f95-11dd-a024-8cf8afea5608}\Shell\AutoRun\command - "" = F:\pushinst.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013.05.15 04:26:19 | 000,147,456 | ---- | C] (Microsoft Corporation) -- C:\ProgramData\rlofoa.dat
[2013.05.15 04:26:19 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\ProgramData\rundll32.exe
[2013.05.15 01:07:49 | 017,613,192 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerInstaller.exe
[2013.05.13 21:31:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\dtp
[2013.05.09 20:48:55 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2013.05.09 20:43:45 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013.05.09 20:43:45 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2013.05.09 20:43:45 | 000,094,112 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013.05.02 22:03:18 | 000,000,000 | ---D | C] -- C:\Users\LinNancyUwe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FTDownloader.com
[2013.04.30 21:48:31 | 000,000,000 | ---D | C] -- C:\Users\LinNancyUwe\AppData\Local\TelevisionFanatic
[2013.04.30 21:48:20 | 000,000,000 | ---D | C] -- C:\Program Files\TelevisionFanatic
[2 C:\Users\LinNancyUwe\Documents\*.tmp files -> C:\Users\LinNancyUwe\Documents\*.tmp -> ]
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013.05.16 21:41:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.05.16 21:10:45 | 095,023,320 | ---- | M] () -- C:\ProgramData\aofolr.pad
[2013.05.16 20:49:50 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.05.16 20:49:50 | 000,000,310 | -H-- | M] () -- C:\Windows\tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job
[2013.05.16 20:49:46 | 000,000,310 | -H-- | M] () -- C:\Windows\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2013.05.16 20:49:41 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013.05.16 20:49:41 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013.05.15 18:20:04 | 000,344,360 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.05.15 16:48:00 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.05.15 16:01:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.05.15 04:52:15 | 000,002,634 | ---- | M] () -- C:\ProgramData\aofolr.js
[2013.05.15 04:26:19 | 000,147,456 | ---- | M] (Microsoft Corporation) -- C:\ProgramData\rlofoa.dat
[2013.05.15 04:26:19 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\ProgramData\rundll32.exe
[2013.05.15 01:08:01 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013.05.15 01:08:01 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013.05.15 01:07:50 | 017,613,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerInstaller.exe
[2013.05.11 20:52:39 | 000,135,168 | ---- | M] () -- C:\Users\LinNancyUwe\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013.05.08 07:13:22 | 000,019,074 | ---- | M] () -- C:\Users\LinNancyUwe\2013-05-08.hrf
[2013.05.03 21:38:35 | 000,018,275 | ---- | M] () -- C:\Users\LinNancyUwe\2013-05-03.hrf
[2013.05.02 22:03:18 | 000,000,663 | ---- | M] () -- C:\Users\LinNancyUwe\Desktop\FTDownloader.lnk
[2013.05.02 02:06:08 | 000,238,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2013.05.01 12:33:29 | 000,018,919 | ---- | M] () -- C:\Users\LinNancyUwe\2013-05-01.hrf
[2013.04.26 18:17:37 | 000,018,701 | ---- | M] () -- C:\Users\LinNancyUwe\2013-04-26.hrf
[2013.04.24 18:04:50 | 000,018,878 | ---- | M] () -- C:\Users\LinNancyUwe\2013-04-24.hrf
[2013.04.19 21:43:38 | 000,018,709 | ---- | M] () -- C:\Users\LinNancyUwe\2013-04-19.hrf
[2 C:\Users\LinNancyUwe\Documents\*.tmp files -> C:\Users\LinNancyUwe\Documents\*.tmp -> ]
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013.05.15 04:52:03 | 000,002,634 | ---- | C] () -- C:\ProgramData\aofolr.js
[2013.05.15 04:26:28 | 095,023,320 | ---- | C] () -- C:\ProgramData\aofolr.pad
[2013.05.08 07:13:22 | 000,019,074 | ---- | C] () -- C:\Users\LinNancyUwe\2013-05-08.hrf
[2013.05.03 21:38:35 | 000,018,275 | ---- | C] () -- C:\Users\LinNancyUwe\2013-05-03.hrf
[2013.05.02 22:03:18 | 000,000,663 | ---- | C] () -- C:\Users\LinNancyUwe\Desktop\FTDownloader.lnk
[2013.05.01 12:33:29 | 000,018,919 | ---- | C] () -- C:\Users\LinNancyUwe\2013-05-01.hrf
[2013.04.26 18:17:37 | 000,018,701 | ---- | C] () -- C:\Users\LinNancyUwe\2013-04-26.hrf
[2013.04.24 18:04:50 | 000,018,878 | ---- | C] () -- C:\Users\LinNancyUwe\2013-04-24.hrf
[2013.04.19 21:43:38 | 000,018,709 | ---- | C] () -- C:\Users\LinNancyUwe\2013-04-19.hrf
[2013.04.16 17:24:06 | 000,018,709 | ---- | C] () -- C:\Users\LinNancyUwe\2013-04-16.hrf
[2013.04.13 09:25:36 | 000,018,684 | ---- | C] () -- C:\Users\LinNancyUwe\2013-04-13.hrf
[2013.04.09 19:06:53 | 000,018,688 | ---- | C] () -- C:\Users\LinNancyUwe\2013-04-09.hrf
[2013.04.05 19:00:17 | 000,018,865 | ---- | C] () -- C:\Users\LinNancyUwe\2013-04-05.hrf
[2013.04.02 17:59:43 | 000,018,867 | ---- | C] () -- C:\Users\LinNancyUwe\2013-04-02.hrf
[2013.03.29 08:52:06 | 000,018,690 | ---- | C] () -- C:\Users\LinNancyUwe\2013-03-29.hrf
[2013.03.26 17:46:05 | 000,018,688 | ---- | C] () -- C:\Users\LinNancyUwe\2013-03-26.hrf
[2013.03.24 13:50:56 | 000,018,687 | ---- | C] () -- C:\Users\LinNancyUwe\2013-03-24.hrf
[2013.03.23 11:27:59 | 000,018,867 | ---- | C] () -- C:\Users\LinNancyUwe\2013-03-23.hrf
[2013.03.20 05:28:29 | 000,018,652 | ---- | C] () -- C:\Users\LinNancyUwe\2013-03-20.hrf
[2013.03.15 22:18:48 | 000,018,136 | ---- | C] () -- C:\Users\LinNancyUwe\2013-03-15.hrf
[2013.03.12 18:33:44 | 000,018,132 | ---- | C] () -- C:\Users\LinNancyUwe\2013-03-12.hrf
[2013.03.11 05:28:18 | 001,008,496 | ---- | C] () -- C:\Windows\System32\dmwu.exe
[2013.03.11 05:28:18 | 000,028,160 | ---- | C] () -- C:\Windows\System32\ImHttpComm.dll
[2013.03.09 10:32:48 | 000,018,125 | ---- | C] () -- C:\Users\LinNancyUwe\2013-03-09.hrf
[2013.03.05 21:23:05 | 000,018,313 | ---- | C] () -- C:\Users\LinNancyUwe\2013-03-05.hrf
[2013.03.01 19:35:46 | 000,018,309 | ---- | C] () -- C:\Users\LinNancyUwe\2013-03-01.hrf
[2013.02.26 21:14:29 | 000,018,135 | ---- | C] () -- C:\Users\LinNancyUwe\2013-02-26.hrf
[2013.02.22 19:53:13 | 000,018,146 | ---- | C] () -- C:\Users\LinNancyUwe\2013-02-22.hrf
[2013.02.19 19:40:10 | 000,018,148 | ---- | C] () -- C:\Users\LinNancyUwe\2013-02-19.hrf
[2013.02.14 20:55:34 | 000,000,127 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2013.02.07 05:39:25 | 000,948,708 | ---- | C] () -- C:\ProgramData\d7nCbVM.pad
[2012.09.29 10:58:27 | 000,178,710 | ---- | C] () -- C:\Windows\hpoins27.dat.temp
[2012.09.29 10:58:27 | 000,000,932 | ---- | C] () -- C:\Windows\hpomdl27.dat.temp
[2012.05.20 21:36:19 | 000,000,000 | ---- | C] () -- C:\Users\LinNancyUwe\AppData\Roaming\MafiaSetup.exe
[2012.05.20 21:23:54 | 000,002,140 | ---- | C] () -- C:\Users\LinNancyUwe\steuernancy.elfo
[2012.05.20 21:22:35 | 000,015,613 | ---- | C] () -- C:\Users\LinNancyUwe\2012-05-04.hrf
[2012.05.20 21:22:35 | 000,015,613 | ---- | C] () -- C:\Users\LinNancyUwe\2012-04-24.hrf
[2012.05.20 21:22:35 | 000,015,611 | ---- | C] () -- C:\Users\LinNancyUwe\2012-04-27.hrf
[2012.05.20 21:22:35 | 000,015,608 | ---- | C] () -- C:\Users\LinNancyUwe\2012-04-09.hrf
[2012.05.20 21:22:35 | 000,015,604 | ---- | C] () -- C:\Users\LinNancyUwe\2012-05-02.hrf
[2012.05.20 21:22:35 | 000,015,600 | ---- | C] () -- C:\Users\LinNancyUwe\2012-04-02.hrf
[2012.05.20 21:22:35 | 000,015,598 | ---- | C] () -- C:\Users\LinNancyUwe\2012-04-13.hrf
[2012.05.20 21:22:35 | 000,015,597 | ---- | C] () -- C:\Users\LinNancyUwe\2012-04-17.hrf
[2012.05.20 21:22:35 | 000,015,596 | ---- | C] () -- C:\Users\LinNancyUwe\2012-03-26.hrf
[2012.05.20 21:22:35 | 000,015,581 | ---- | C] () -- C:\Users\LinNancyUwe\2012-03-23.hrf
[2012.05.20 21:22:35 | 000,000,020 | ---- | C] () -- C:\Users\LinNancyUwe\ho.dir
[2012.05.20 21:22:34 | 000,016,094 | ---- | C] () -- C:\Users\LinNancyUwe\2011-11-30.hrf
[2012.05.20 21:22:34 | 000,016,091 | ---- | C] () -- C:\Users\LinNancyUwe\2011-12-02.hrf
[2012.05.20 21:22:34 | 000,016,025 | ---- | C] () -- C:\Users\LinNancyUwe\2012-02-13.hrf
[2012.05.20 21:22:34 | 000,015,627 | ---- | C] () -- C:\Users\LinNancyUwe\2011-12-16.hrf
[2012.05.20 21:22:34 | 000,015,622 | ---- | C] () -- C:\Users\LinNancyUwe\2011-12-30.hrf
[2012.05.20 21:22:34 | 000,015,622 | ---- | C] () -- C:\Users\LinNancyUwe\2011-12-27.hrf
[2012.05.20 21:22:34 | 000,015,621 | ---- | C] () -- C:\Users\LinNancyUwe\2011-12-06.hrf
[2012.05.20 21:22:34 | 000,015,619 | ---- | C] () -- C:\Users\LinNancyUwe\2011-12-23.hrf
[2012.05.20 21:22:34 | 000,015,618 | ---- | C] () -- C:\Users\LinNancyUwe\2011-12-20.hrf
[2012.05.20 21:22:34 | 000,015,615 | ---- | C] () -- C:\Users\LinNancyUwe\2011-12-10.hrf
[2012.05.20 21:22:34 | 000,015,613 | ---- | C] () -- C:\Users\LinNancyUwe\2012-01-10.hrf
[2012.05.20 21:22:34 | 000,015,611 | ---- | C] () -- C:\Users\LinNancyUwe\2012-01-13.hrf
[2012.05.20 21:22:34 | 000,015,611 | ---- | C] () -- C:\Users\LinNancyUwe\2011-12-12.hrf
[2012.05.20 21:22:34 | 000,015,608 | ---- | C] () -- C:\Users\LinNancyUwe\2012-01-17.hrf
[2012.05.20 21:22:34 | 000,015,604 | ---- | C] () -- C:\Users\LinNancyUwe\2012-01-03.hrf
[2012.05.20 21:22:34 | 000,015,602 | ---- | C] () -- C:\Users\LinNancyUwe\2012-01-31.hrf
[2012.05.20 21:22:34 | 000,015,600 | ---- | C] () -- C:\Users\LinNancyUwe\2012-02-03.hrf
[2012.05.20 21:22:34 | 000,015,599 | ---- | C] () -- C:\Users\LinNancyUwe\2012-01-27.hrf
[2012.05.20 21:22:34 | 000,015,595 | ---- | C] () -- C:\Users\LinNancyUwe\2012-01-20.hrf
[2012.05.20 21:22:34 | 000,015,593 | ---- | C] () -- C:\Users\LinNancyUwe\2012-01-06.hrf
[2012.05.20 21:22:34 | 000,015,590 | ---- | C] () -- C:\Users\LinNancyUwe\2012-02-07.hrf
[2012.05.20 21:22:34 | 000,015,590 | ---- | C] () -- C:\Users\LinNancyUwe\2012-01-23.hrf
[2012.05.20 21:22:34 | 000,015,581 | ---- | C] () -- C:\Users\LinNancyUwe\2012-03-05.hrf
[2012.05.20 21:22:34 | 000,015,580 | ---- | C] () -- C:\Users\LinNancyUwe\2012-03-16.hrf
[2012.05.20 21:22:34 | 000,015,578 | ---- | C] () -- C:\Users\LinNancyUwe\2012-03-19.hrf
[2012.05.20 21:22:34 | 000,015,578 | ---- | C] () -- C:\Users\LinNancyUwe\2012-03-12.hrf
[2012.05.20 21:22:34 | 000,015,573 | ---- | C] () -- C:\Users\LinNancyUwe\2012-02-20.hrf
[2012.05.20 21:22:34 | 000,015,572 | ---- | C] () -- C:\Users\LinNancyUwe\2012-03-02.hrf
[2012.05.20 21:22:34 | 000,015,571 | ---- | C] () -- C:\Users\LinNancyUwe\2012-03-09.hrf
[2012.05.20 21:22:34 | 000,015,571 | ---- | C] () -- C:\Users\LinNancyUwe\2012-02-28.hrf
[2012.05.20 21:22:34 | 000,015,559 | ---- | C] () -- C:\Users\LinNancyUwe\2012-02-25.hrf
[2012.05.20 21:22:34 | 000,015,154 | ---- | C] () -- C:\Users\LinNancyUwe\2011-10-31.hrf
[2012.05.20 21:22:34 | 000,014,965 | ---- | C] () -- C:\Users\LinNancyUwe\2012-02-10.hrf
[2012.04.29 21:46:47 | 000,577,536 | ---- | C] () -- C:\Windows\System32\ChilkatCsv.dll
[2011.11.14 21:46:50 | 000,225,280 | ---- | C] () -- C:\Windows\System32\sdl.dll
[2011.09.28 20:51:47 | 000,001,492 | ---- | C] () -- C:\ProgramData\ss.ini
[2010.02.07 23:18:59 | 000,001,356 | ---- | C] () -- C:\Users\LinNancyUwe\AppData\Local\d3d9caps.dat
[2009.09.28 14:19:38 | 000,004,096 | ---- | C] () -- C:\Users\LinNancyUwe\AppData\Local\locked-keyfile3.drm.dfgq
[2008.09.27 14:21:28 | 000,000,310 | ---- | C] () -- C:\Users\LinNancyUwe\AppData\Roaming\wklnhst.dat
[2008.09.23 06:10:35 | 000,001,105 | ---- | C] () -- C:\Users\LinNancyUwe\Recent - Verknüpfung.lnk
[2008.09.17 19:36:03 | 000,135,168 | ---- | C] () -- C:\Users\LinNancyUwe\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2002.08.13 17:04:12 | 000,217,088 | ---- | C] () -- C:\Users\LinNancyUwe\AppData\Roaming\locked-MafiaSetup.exe.nvfp

========== ZeroAccess Check ==========

[2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
"ThreadingModel" = Both
"" = C:\$Recycle.Bin\S-1-5-21-3438887808-3780490940-1782055248-1000\$d8b5e6c5668795ced4d988d967e866f1\n.

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 08:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012.05.20 21:37:28 | 000,000,000 | -HSD | M] -- C:\Users\LinNancyUwe\AppData\Roaming\.#
[2011.07.28 05:01:53 | 000,000,000 | ---D | M] -- C:\Users\LinNancyUwe\AppData\Roaming\1&1 Mail & Media GmbH
[2012.05.20 21:37:28 | 000,000,000 | ---D | M] -- C:\Users\LinNancyUwe\AppData\Roaming\Acer GameZone Console
[2012.11.06 22:51:15 | 000,000,000 | ---D | M] -- C:\Users\LinNancyUwe\AppData\Roaming\Alawar Stargaze
[2013.02.22 21:25:08 | 000,000,000 | ---D | M] -- C:\Users\LinNancyUwe\AppData\Roaming\Ashampoo
[2009.10.28 21:49:07 | 000,000,000 | ---D | M] -- C:\Users\LinNancyUwe\AppData\Roaming\Awem
[2013.02.10 19:03:12 | 000,000,000 | ---D | M] -- C:\Users\LinNancyUwe\AppData\Roaming\Babylon
[2008.09.29 22:02:45 | 000,000,000 | ---D | M] -- C:\Users\LinNancyUwe\AppData\Roaming\Big Fish Games
[2009.03.08 21:16:02 | 000,000,000 | ---D | M] -- C:\Users\LinNancyUwe\AppData\Roaming\Buhl Data Service
[2013.03.26 22:11:19 | 000,000,000 | ---D | M] -- C:\Users\LinNancyUwe\AppData\Roaming\calibre
[2013.03.12 22:29:34 | 000,000,000 | ---D | M] -- C:\Users\LinNancyUwe\AppData\Roaming\Canneverbe Limited
[2011.08.10 08:29:27 | 000,000,000 | ---D | M] -- C:\Users\LinNancyUwe\AppData\Roaming\DAEMON Tools Lite
[2013.02.10 19:12:52 | 000,000,000 | ---D | M] -- C:\Users\LinNancyUwe\AppData\Roaming\Delta
[2010.12.29 18:14:00 | 000,000,000 | ---D | M] -- C:\Users\LinNancyUwe\AppData\Roaming\DTgrafic
[2010.03.27 15:38:03 | 000,000,000 | ---D | M] -- C:\Users\LinNancyUwe\AppData\Roaming\elsterformular
[2012.12.17 21:26:22 | 000,000,000 | ---D | M] -- C:\Users\LinNancyUwe\AppData\Roaming\Enlightenus2SE_BFG
[2012.11.06 08:01:15 | 000,000,000 | ---D | M] -- C:\Users\LinNancyUwe\AppData\Roaming\Espow
[2008.09.14 21:15:45 | 000,000,000 | ---D | M] -- C:\Users\LinNancyUwe\AppData\Roaming\FloodLightGames
[2012.05.20 21:37:26 | 000,000,000 | ---D | M] -- C:\Users\LinNancyUwe\AppData\Roaming\FRITZ!
[2011.02.20 17:19:52 | 000,000,000 | ---D | M] -- C:\Users\LinNancyUwe\AppData\Roaming\GetRightToGo
[2012.05.20 21:37:25 | 000,000,000 | ---D | M] -- C:\Users\LinNancyUwe\AppData\Roaming\gsak
[2012.05.20 21:37:25 | 000,000,000 | ---D | M] -- C:\Users\LinNancyUwe\AppData\Roaming\GTM_Bodie
[2009.10.27 21:19:24 | 000,000,000 | ---D | M] -- C:\Users\LinNancyUwe\AppData\Roaming\HdO Adventure
[2012.10.15 21:49:59 | 000,000,000 | ---D | M] -- C:\Users\LinNancyUwe\AppData\Roaming\Hovut
[2013.02.10 19:25:48 | 000,000,000 | ---D | M] -- C:\Users\LinNancyUwe\AppData\Roaming\Iminent
[2013.03.03 12:07:52 | 000,000,000 | ---D | M] -- C:\Users\LinNancyUwe\AppData\Roaming\IsolatedStorage
[2010.12.18 10:51:41 | 000,000,000 | ---D | M] -- C:\Users\LinNancyUwe\AppData\Roaming\Local
[2013.02.16 14:05:22 | 000,000,000 | ---D | M] -- C:\Users\LinNancyUwe\AppData\Roaming\Lonely Troops
[2010.12.20 16:29:03 | 000,000,000 | ---D | M] -- C:\Users\LinNancyUwe\AppData\Roaming\map&guide
[2012.12.28 14:24:29 | 000,000,000 | ---D | M] -- C:\Users\LinNancyUwe\AppData\Roaming\Merscom
[2011.08.12 12:36:56 | 000,000,000 | ---D | M] -- C:\Users\LinNancyUwe\AppData\Roaming\My Games
[2012.11.08 22:11:58 | 000,000,000 | ---D | M] -- C:\Users\LinNancyUwe\AppData\Roaming\Old Castle
[2010.12.18 17:17:23 | 000,000,000 | ---D | M] -- C:\Users\LinNancyUwe\AppData\Roaming\Opera
[2012.05.20 21:36:21 | 000,000,000 | ---D | M] -- C:\Users\LinNancyUwe\AppData\Roaming\phonostar-Player
[2012.12.30 15:13:09 | 000,000,000 | ---D | M] -- C:\Users\LinNancyUwe\AppData\Roaming\PopCapv1006
[2009.10.30 21:59:44 | 000,000,000 | ---D | M] -- C:\Users\LinNancyUwe\AppData\Roaming\Princess Isabella
[2012.05.20 21:36:21 | 000,000,000 | ---D | M] -- C:\Users\LinNancyUwe\AppData\Roaming\RobinsonCrusoeCER
[2013.02.10 14:47:28 | 000,000,000 | ---D | M] -- C:\Users\LinNancyUwe\AppData\Roaming\Systweak
[2010.12.14 21:52:25 | 000,000,000 | ---D | M] -- C:\Users\LinNancyUwe\AppData\Roaming\T-Online
[2013.03.28 15:57:29 | 000,000,000 | ---D | M] -- C:\Users\LinNancyUwe\AppData\Roaming\TeamViewer
[2008.09.27 14:21:42 | 000,000,000 | ---D | M] -- C:\Users\LinNancyUwe\AppData\Roaming\Template
[2011.08.17 20:43:26 | 000,000,000 | ---D | M] -- C:\Users\LinNancyUwe\AppData\Roaming\TitanicMystery
[2010.05.02 15:00:38 | 000,000,000 | ---D | M] -- C:\Users\LinNancyUwe\AppData\Roaming\TomTom
[2012.05.05 16:29:31 | 000,000,000 | ---D | M] -- C:\Users\LinNancyUwe\AppData\Roaming\Txan
[2011.02.12 09:23:21 | 000,000,000 | ---D | M] -- C:\Users\LinNancyUwe\AppData\Roaming\uniblue
[2011.09.19 21:06:25 | 000,000,000 | ---D | M] -- C:\Users\LinNancyUwe\AppData\Roaming\VistaCodecs
[2012.10.22 20:49:47 | 000,000,000 | ---D | M] -- C:\Users\LinNancyUwe\AppData\Roaming\Ydyn
[2009.10.23 21:17:49 | 000,000,000 | ---D | M] -- C:\Users\LinNancyUwe\AppData\Roaming\Zylom

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:FEBEC560
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:9F683177
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:E1F04E8D
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:C95B63DA
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:8173A019
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:8AB6C1D7
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:861A898F
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:4F636E25
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:580E04D8

< End of report >
Angehängte Dateien
Dateityp: txt Extras.Txt (40,2 KB, 128x aufgerufen)

Alt 16.05.2013, 22:45   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
GVU Trojaner Windows Vista - Standard

GVU Trojaner Windows Vista



Hallo und

Funktioniert dieser abgesicherte Modus uneingeschärnkt, d.h. auch mit Internetverbindung?

Zitat:
ShellExec_RunDLL G:\Vertriebsportal.exe
Hm, was ist denn das? Kennst du das Programm Vertriebsportal.exe?
__________________

__________________

Alt 17.05.2013, 03:44   #3
Liese77
 
GVU Trojaner Windows Vista - Standard

GVU Trojaner Windows Vista



Guten Morgen,

Danke für die schnelle Antwort.

Im abgesicherten Modus funktioniert alles einwandfrei. Da gibt keinerlei Probleme.

Die Liese.
__________________

Alt 17.05.2013, 10:14   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
GVU Trojaner Windows Vista - Standard

GVU Trojaner Windows Vista



Bitte die andere Frage auch beantworten, danke
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 17.05.2013, 16:23   #5
Liese77
 
GVU Trojaner Windows Vista - Standard

GVU Trojaner Windows Vista



Hallo,

Vertriebsportal sagt mir überhaupt nix.

Beste Grüße

Die Liese


Alt 17.05.2013, 18:40   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
GVU Trojaner Windows Vista - Standard

GVU Trojaner Windows Vista



Dann bitte jetzt Combofix ausführen:

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
--> GVU Trojaner Windows Vista

Alt 17.05.2013, 20:02   #7
Liese77
 
GVU Trojaner Windows Vista - Standard

GVU Trojaner Windows Vista



Hallo,
im Anhang findest Du die Log.txt.

Die Liese.
Angehängte Dateien
Dateityp: txt log.txt (36,2 KB, 141x aufgerufen)

Alt 17.05.2013, 20:56   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
GVU Trojaner Windows Vista - Standard

GVU Trojaner Windows Vista



Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 17.05.2013, 21:09   #9
Liese77
 
GVU Trojaner Windows Vista - Standard

GVU Trojaner Windows Vista



Code:
ATTFilter
ComboFix 13-05-16.02 - LinNancyUwe 17.05.2013  20:18:43.1.2 - x86 NETWORK
ausgeführt von:: c:\users\LinNancyUwe\Downloads\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Incredibar.com
c:\program files\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll
c:\program files\Incredibar.com\incredibar\1.5.11.14\incredibarApp.dll
c:\program files\Incredibar.com\incredibar\1.5.11.14\incredibarEng.dll
c:\program files\Incredibar.com\incredibar\1.5.11.14\incredibarsrv.exe
c:\program files\Incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll
c:\program files\Incredibar.com\incredibar\1.5.11.14\uninstall.exe
c:\program files\PCHealthCenter
c:\program files\Registry Defender Platinum
c:\program files\Registry Defender Platinum\backup\20.09.2008.reg
c:\program files\Registry Defender Platinum\Customer Support.url
c:\program files\Registry Defender Platinum\INSTALL.LOG
c:\program files\Registry Defender Platinum\install.sss
c:\program files\Registry Defender Platinum\mscomctl.ocx
c:\program files\Registry Defender Platinum\RegistryDefender.exe.manifest
c:\program files\Registry Defender Platinum\repair-bar\scanner-repair-1.jpg
c:\program files\Registry Defender Platinum\repair-bar\scanner-repair-10.jpg
c:\program files\Registry Defender Platinum\repair-bar\scanner-repair-11.jpg
c:\program files\Registry Defender Platinum\repair-bar\scanner-repair-12.jpg
c:\program files\Registry Defender Platinum\repair-bar\scanner-repair-13.jpg
c:\program files\Registry Defender Platinum\repair-bar\scanner-repair-14.jpg
c:\program files\Registry Defender Platinum\repair-bar\scanner-repair-15.jpg
c:\program files\Registry Defender Platinum\repair-bar\scanner-repair-16.jpg
c:\program files\Registry Defender Platinum\repair-bar\scanner-repair-17.jpg
c:\program files\Registry Defender Platinum\repair-bar\scanner-repair-18.jpg
c:\program files\Registry Defender Platinum\repair-bar\scanner-repair-19.jpg
c:\program files\Registry Defender Platinum\repair-bar\scanner-repair-2.jpg
c:\program files\Registry Defender Platinum\repair-bar\scanner-repair-20.jpg
c:\program files\Registry Defender Platinum\repair-bar\scanner-repair-21.jpg
c:\program files\Registry Defender Platinum\repair-bar\scanner-repair-22.jpg
c:\program files\Registry Defender Platinum\repair-bar\scanner-repair-23.jpg
c:\program files\Registry Defender Platinum\repair-bar\scanner-repair-24.jpg
c:\program files\Registry Defender Platinum\repair-bar\scanner-repair-25.jpg
c:\program files\Registry Defender Platinum\repair-bar\scanner-repair-26.jpg
c:\program files\Registry Defender Platinum\repair-bar\scanner-repair-27.jpg
c:\program files\Registry Defender Platinum\repair-bar\scanner-repair-28.jpg
c:\program files\Registry Defender Platinum\repair-bar\scanner-repair-29.jpg
c:\program files\Registry Defender Platinum\repair-bar\scanner-repair-3.jpg
c:\program files\Registry Defender Platinum\repair-bar\scanner-repair-30.jpg
c:\program files\Registry Defender Platinum\repair-bar\scanner-repair-31.jpg
c:\program files\Registry Defender Platinum\repair-bar\scanner-repair-32.jpg
c:\program files\Registry Defender Platinum\repair-bar\scanner-repair-33.jpg
c:\program files\Registry Defender Platinum\repair-bar\scanner-repair-34.jpg
c:\program files\Registry Defender Platinum\repair-bar\scanner-repair-35.jpg
c:\program files\Registry Defender Platinum\repair-bar\scanner-repair-36.jpg
c:\program files\Registry Defender Platinum\repair-bar\scanner-repair-37.jpg
c:\program files\Registry Defender Platinum\repair-bar\scanner-repair-38.jpg
c:\program files\Registry Defender Platinum\repair-bar\scanner-repair-39.jpg
c:\program files\Registry Defender Platinum\repair-bar\scanner-repair-4.jpg
c:\program files\Registry Defender Platinum\repair-bar\scanner-repair-40.jpg
c:\program files\Registry Defender Platinum\repair-bar\scanner-repair-41.jpg
c:\program files\Registry Defender Platinum\repair-bar\scanner-repair-42.jpg
c:\program files\Registry Defender Platinum\repair-bar\scanner-repair-43.jpg
c:\program files\Registry Defender Platinum\repair-bar\scanner-repair-44.jpg
c:\program files\Registry Defender Platinum\repair-bar\scanner-repair-45.jpg
c:\program files\Registry Defender Platinum\repair-bar\scanner-repair-46.jpg
c:\program files\Registry Defender Platinum\repair-bar\scanner-repair-47.jpg
c:\program files\Registry Defender Platinum\repair-bar\scanner-repair-48.jpg
c:\program files\Registry Defender Platinum\repair-bar\scanner-repair-49.jpg
c:\program files\Registry Defender Platinum\repair-bar\scanner-repair-5.jpg
c:\program files\Registry Defender Platinum\repair-bar\scanner-repair-50.jpg
c:\program files\Registry Defender Platinum\repair-bar\scanner-repair-6.jpg
c:\program files\Registry Defender Platinum\repair-bar\scanner-repair-7.jpg
c:\program files\Registry Defender Platinum\repair-bar\scanner-repair-8.jpg
c:\program files\Registry Defender Platinum\repair-bar\scanner-repair-9.jpg
c:\program files\Registry Defender Platinum\report.csv
c:\program files\Registry Defender Platinum\scan-bar-100\scanner100-0.jpg
c:\program files\Registry Defender Platinum\scan-bar-100\scanner100-1.jpg
c:\program files\Registry Defender Platinum\scan-bar-100\scanner100-10.jpg
c:\program files\Registry Defender Platinum\scan-bar-100\scanner100-100.jpg
c:\program files\Registry Defender Platinum\scan-bar-100\scanner100-11.jpg
c:\program files\Registry Defender Platinum\scan-bar-100\scanner100-12.jpg
c:\program files\Registry Defender Platinum\scan-bar-100\scanner100-13.jpg
c:\program files\Registry Defender Platinum\scan-bar-100\scanner100-14.jpg
c:\program files\Registry Defender Platinum\scan-bar-100\scanner100-15.jpg
c:\program files\Registry Defender Platinum\scan-bar-100\scanner100-16.jpg
c:\program files\Registry Defender Platinum\scan-bar-100\scanner100-17.jpg
c:\program files\Registry Defender Platinum\scan-bar-100\scanner100-18.jpg
c:\program files\Registry Defender Platinum\scan-bar-100\scanner100-19.jpg
c:\program files\Registry Defender Platinum\scan-bar-100\scanner100-2.jpg
c:\program files\Registry Defender Platinum\scan-bar-100\scanner100-20.jpg
c:\program files\Registry Defender Platinum\scan-bar-100\scanner100-21.jpg
c:\program files\Registry Defender Platinum\scan-bar-100\scanner100-22.jpg
c:\program files\Registry Defender Platinum\scan-bar-100\scanner100-23.jpg
c:\program files\Registry Defender Platinum\scan-bar-100\scanner100-24.jpg
c:\program files\Registry Defender Platinum\scan-bar-100\scanner100-25.jpg
c:\program files\Registry Defender Platinum\scan-bar-100\scanner100-26.jpg
c:\program files\Registry Defender Platinum\scan-bar-100\scanner100-27.jpg
c:\program files\Registry Defender Platinum\scan-bar-100\scanner100-28.jpg
c:\program files\Registry Defender Platinum\scan-bar-100\scanner100-29.jpg
c:\program files\Registry Defender Platinum\scan-bar-100\scanner100-3.jpg
c:\program files\Registry Defender Platinum\scan-bar-100\scanner100-30.jpg
c:\program files\Registry Defender Platinum\scan-bar-100\scanner100-31.jpg
c:\program files\Registry Defender Platinum\scan-bar-100\scanner100-32.jpg
c:\program files\Registry Defender Platinum\scan-bar-100\scanner100-33.jpg
c:\program files\Registry Defender Platinum\scan-bar-100\scanner100-34.jpg
c:\program files\Registry Defender Platinum\scan-bar-100\scanner100-35.jpg
c:\program files\Registry Defender Platinum\scan-bar-100\scanner100-36.jpg
c:\program files\Registry Defender Platinum\scan-bar-100\scanner100-37.jpg
c:\program files\Registry Defender Platinum\scan-bar-100\scanner100-38.jpg
c:\program files\Registry Defender Platinum\scan-bar-100\scanner100-39.jpg
c:\program files\Registry Defender Platinum\scan-bar-100\scanner100-4.jpg
c:\program files\Registry Defender Platinum\scan-bar-100\scanner100-40.jpg
c:\program files\Registry Defender Platinum\scan-bar-100\scanner100-41.jpg
c:\program files\Registry Defender Platinum\scan-bar-100\scanner100-42.jpg
c:\program files\Registry Defender Platinum\scan-bar-100\scanner100-43.jpg
c:\program files\Registry Defender Platinum\scan-bar-100\scanner100-44.jpg
c:\program files\Registry Defender Platinum\scan-bar-100\scanner100-45.jpg
c:\program files\Registry Defender Platinum\scan-bar-100\scanner100-46.jpg
c:\program files\Registry Defender Platinum\scan-bar-100\scanner100-47.jpg
c:\program files\Registry Defender Platinum\scan-bar-100\scanner100-48.jpg
c:\program files\Registry Defender Platinum\scan-bar-100\scanner100-49.jpg
c:\program files\Registry Defender Platinum\scan-bar-100\scanner100-5.jpg
c:\program files\Registry Defender Platinum\scan-bar-100\scanner100-50.jpg
c:\program files\Registry Defender Platinum\scan-bar-100\scanner100-51.jpg
c:\program files\Registry Defender Platinum\scan-bar-100\scanner100-52.jpg
c:\program files\Registry Defender Platinum\scan-bar-100\scanner100-53.jpg
c:\program files\Registry Defender Platinum\scan-bar-100\scanner100-54.jpg
c:\program files\Registry Defender Platinum\scan-bar-100\scanner100-55.jpg
c:\program files\Registry Defender Platinum\scan-bar-100\scanner100-56.jpg
c:\program files\Registry Defender Platinum\scan-bar-100\scanner100-57.jpg
c:\program files\Registry Defender Platinum\scan-bar-100\scanner100-58.jpg
c:\program files\Registry Defender Platinum\scan-bar-100\scanner100-59.jpg
c:\program files\Registry Defender Platinum\scan-bar-100\scanner100-6.jpg
c:\program files\Registry Defender Platinum\scan-bar-100\scanner100-60.jpg
c:\program files\Registry Defender Platinum\scan-bar-100\scanner100-61.jpg
c:\program files\Registry Defender Platinum\scan-bar-100\scanner100-62.jpg
c:\program files\Registry Defender Platinum\scan-bar-100\scanner100-63.jpg
c:\program files\Registry Defender Platinum\scan-bar-100\scanner100-64.jpg
c:\program files\Registry Defender Platinum\scan-bar-100\scanner100-65.jpg
c:\program files\Registry Defender Platinum\scan-bar-100\scanner100-66.jpg
c:\program files\Registry Defender Platinum\scan-bar-100\scanner100-67.jpg
c:\program files\Registry Defender Platinum\scan-bar-100\scanner100-68.jpg
c:\program files\Registry Defender Platinum\scan-bar-100\scanner100-69.jpg
c:\program files\Registry Defender Platinum\scan-bar-100\scanner100-7.jpg
c:\program files\Registry Defender Platinum\scan-bar-100\scanner100-70.jpg
c:\program files\Registry Defender Platinum\scan-bar-100\scanner100-71.jpg
c:\program files\Registry Defender Platinum\scan-bar-100\scanner100-72.jpg
c:\program files\Registry Defender Platinum\scan-bar-100\scanner100-73.jpg
c:\program files\Registry Defender Platinum\scan-bar-100\scanner100-74.jpg
c:\program files\Registry Defender Platinum\scan-bar-100\scanner100-75.jpg
c:\program files\Registry Defender Platinum\scan-bar-100\scanner100-76.jpg
c:\program files\Registry Defender Platinum\scan-bar-100\scanner100-77.jpg
c:\program files\Registry Defender Platinum\scan-bar-100\scanner100-78.jpg
c:\program files\Registry Defender Platinum\scan-bar-100\scanner100-79.jpg
c:\program files\Registry Defender Platinum\scan-bar-100\scanner100-8.jpg
c:\program files\Registry Defender Platinum\scan-bar-100\scanner100-80.jpg
c:\program files\Registry Defender Platinum\scan-bar-100\scanner100-81.jpg
c:\program files\Registry Defender Platinum\scan-bar-100\scanner100-82.jpg
c:\program files\Registry Defender Platinum\scan-bar-100\scanner100-83.jpg
c:\program files\Registry Defender Platinum\scan-bar-100\scanner100-84.jpg
c:\program files\Registry Defender Platinum\scan-bar-100\scanner100-85.jpg
c:\program files\Registry Defender Platinum\scan-bar-100\scanner100-86.jpg
c:\program files\Registry Defender Platinum\scan-bar-100\scanner100-87.jpg
c:\program files\Registry Defender Platinum\scan-bar-100\scanner100-88.jpg
c:\program files\Registry Defender Platinum\scan-bar-100\scanner100-89.jpg
c:\program files\Registry Defender Platinum\scan-bar-100\scanner100-9.jpg
c:\program files\Registry Defender Platinum\scan-bar-100\scanner100-90.jpg
c:\program files\Registry Defender Platinum\scan-bar-100\scanner100-91.jpg
c:\program files\Registry Defender Platinum\scan-bar-100\scanner100-92.jpg
c:\program files\Registry Defender Platinum\scan-bar-100\scanner100-93.jpg
c:\program files\Registry Defender Platinum\scan-bar-100\scanner100-94.jpg
c:\program files\Registry Defender Platinum\scan-bar-100\scanner100-95.jpg
c:\program files\Registry Defender Platinum\scan-bar-100\scanner100-96.jpg
c:\program files\Registry Defender Platinum\scan-bar-100\scanner100-97.jpg
c:\program files\Registry Defender Platinum\scan-bar-100\scanner100-98.jpg
c:\program files\Registry Defender Platinum\scan-bar-100\scanner100-99.jpg
c:\program files\Registry Defender Platinum\scan-bar-pulse\scannerpulse-0.jpg
c:\program files\Registry Defender Platinum\scan-bar-pulse\scannerpulse-1.jpg
c:\program files\Registry Defender Platinum\scan-bar-pulse\scannerpulse-10.jpg
c:\program files\Registry Defender Platinum\scan-bar-pulse\scannerpulse-11.jpg
c:\program files\Registry Defender Platinum\scan-bar-pulse\scannerpulse-12.jpg
c:\program files\Registry Defender Platinum\scan-bar-pulse\scannerpulse-13.jpg
c:\program files\Registry Defender Platinum\scan-bar-pulse\scannerpulse-14.jpg
c:\program files\Registry Defender Platinum\scan-bar-pulse\scannerpulse-15.jpg
c:\program files\Registry Defender Platinum\scan-bar-pulse\scannerpulse-16.jpg
c:\program files\Registry Defender Platinum\scan-bar-pulse\scannerpulse-17.jpg
c:\program files\Registry Defender Platinum\scan-bar-pulse\scannerpulse-18.jpg
c:\program files\Registry Defender Platinum\scan-bar-pulse\scannerpulse-19.jpg
c:\program files\Registry Defender Platinum\scan-bar-pulse\scannerpulse-2.jpg
c:\program files\Registry Defender Platinum\scan-bar-pulse\scannerpulse-20.jpg
c:\program files\Registry Defender Platinum\scan-bar-pulse\scannerpulse-21.jpg
c:\program files\Registry Defender Platinum\scan-bar-pulse\scannerpulse-22.jpg
c:\program files\Registry Defender Platinum\scan-bar-pulse\scannerpulse-23.jpg
c:\program files\Registry Defender Platinum\scan-bar-pulse\scannerpulse-24.jpg
c:\program files\Registry Defender Platinum\scan-bar-pulse\scannerpulse-25.jpg
c:\program files\Registry Defender Platinum\scan-bar-pulse\scannerpulse-26.jpg
c:\program files\Registry Defender Platinum\scan-bar-pulse\scannerpulse-27.jpg
c:\program files\Registry Defender Platinum\scan-bar-pulse\scannerpulse-28.jpg
c:\program files\Registry Defender Platinum\scan-bar-pulse\scannerpulse-29.jpg
c:\program files\Registry Defender Platinum\scan-bar-pulse\scannerpulse-3.jpg
c:\program files\Registry Defender Platinum\scan-bar-pulse\scannerpulse-30.jpg
c:\program files\Registry Defender Platinum\scan-bar-pulse\scannerpulse-31.jpg
c:\program files\Registry Defender Platinum\scan-bar-pulse\scannerpulse-32.jpg
c:\program files\Registry Defender Platinum\scan-bar-pulse\scannerpulse-33.jpg
c:\program files\Registry Defender Platinum\scan-bar-pulse\scannerpulse-34.jpg
c:\program files\Registry Defender Platinum\scan-bar-pulse\scannerpulse-35.jpg
c:\program files\Registry Defender Platinum\scan-bar-pulse\scannerpulse-36.jpg
c:\program files\Registry Defender Platinum\scan-bar-pulse\scannerpulse-37.jpg
c:\program files\Registry Defender Platinum\scan-bar-pulse\scannerpulse-38.jpg
c:\program files\Registry Defender Platinum\scan-bar-pulse\scannerpulse-39.jpg
c:\program files\Registry Defender Platinum\scan-bar-pulse\scannerpulse-4.jpg
c:\program files\Registry Defender Platinum\scan-bar-pulse\scannerpulse-40.jpg
c:\program files\Registry Defender Platinum\scan-bar-pulse\scannerpulse-41.jpg
c:\program files\Registry Defender Platinum\scan-bar-pulse\scannerpulse-42.jpg
c:\program files\Registry Defender Platinum\scan-bar-pulse\scannerpulse-43.jpg
c:\program files\Registry Defender Platinum\scan-bar-pulse\scannerpulse-44.jpg
c:\program files\Registry Defender Platinum\scan-bar-pulse\scannerpulse-45.jpg
c:\program files\Registry Defender Platinum\scan-bar-pulse\scannerpulse-46.jpg
c:\program files\Registry Defender Platinum\scan-bar-pulse\scannerpulse-47.jpg
c:\program files\Registry Defender Platinum\scan-bar-pulse\scannerpulse-48.jpg
c:\program files\Registry Defender Platinum\scan-bar-pulse\scannerpulse-49.jpg
c:\program files\Registry Defender Platinum\scan-bar-pulse\scannerpulse-5.jpg
c:\program files\Registry Defender Platinum\scan-bar-pulse\scannerpulse-50.jpg
c:\program files\Registry Defender Platinum\scan-bar-pulse\scannerpulse-51.jpg
c:\program files\Registry Defender Platinum\scan-bar-pulse\scannerpulse-52.jpg
c:\program files\Registry Defender Platinum\scan-bar-pulse\scannerpulse-53.jpg
c:\program files\Registry Defender Platinum\scan-bar-pulse\scannerpulse-54.jpg
c:\program files\Registry Defender Platinum\scan-bar-pulse\scannerpulse-55.jpg
c:\program files\Registry Defender Platinum\scan-bar-pulse\scannerpulse-56.jpg
c:\program files\Registry Defender Platinum\scan-bar-pulse\scannerpulse-57.jpg
c:\program files\Registry Defender Platinum\scan-bar-pulse\scannerpulse-58.jpg
c:\program files\Registry Defender Platinum\scan-bar-pulse\scannerpulse-59.jpg
c:\program files\Registry Defender Platinum\scan-bar-pulse\scannerpulse-6.jpg
c:\program files\Registry Defender Platinum\scan-bar-pulse\scannerpulse-60.jpg
c:\program files\Registry Defender Platinum\scan-bar-pulse\scannerpulse-61.jpg
c:\program files\Registry Defender Platinum\scan-bar-pulse\scannerpulse-62.jpg
c:\program files\Registry Defender Platinum\scan-bar-pulse\scannerpulse-63.jpg
c:\program files\Registry Defender Platinum\scan-bar-pulse\scannerpulse-64.jpg
c:\program files\Registry Defender Platinum\scan-bar-pulse\scannerpulse-65.jpg
c:\program files\Registry Defender Platinum\scan-bar-pulse\scannerpulse-7.jpg
c:\program files\Registry Defender Platinum\scan-bar-pulse\scannerpulse-8.jpg
c:\program files\Registry Defender Platinum\scan-bar-pulse\scannerpulse-9.jpg
c:\program files\Registry Defender Platinum\Uninstall.exe
c:\program files\Registry Defender Platinum\User Guide.url
c:\program files\TelevisionFanatic
c:\program files\TelevisionFanatic\bar\1.bin\64bar.dll
c:\program files\TelevisionFanatic\bar\1.bin\64barsvc.exe
c:\program files\TelevisionFanatic\bar\1.bin\64datact.dll
c:\program files\TelevisionFanatic\bar\1.bin\64dyn.dll
c:\program files\TelevisionFanatic\bar\1.bin\64feedmg.dll
c:\program files\TelevisionFanatic\bar\1.bin\64highin.exe
c:\program files\TelevisionFanatic\bar\1.bin\64hkstub.dll
c:\program files\TelevisionFanatic\bar\1.bin\64htmlmu.dll
c:\program files\TelevisionFanatic\bar\1.bin\64httpct.dll
c:\program files\TelevisionFanatic\bar\1.bin\64idle.dll
c:\program files\TelevisionFanatic\bar\1.bin\64impipe.exe
c:\program files\TelevisionFanatic\bar\1.bin\64medint.exe
c:\program files\TelevisionFanatic\bar\1.bin\64mlbtn.dll
c:\program files\TelevisionFanatic\bar\1.bin\64msg.dll
c:\program files\TelevisionFanatic\bar\1.bin\64Plugin.dll
c:\program files\TelevisionFanatic\bar\1.bin\64radio.dll
c:\program files\TelevisionFanatic\bar\1.bin\64regfft.dll
c:\program files\TelevisionFanatic\bar\1.bin\64reghk.dll
c:\program files\TelevisionFanatic\bar\1.bin\64script.dll
c:\program files\TelevisionFanatic\bar\1.bin\64skin.dll
c:\program files\TelevisionFanatic\bar\1.bin\64sknlcr.dll
c:\program files\TelevisionFanatic\bar\1.bin\64skplay.exe
c:\program files\TelevisionFanatic\bar\1.bin\64SrchMn.exe
c:\program files\TelevisionFanatic\bar\1.bin\64tpinst.dll
c:\program files\TelevisionFanatic\bar\1.bin\64uabtn.dll
c:\program files\TelevisionFanatic\bar\1.bin\AppIntegrator64.exe
c:\program files\TelevisionFanatic\bar\1.bin\AppIntegratorStub64.dll
c:\program files\TelevisionFanatic\bar\1.bin\BOOTSTRAP.JS
c:\program files\TelevisionFanatic\bar\1.bin\CHROME.MANIFEST
c:\program files\TelevisionFanatic\bar\1.bin\chrome\64ffxtbr.jar
c:\program files\TelevisionFanatic\bar\1.bin\CREXT.DLL
c:\program files\TelevisionFanatic\bar\1.bin\CrExtP64.exe
c:\program files\TelevisionFanatic\bar\1.bin\Hpg64.dll
c:\program files\TelevisionFanatic\bar\1.bin\INSTALL.RDF
c:\program files\TelevisionFanatic\bar\1.bin\installKeys.js
c:\program files\TelevisionFanatic\bar\1.bin\LOGO.BMP
c:\program files\TelevisionFanatic\bar\1.bin\NP64Stub.dll
c:\program files\TelevisionFanatic\bar\1.bin\T8EXTEX.DLL
c:\program files\TelevisionFanatic\bar\1.bin\T8EXTPEX.DLL
c:\program files\TelevisionFanatic\bar\1.bin\T8HTML.DLL
c:\program files\TelevisionFanatic\bar\1.bin\T8RES.DLL
c:\program files\TelevisionFanatic\bar\1.bin\T8TICKER.DLL
c:\program files\TelevisionFanatic\bar\gen1\COMMON.T8S
c:\program files\TelevisionFanatic\bar\IE9Mesg\COMMON.T8S
c:\program files\TelevisionFanatic\bar\Message\COMMON.T8S
c:\program files\TelevisionFanatic\bar\Settings\s_pid.dat
c:\programdata\aofolr.pad
c:\programdata\d7nCbVM.pad
c:\programdata\Microsoft\Windows\Start Menu\Programs\Registry Defender Platinum
c:\programdata\Microsoft\Windows\Start Menu\Programs\Registry Defender Platinum\Customer Support.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\Registry Defender Platinum\User Guide.lnk
c:\programdata\rlofoa.dat
c:\programdata\rundll32.exe
c:\users\LinNancyUwe\AppData\Roaming\.#
c:\users\LinNancyUwe\AppData\Roaming\.#\locked-MBX@16B4@1A72990.###.kcpf
c:\users\LinNancyUwe\AppData\Roaming\.#\locked-MBX@16B4@1A729C0.###.snrb
c:\users\LinNancyUwe\AppData\Roaming\.#\locked-MBX@16B4@1A729F0.###.jxod
c:\users\LinNancyUwe\AppData\Roaming\.#\MBX@16B4@1A72990.###
c:\users\LinNancyUwe\AppData\Roaming\.#\MBX@16B4@1A729C0.###
c:\users\LinNancyUwe\AppData\Roaming\.#\MBX@16B4@1A729F0.###
c:\users\LinNancyUwe\AppData\Roaming\Local
c:\users\LinNancyUwe\AppData\Roaming\Microsoft\Network\Connections\Pbk\_hiddenPbk
c:\users\LinNancyUwe\AppData\Roaming\Microsoft\Network\Connections\Pbk\_hiddenPbk\rasphone.pbk
c:\users\LinNancyUwe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Registry Defender Platinum
c:\users\LinNancyUwe\AppData\Roaming\Mozilla\Firefox\Profiles\czto7yrt.default\extensions\64ffxtbr@TelevisionFanatic.com
c:\users\LinNancyUwe\AppData\Roaming\Mozilla\Firefox\Profiles\czto7yrt.default\extensions\64ffxtbr@TelevisionFanatic.com\bootstrap.js
c:\users\LinNancyUwe\AppData\Roaming\Mozilla\Firefox\Profiles\czto7yrt.default\extensions\64ffxtbr@TelevisionFanatic.com\chrome.manifest
c:\users\LinNancyUwe\AppData\Roaming\Mozilla\Firefox\Profiles\czto7yrt.default\extensions\64ffxtbr@TelevisionFanatic.com\chrome\64ffxtbr.jar
c:\users\LinNancyUwe\AppData\Roaming\Mozilla\Firefox\Profiles\czto7yrt.default\extensions\64ffxtbr@TelevisionFanatic.com\install.rdf
c:\users\LinNancyUwe\AppData\Roaming\Mozilla\Firefox\Profiles\czto7yrt.default\extensions\64ffxtbr@TelevisionFanatic.com\META-INF\manifest.mf
c:\users\LinNancyUwe\AppData\Roaming\Mozilla\Firefox\Profiles\czto7yrt.default\extensions\64ffxtbr@TelevisionFanatic.com\META-INF\zigbert.rsa
c:\users\LinNancyUwe\AppData\Roaming\Mozilla\Firefox\Profiles\czto7yrt.default\extensions\64ffxtbr@TelevisionFanatic.com\META-INF\zigbert.sf
c:\users\LinNancyUwe\Documents\~WRL0150.tmp
c:\users\LinNancyUwe\Documents\~WRL1730.tmp
c:\windows\IsUn0407.exe
c:\windows\unin0407.exe
.
.
(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_TelevisionFanaticService
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-04-17 bis 2013-05-17  ))))))))))))))))))))))))))))))
.
.
2013-05-15 02:52 . 2013-05-15 02:52	2634	----a-w-	c:\programdata\aofolr.js
2013-05-14 23:57 . 2013-05-13 06:19	7016152	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{FD57A4C9-A4EA-413B-89DC-9DBD05568AFD}\mpengine.dll
2013-05-14 23:07 . 2013-05-14 23:07	17613192	----a-w-	c:\windows\system32\FlashPlayerInstaller.exe
2013-05-09 18:48 . 2013-05-09 18:48	--------	d-----w-	c:\program files\Common Files\Java
2013-05-09 18:43 . 2013-04-04 03:35	94112	----a-w-	c:\windows\system32\WindowsAccessBridge.dll
2013-04-30 19:48 . 2013-05-12 17:26	--------	d-----w-	c:\users\LinNancyUwe\AppData\Local\TelevisionFanatic
2013-04-21 20:05 . 2013-04-21 20:05	26520	----a-w-	c:\program files\Mozilla Firefox\plugin-hang-ui.exe
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-14 23:08 . 2012-04-09 11:33	692104	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2013-05-14 23:08 . 2011-05-20 03:09	71048	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2013-05-02 00:06 . 2009-10-02 23:12	238872	------w-	c:\windows\system32\MpSigStub.exe
2013-03-17 15:52 . 2013-03-17 15:54	861088	----a-w-	c:\windows\system32\npDeployJava1.dll
2013-03-17 15:52 . 2010-05-13 08:19	782240	----a-w-	c:\windows\system32\deployJava1.dll
2013-03-11 13:25 . 2013-04-10 10:55	3603816	----a-w-	c:\windows\system32\ntkrnlpa.exe
2013-03-11 13:25 . 2013-04-10 10:55	3551080	----a-w-	c:\windows\system32\ntoskrnl.exe
2013-03-09 03:45 . 2013-04-10 10:55	49152	----a-w-	c:\windows\system32\csrsrv.dll
2013-03-09 01:28 . 2013-04-10 10:55	64000	----a-w-	c:\windows\system32\smss.exe
2013-03-08 03:53 . 2013-04-10 10:52	376320	----a-w-	c:\windows\system32\winsrv.dll
2013-03-08 03:52 . 2013-04-10 10:52	2067968	----a-w-	c:\windows\system32\mstscax.dll
2013-03-05 01:40 . 2013-04-10 10:52	2049024	----a-w-	c:\windows\system32\win32k.sys
2013-03-03 19:07 . 2013-04-10 10:55	1082232	----a-w-	c:\windows\system32\drivers\ntfs.sys
2013-02-22 03:46 . 2013-04-11 01:11	1800704	----a-w-	c:\windows\system32\jscript9.dll
2013-02-22 03:38 . 2013-04-11 01:11	1129472	----a-w-	c:\windows\system32\wininet.dll
2013-02-22 03:37 . 2013-04-11 01:11	1427968	----a-w-	c:\windows\system32\inetcpl.cpl
2013-02-22 03:34 . 2013-04-11 01:11	142848	----a-w-	c:\windows\system32\ieUnatt.exe
2013-02-22 03:34 . 2013-04-11 01:12	420864	----a-w-	c:\windows\system32\vbscript.dll
2013-02-22 03:31 . 2013-04-11 01:12	2382848	----a-w-	c:\windows\system32\mshtml.tlb
2013-04-21 20:05 . 2013-03-17 12:58	263064	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}"= "c:\program files\MyAshampoo\prxtbMyA2.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{17166733-40EA-4432-A85C-AE672FF0E236}]
2011-05-11 15:38	154216	----a-w-	c:\programdata\1und1InternetExplorerAddon\BHOXML.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}]
2011-05-09 09:49	176936	----a-w-	c:\program files\MyAshampoo\prxtbMyA2.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}"= "c:\program files\MyAshampoo\prxtbMyA2.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{A1E75A0E-4397-4BA8-BB50-E19FB66890F4}"= "c:\program files\MyAshampoo\prxtbMyA2.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-01-03 00:00	39472	------w-	c:\acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-03-11 5296128]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-03-05 525360]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-01-22 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-01-22 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-01-22 133656]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-01-04 768520]
"Skytel"="Skytel.exe" [2007-11-20 1826816]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-07-21 159744]
"WarReg_PopUp"="c:\program files\Acer\WR_PopUp\WarReg_PopUp.exe" [2008-01-29 303104]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-06 281768]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2008-01-21 215552]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-12-09 1226608]
"DivX Download Manager"="c:\program files\DivX\DivX Plus Web Player\DDmService.exe" [2010-12-08 63360]
"Smart File Advisor"="c:\program files\Smart File Advisor\sfa.exe" [2011-04-04 280824]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"Iminent"="c:\program files\Iminent\Iminent.exe" [2013-01-25 1074736]
"IminentMessenger"="c:\program files\Iminent\Iminent.Messengers.exe" [2013-01-25 884784]
"MailCheck IE Broker"="c:\program files\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe" [2013-02-04 1513536]
"SearchSettings"="c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe" [2013-02-23 1297728]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"SPUpdSentinel"="c:\program files\Common Files\Umbrella\umbrella_bkp.exe" [2013-04-11 2795048]
.
c:\users\LinNancyUwe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Netzmanager.lnk - c:\program files\Netzmanager\netzmanager.exe [2012-7-20 14134784]
runctf.lnk - c:\windows\System32\rundll32.exe [2006-11-2 44544]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~2\browse~1\261095~1.52\{c16c1~1\browse~1.dll 
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile	REG_MULTI_SZ   	wcescomm rapimgr
LocalServiceRestricted	REG_MULTI_SZ   	WcesComm RapiMgr
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
HPZ12	REG_MULTI_SZ   	Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt	REG_MULTI_SZ   	hpqcxs08 hpqddsvc
.
Inhalt des "geplante Tasks" Ordners
.
2013-05-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-09 23:08]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
mStart Page = hxxp://de.intl.acer.yahoo.com
uInternet Settings,ProxyOverride = <local>
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{45741D7D-8C6C-48E5-9E37-D729D5B459CC}: NameServer = 192.168.2.1
Handler: webde - {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - c:\program files\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll
FF - ProfilePath - c:\users\LinNancyUwe\AppData\Roaming\Mozilla\Firefox\Profiles\czto7yrt.default\
FF - prefs.js: browser.search.selectedEngine - My Web Search
FF - prefs.js: browser.startup.homepage - hxxp://home.mywebsearch.com/index.jhtml?ptb=9F66AD19-1D6B-41D2-AFEC-1F72224DEAB4&n=77fcb509&p2=^XP^xdm116^YY^de&si=CLWGxO-R87YCFVDMtAodxTIARw
FF - prefs.js: keyword.URL - hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?st=kwd&ptb=9F66AD19-1D6B-41D2-AFEC-1F72224DEAB4&n=77fcb509&ind=2013050121&p2=^XP^xdm116^YY^de&si=CLWGxO-R87YCFVDMtAodxTIARw&searchfor=
FF - ExtSQL: 2013-04-30 21:42; 64ffxtbr@TelevisionFanatic.com; c:\users\LinNancyUwe\AppData\Roaming\Mozilla\Firefox\Profiles\czto7yrt.default\extensions\64ffxtbr@TelevisionFanatic.com
FF - ExtSQL: !HIDDEN! 2010-04-14 20:44; smartwebprinting@hp.com; c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF - ExtSQL: !HIDDEN! 2013-04-30 21:48; 64ffxtbr@TelevisionFanatic.com; c:\program files\TelevisionFanatic\bar\1.bin
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKCU-Run-Spiele Post - c:\program files\OXXOGames\GPlayer\GameCenterNotifier.exe
HKCU-Run-Hyycu - c:\users\LinNancyUwe\AppData\Roaming\Ydyn\xuuq.exe
HKLM-Run-ALaunch - c:\acer\ALaunch\AlaunchClient.exe
HKLM-Run-eRecoveryService - (no file)
HKLM-Run-Acer Tour Reminder - c:\acer\AcerTour\Reminder.exe
HKLM-Run-SetPanel - c:\acer\APanel\APanel.cmd
HKLM-Run-hpqSRMon - (no file)
SafeBoot-Wdf01000.sys
SafeBoot-WudfPf
SafeBoot-WudfRd
AddRemove-1ClickDownload - c:\program files\FTDownloader.com\uninst.exe
AddRemove-Adobe Acrobat 4.0 - c:\windows\ISUN0407.EXE
AddRemove-FUSSBALL MANAGER 2002 - c:\windows\unin0407.exe
AddRemove-incredibar - c:\program files\Incredibar.com\incredibar\1.5.11.14\uninstall.exe
AddRemove-The Mystery of the Dragon Prince_is1 - d:\spiele\The Mystery of the Dragon Prince\unins000.exe
AddRemove-Zoo Tycoon 1.0 - d:\spiele\Zoo-Tycoon\UNINSTAL.EXE
AddRemove-{0D987FB6-2CB1-4189-B6A1-5E8185E9A899} - c:\program files\Registry Defender Platinum\Uninstall.exe
AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\program files\DivX\DivXCodecUninstall.exe
AddRemove-{A5633652-3795-4829-BB0B-644F0279E279} - c:\acer\Empowering Technology\eDataSecurity\x86\eDSnstHelper.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2013-05-17 20:54
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
  Iminent = c:\program files\Iminent\Iminent.exe /warmup "F77F87E5-A6BD-4922-A530-EDF63D7E9F8C"???????????????????????????????????????????????????????????????????????????????????? 
  IminentMessenger = c:\program files\Iminent\Iminent.Messengers.exe???????????????????????????????????????????????? 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(1616)
c:\acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
c:\acer\Empowering Technology\eDataSecurity\x86\sysenv.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files\Ad-Aware\aawservice.exe
c:\program files\Mozilla Firefox\firefox.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-05-17  21:00:24 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2013-05-17 19:00
.
Vor Suchlauf: 78.393.344 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 12.769.964.032 Bytes frei
.
- - End Of File - - E208A96482A673344D4D9269CDB36CD0
#
         

Alt 17.05.2013, 21:12   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
GVU Trojaner Windows Vista - Standard

GVU Trojaner Windows Vista



Combofix-Skript
WARNUNG für die MITLESER:
Folgendes ComboFix Skript ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!

  • Lösche die vorhandene Combofix.exe von deinem Desktop und lade das Programm von folgenden Download-Spiegel neu herunter: Link
  • Speichere es erneut auf dem Desktop (nicht woanders hin, das ist wichtig)!
  • Drücke die Windows + R Taste --> notepad (hinein schreiben) --> OK
  • Kopiere nun den Text aus der folgenden Codebox komplett in das leere Textdokument.
    Code:
    ATTFilter
    File::
    c:\programdata\aofolr.js
    c:\users\LinNancyUwe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk
             
    Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
  • Speichere dies als CFScript.txt auf deinem Desktop.
  • Wichtig: Stelle deine Anti Viren Software temporär ab. Dies kann ComboFix nämlich bei der Arbeit behindern.
    Danach wieder anstellen nicht vergessen!
  • Schließe alle laufenden Programme damit ComboFix ungehindert arbeiten kann.
  • Ziehe CFScript.txt in die ComboFix.exe wie in diesem Bild:
  • Mache nichts am Computer, bewege nicht die Maus über das ComboFix-Fenster oder klicke in dieses hinein. Dies kann dazu führen, dass ComboFix sich aufhängt.
  • Wenn ComboFix fertig ist wird es ein Log erstellen: C:\ComboFix.txt
    Bitte füge es hier als Antwort (in CODE-Tags mit dem #-Button des Editors) ein.

Hinweis:
Suspect:: und Collect::
Falls im Skript diese Anweisungen enthalten sind, sollen Dateien zur Analyse eingeschickt werden. Es erscheint eine Message-Box, nachdem Combofix fertig ist. Klicke OK und folge den Aufforderungen/Anweisungen, um die Dateien hochzuladen. Teile mir unbedingt mit, ob der Upload geklappt hat!

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Antwort

Themen zu GVU Trojaner Windows Vista
ad-aware, autorun, avira, bho, browserprotect.dll, desktop, error, excel, firefox, flash player, google, helper, home, logfile, mindspark, mozilla, object, popup, realtek, recycle.bin, registry, rundll, scan, senden, software, sprotection, trojaner, vista, windows



Ähnliche Themen: GVU Trojaner Windows Vista


  1. GVU Trojaner auf Windows Vista
    Log-Analyse und Auswertung - 19.04.2014 (12)
  2. GVU - Trojaner in Windows Vista
    Plagegeister aller Art und deren Bekämpfung - 09.12.2013 (2)
  3. Windows Vista Trojaner
    Log-Analyse und Auswertung - 09.10.2013 (17)
  4. GVU Trojaner auf windows vista
    Plagegeister aller Art und deren Bekämpfung - 02.09.2013 (1)
  5. gvu trojaner windows vista
    Plagegeister aller Art und deren Bekämpfung - 21.08.2013 (23)
  6. GVU Trojaner Windows Vista
    Log-Analyse und Auswertung - 22.07.2013 (1)
  7. GVU/Trojaner Windows Vista
    Plagegeister aller Art und deren Bekämpfung - 09.05.2013 (5)
  8. GVU-Trojaner auf Windows Vista
    Plagegeister aller Art und deren Bekämpfung - 27.03.2013 (1)
  9. GVU- Trojaner Windows Vista
    Log-Analyse und Auswertung - 20.01.2013 (7)
  10. GVU Trojaner , Windows Vista
    Plagegeister aller Art und deren Bekämpfung - 13.01.2013 (23)
  11. GVU Trojaner 2.07 auf Windows Vista
    Log-Analyse und Auswertung - 28.10.2012 (24)
  12. BKA Trojaner 1.15 (Windows Vista)
    Log-Analyse und Auswertung - 05.10.2012 (37)
  13. GUV Trojaner Windows Vista
    Log-Analyse und Auswertung - 01.08.2012 (3)
  14. Windows Vista GVU Trojaner
    Plagegeister aller Art und deren Bekämpfung - 27.05.2012 (8)
  15. Infiziert mit Windows-Verschlüsselungs Trojaner -Mail mit Telefonrechnung - windows vista
    Plagegeister aller Art und deren Bekämpfung - 06.05.2012 (12)
  16. BKA-Trojaner Windows Vista
    Plagegeister aller Art und deren Bekämpfung - 25.03.2012 (1)
  17. Windows Vista Home Premium 32-Bit Trojaner Windows gesperrt 50€ zahlen.
    Log-Analyse und Auswertung - 23.01.2012 (1)

Zum Thema GVU Trojaner Windows Vista - Schönen guten Abend, ich habe mir offensichtlich den GVU-Trojaner eingefangen. Eine Systemwiederherstellung über einen Wiederherstellungspunkt funktioniert nicht. Habe mir im abgesicherten Modus OTL.exe runtergeladen und durchlaufen lassen. Die zwei kreierten - GVU Trojaner Windows Vista...
Archiv
Du betrachtest: GVU Trojaner Windows Vista auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.