|  | 
| 
 | |||||||
| Log-Analyse und Auswertung: GVU Trojaner 2013 unter VistaWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. | 
|  23.05.2013, 20:42 | #1 | 
|  |   GVU Trojaner 2013 unter Vista Hallo, habe gerade den Rechner meiner Schwester zu Hause. Sie hat den GVU Trojaner drauf. Ich werde den Rechner auf jeden Fall platt machen, nur ist es zur Datensicherung sicherlich besser, den Läppi erst mal zu bereinigen und dann die Daten zu sichern. Folgendes habe ich bisher durchgeführt: - virtuelle Laufwerke mit DeFogger deaktiviert - Scan mit OLT - Scan mit Gmer Am Anfang erschien der Sperrbildschirm beim normalen Start UND beim Start im abgesicherten Modus mit Netzwerktreibern. Nachdem der Rechner ein paar mal abgeschmiert ist komme ich komischerweise wieder ganz normal auf den Desktop. Im abgesicherten Modus mit Netzwerktreibern erscheint der Sperrbildschirm aber immer noch. Habe also die o.g. Scans im normalen Modus durchegeführt. Nach dem OLT Scan hat mir AntiVir einen verdächtigen Fund (JS/Agent.480412) gemeldet, den ich daraufhin entfernt habe. Der Scan mit GMER bricht leider nach wenigen Minuten mit einem Bluescreen ab! Ich hoffe, ihr könnt mir beim Bereinigen der Kiste helfen. Dafür schon mal ein fettes Danke! Falls noch Infos fehlen, bitten nen kleinen Hinweis, dann reiche ich sie sofort nach. Gruß hornet Hier die Logs: OLT.txt Code: 
  ATTFilter OTL logfile created on: 23.05.2013 19:35:21 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = D:\ Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 7.0.6002.18005) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1021,31 Mb Total Physical Memory | 250,36 Mb Available Physical Memory | 24,51% Memory free 2,25 Gb Paging File | 0,95 Gb Available in Paging File | 42,46% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 55,66 Gb Total Space | 16,84 Gb Free Space | 30,26% Space Free | Partition Type: NTFS Drive D: | 465,76 Gb Total Space | 465,65 Gb Free Space | 99,98% Space Free | Partition Type: NTFS Drive E: | 54,66 Gb Total Space | 46,22 Gb Free Space | 84,55% Space Free | Partition Type: NTFS Computer Name: VERENAUNDJUERGY | User Name: iiuuzgugz0guzkkk | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.05.23 18:48:36 | 000,602,112 | ---- | M] (OldTimer Tools) -- D:\OTL.exe PRC - [2013.05.07 14:03:41 | 000,562,744 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe PRC - [2013.05.07 14:03:00 | 000,345,312 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2013.05.07 01:08:11 | 006,579,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SoftwareDistribution\Download\Install\Windows-KB890830-V4.20-delta.exe PRC - [2013.05.03 15:57:16 | 000,093,832 | ---- | M] (Microsoft Corporation) -- d:\f67f7aabe1058a83d042b5b46dc2e0\mrtstub.exe PRC - [2013.03.22 16:09:37 | 002,787,280 | ---- | M] () -- C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe PRC - [2013.03.20 13:06:54 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2013.03.20 13:03:30 | 000,079,584 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2013.03.20 13:03:20 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2013.03.11 00:38:48 | 001,644,680 | ---- | M] (Ask) -- C:\Programme\Ask.com\Updater\Updater.exe PRC - [2012.01.23 06:43:08 | 000,092,592 | ---- | M] (TomTom) -- C:\Programme\TomTom HOME 2\TomTomHOMEService.exe PRC - [2011.11.14 13:02:04 | 000,435,672 | ---- | M] (TomTom) -- C:\Programme\MyTomTom 3\MyTomTomSA.exe PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.04.11 08:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe PRC - [2008.10.24 17:35:44 | 000,128,296 | ---- | M] () -- C:\Programme\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe PRC - [2008.07.22 22:44:06 | 000,357,376 | ---- | M] (shbox.de) -- C:\Programme\FreePDF_XP\fpassist.exe PRC - [2008.01.19 09:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe PRC - [2008.01.19 09:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2008.01.19 09:33:23 | 000,020,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RacAgent.exe PRC - [2007.01.15 17:14:54 | 000,147,456 | ---- | M] (Nero AG) -- C:\Programme\Common Files\Ahead\Lib\NMBgMonitor.exe PRC - [2007.01.15 17:13:50 | 001,208,320 | ---- | M] (Nero AG) -- C:\Programme\Common Files\Ahead\Lib\NMIndexStoreSvr.exe PRC - [2006.12.14 20:07:26 | 000,411,768 | ---- | M] (TOSHIBA Corporation) -- C:\Programme\TOSHIBA\Power Saver\TPwrMain.exe PRC - [2006.12.14 20:06:14 | 000,428,152 | ---- | M] (TOSHIBA Corporation) -- C:\Programme\TOSHIBA\Power Saver\TosCoSrv.exe PRC - [2006.12.11 18:27:12 | 000,530,552 | ---- | M] (TOSHIBA Corporation) -- C:\Programme\TOSHIBA\FlashCards\TCrdMain.exe PRC - [2006.11.14 21:33:10 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe PRC - [2006.11.13 11:29:40 | 000,413,696 | ---- | M] (TOSHIBA) -- C:\Programme\TOSHIBA\TOSCDSPD\TOSCDSPD.exe PRC - [2006.11.07 15:50:50 | 003,772,416 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe PRC - [2006.10.31 23:40:16 | 000,077,824 | ---- | M] (TOSHIBA CORPORATION) -- c:\Programme\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe PRC - [2006.10.27 14:11:02 | 000,192,512 | ---- | M] (Synaptics, Inc.) -- C:\Programme\Synaptics\SynTP\SynToshiba.exe PRC - [2006.09.12 09:03:00 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe PRC - [2006.08.23 17:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Programme\Common Files\Ulead Systems\DVD\ULCDRSvr.exe PRC - [2006.05.25 19:30:16 | 000,114,688 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe PRC - [2004.06.14 17:18:08 | 000,471,040 | ---- | M] (InstallShield Software Corporation) -- C:\Programme\Common Files\InstallShield\UpdateService\agent.exe ========== Modules (No Company Name) ========== MOD - [2013.03.22 16:09:37 | 002,787,280 | ---- | M] () -- C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe MOD - [2013.03.22 16:08:36 | 002,520,016 | ---- | M] () -- c:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll MOD - [2013.01.22 21:27:10 | 000,138,576 | ---- | M] () -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\ICQM\ICQ\dll\mramenu.dll MOD - [2013.01.14 22:36:20 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\b757806657fa5db2b1ed1a89b026b463\System.Xml.ni.dll MOD - [2013.01.14 22:32:59 | 001,593,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\78157a494dc9a7e52be8840decfcd9cc\System.Drawing.ni.dll MOD - [2013.01.14 22:30:59 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\4d2c890606d2a3a43a90684115bfccfc\PresentationFramework.Aero.ni.dll MOD - [2013.01.14 22:30:44 | 014,329,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\668c039655437b25586280e1fbff8ef0\PresentationFramework.ni.dll MOD - [2013.01.14 22:29:06 | 012,219,392 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\a8080296b18898342ce986091c08b0a4\PresentationCore.ni.dll MOD - [2013.01.14 22:28:04 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\9126f2ff9fd9c05900f67e963ccc27ef\WindowsBase.ni.dll MOD - [2013.01.14 22:27:41 | 007,977,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\cc149d08e75f8c53cd28ac926b38c370\System.ni.dll MOD - [2013.01.14 22:26:59 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\2227d1559f87943255069398608d5c56\mscorlib.ni.dll MOD - [2012.12.12 07:34:13 | 005,025,792 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll MOD - [2011.11.14 13:02:08 | 000,202,712 | ---- | M] () -- C:\Programme\MyTomTom 3\TomTomSupporterProxy.dll MOD - [2011.11.14 13:02:06 | 000,063,960 | ---- | M] () -- C:\Programme\MyTomTom 3\TomTomSupporterBase.dll MOD - [2011.11.14 13:01:52 | 007,964,160 | ---- | M] () -- C:\Programme\MyTomTom 3\QtGui4.dll MOD - [2011.11.14 13:01:52 | 002,648,064 | ---- | M] () -- C:\Programme\MyTomTom 3\QtXmlPatterns4.dll MOD - [2011.11.14 13:01:52 | 002,302,464 | ---- | M] () -- C:\Programme\MyTomTom 3\QtCore4.dll MOD - [2011.11.14 13:01:52 | 000,980,480 | ---- | M] () -- C:\Programme\MyTomTom 3\QtNetwork4.dll MOD - [2011.11.14 13:01:52 | 000,357,888 | ---- | M] () -- C:\Programme\MyTomTom 3\QtXml4.dll MOD - [2011.06.24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011.06.24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2009.03.30 06:42:11 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2009.02.25 03:16:56 | 000,110,592 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationCore.resources\3.0.0.0_de_31bf3856ad364e35\PresentationCore.resources.dll MOD - [2006.12.14 15:22:52 | 000,950,272 | ---- | M] () -- C:\Programme\TOSHIBA\FlashCards\de\TCrdMain.resources.dll MOD - [2006.12.01 19:55:42 | 000,009,216 | ---- | M] () -- C:\Programme\TOSHIBA\TBS\NotifyTBS.dll MOD - [2006.11.09 19:27:06 | 000,090,112 | ---- | M] () -- C:\Programme\TOSHIBA\FlashCards\TWarnMsg\TWarnMsg.dll MOD - [2006.11.08 19:08:30 | 000,009,216 | ---- | M] () -- C:\Programme\TOSHIBA\PCDiag\NotifyPCD.dll MOD - [2006.10.20 14:49:22 | 000,009,216 | ---- | M] () -- C:\Programme\TOSHIBA\ConfigFree\NotifyCFF.dll MOD - [2006.10.10 11:44:16 | 000,009,728 | ---- | M] () -- C:\Programme\TOSHIBA\TOSHIBA Assist\NotifyX.dll MOD - [2006.10.07 12:57:04 | 000,053,248 | ---- | M] () -- C:\Programme\TOSHIBA\TOSHIBA Disc Creator\NotifyTDC.dll MOD - [2006.09.16 23:19:36 | 000,126,976 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll ========== Services (SafeList) ========== SRV - File not found [On_Demand | Stopped] -- C:\Program Files\ALDI Foto Service Nord\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance) SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon -- (CLTNetCnService) SRV - [2013.05.16 14:46:31 | 000,128,000 | ---- | M] (Hilgraeve, Inc.) [On_Demand | Stopped] -- C:\ProgramData\tjmfco.dat -- (Winmgmt) SRV - [2013.05.16 14:28:04 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.05.07 14:03:41 | 000,562,744 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe -- (AntiVirWebService) SRV - [2013.04.13 16:05:49 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.03.22 16:09:37 | 002,787,280 | ---- | M] () [Auto | Running] -- C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe -- (BrowserProtect) SRV - [2013.03.20 13:06:54 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2013.03.20 13:03:20 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.01.23 06:43:08 | 000,092,592 | ---- | M] (TomTom) [Auto | Running] -- C:\Programme\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService) SRV - [2008.10.24 17:35:44 | 000,128,296 | ---- | M] () [Auto | Running] -- C:\Programme\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe -- (AAV UpdateService) SRV - [2008.01.19 09:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2008.01.19 09:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2006.12.14 20:06:14 | 000,428,152 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Programme\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv) SRV - [2006.11.14 21:33:10 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe -- (CFSvcs) SRV - [2006.10.31 23:40:16 | 000,077,824 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- c:\Programme\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service) SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) SRV - [2006.09.12 09:03:00 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio) SRV - [2006.08.23 17:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Programme\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper) SRV - [2006.05.25 19:30:16 | 000,114,688 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive) DRV - [2013.03.20 13:09:04 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2013.03.20 13:09:03 | 000,135,136 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2013.03.20 13:09:03 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2013.03.20 13:09:02 | 000,084,744 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2007.09.26 14:12:22 | 002,251,776 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) DRV - [2007.07.11 15:51:48 | 000,019,840 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbdiag.sys -- (UsbDiag) DRV - [2007.07.11 10:45:00 | 000,021,632 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbmodem.sys -- (USBModem) DRV - [2007.07.11 10:40:18 | 000,012,416 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbbus.sys -- (usbbus) DRV - [2007.05.11 03:10:50 | 000,034,704 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\blueletaudio.sys -- (BlueletAudio) DRV - [2007.05.09 01:59:40 | 000,036,496 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btcusb.sys -- (Btcsrusb) DRV - [2007.03.05 06:00:04 | 000,027,792 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BlueletSCOAudio.sys -- (BlueletSCOAudio) DRV - [2007.03.05 05:59:04 | 000,018,320 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btnetdrv.sys -- (BT) DRV - [2007.03.05 05:56:18 | 000,035,600 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\BtHidMgr.sys -- (BTHidMgr) DRV - [2007.03.05 05:55:12 | 000,020,880 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\VBTEnum.sys -- (BTHidEnum) DRV - [2007.03.05 05:53:18 | 000,044,304 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VCommMgr.sys -- (VcommMgr) DRV - [2007.03.05 05:52:18 | 000,034,448 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VComm.sys -- (VComm) DRV - [2006.12.07 21:25:00 | 004,456,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2006.11.21 14:57:36 | 000,113,792 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfbd.sys -- (tosrfbd) DRV - [2006.11.19 23:11:14 | 000,007,168 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\FwLnk.sys -- (FwLnk) DRV - [2006.10.30 10:42:28 | 001,786,880 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) DRV - [2006.10.28 01:29:10 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfusb.sys -- (Tosrfusb) DRV - [2006.10.23 17:32:20 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfec.sys -- (tosrfec) DRV - [2006.10.18 12:50:04 | 000,016,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst) DRV - [2006.10.05 23:22:14 | 000,016,768 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TVALZ_O.SYS -- (TVALZ) DRV - [2006.10.05 17:07:46 | 000,073,600 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TosRfhid.sys -- (Tosrfhid) DRV - [2006.08.31 07:53:00 | 001,161,152 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2006.07.06 14:44:00 | 000,168,448 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tifm21.sys -- (tifm21) DRV - [2006.02.14 19:50:52 | 000,216,320 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\KR10I.sys -- (KR10I) DRV - [2006.02.14 19:41:20 | 000,208,256 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\KR10N.sys -- (KR10N) DRV - [2005.08.01 17:45:08 | 000,064,896 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\tosrfcom.sys -- (Tosrfcom) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Prev Search Bar = hxxp://google.icq.com/search/search_frame.php IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://google.icq.com/search/search_frame.php IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://google.icq.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.avira.com/?l=dis&o=APN10261&gct=hp&dc=EU&locale=de_DE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: - No CLSID value found IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10261&src=crm&q={searchTerms}&locale=&apn_ptnrs=^AGS&apn_dtid=^YYYYYY^YY^DE&apn_uid=cbe26291-5f6d-4268-9f3e-6eb476e7e7e8&apn_sauid=8F1C5B40-F5F6-4637-B78C-635D3AC596C9 IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GCNV_de IE - HKCU\..\SearchScopes\{BE9654C9-9D79-42ec-B55A-3CAEB12DBF58}: "URL" = hxxp://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd IE - HKCU\..\SearchScopes\{FFEBBF0A-C22C-4172-89FF-45215A135AC8}: "URL" = hxxp://search.icq.com/search/results.php?q=%s&ch_id=hm&search_mode=web IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaulturl: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.2.9&q=" FF - prefs.js..browser.search.order.1: "Delta Search" FF - prefs.js..browser.search.selectedEngine: "Delta Search" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1 FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.7 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..network.proxy.type: 4 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\ProgramData\Mozilla\Firefox Extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2007.07.23 19:23:31 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}: C:\Program Files\Common Files\DVDVideoSoft\plugins\ff\ [2013.04.24 20:25:51 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.04.13 16:06:12 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.04.13 16:03:39 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.04.13 16:06:12 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.04.13 16:03:39 | 000,000,000 | ---D | M] [2008.09.02 12:37:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\mozilla\Extensions [2008.08.10 13:36:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\mozilla\Extensions\home2@tomtom.com [2013.05.13 21:05:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\mozilla\Firefox\Profiles\r0dg6nbj.default\extensions [2010.05.02 12:42:14 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\mozilla\Firefox\Profiles\r0dg6nbj.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.09.06 20:13:10 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\mozilla\Firefox\Profiles\r0dg6nbj.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2012.07.25 20:06:29 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\mozilla\Firefox\Profiles\r0dg6nbj.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2009.09.12 16:31:01 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\mozilla\Firefox\Profiles\r0dg6nbj.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7} [2013.04.24 20:29:38 | 000,000,000 | ---D | M] (Delta Toolbar) -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\mozilla\Firefox\Profiles\r0dg6nbj.default\extensions\ffxtlbr@delta.com [2013.04.25 22:04:13 | 000,000,000 | ---D | M] ("Avira SearchFree Toolbar plus Web Protection") -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\mozilla\Firefox\Profiles\r0dg6nbj.default\extensions\toolbar@ask.com [2013.05.13 21:05:33 | 000,620,130 | ---- | M] () (No name found) -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\mozilla\firefox\profiles\r0dg6nbj.default\extensions\toolbar@web.de.xpi [2012.12.11 18:41:20 | 000,036,098 | ---- | M] () (No name found) -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\mozilla\firefox\profiles\r0dg6nbj.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi [2013.02.19 21:09:30 | 000,007,919 | ---- | M] () (No name found) -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\mozilla\firefox\profiles\r0dg6nbj.default\extensions\toolbar@ask.com\chrome\content\Abine\chrome\content\ff\view_expiry.js [2013.03.22 22:01:14 | 000,001,050 | ---- | M] () -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\mozilla\firefox\profiles\r0dg6nbj.default\searchplugins\11-suche.xml [2013.04.25 20:10:55 | 000,002,413 | ---- | M] () -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\mozilla\firefox\profiles\r0dg6nbj.default\searchplugins\askcom.xml [2013.05.03 13:33:07 | 000,006,473 | ---- | M] () -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\mozilla\firefox\profiles\r0dg6nbj.default\searchplugins\babylon.xml [2013.05.03 13:33:07 | 000,006,473 | ---- | M] () -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\mozilla\firefox\profiles\r0dg6nbj.default\searchplugins\BrowserProtect.xml [2013.04.24 20:29:44 | 000,001,294 | ---- | M] () -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\mozilla\firefox\profiles\r0dg6nbj.default\searchplugins\delta.xml [2013.03.22 22:01:15 | 000,002,418 | ---- | M] () -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\mozilla\firefox\profiles\r0dg6nbj.default\searchplugins\englische-ergebnisse.xml [2013.03.22 22:01:14 | 000,010,701 | ---- | M] () -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\mozilla\firefox\profiles\r0dg6nbj.default\searchplugins\gmx-suche.xml [2013.05.12 20:23:07 | 000,000,950 | ---- | M] () -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\mozilla\firefox\profiles\r0dg6nbj.default\searchplugins\icqplugin-1.xml [2009.02.06 22:17:00 | 000,000,950 | ---- | M] () -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\mozilla\firefox\profiles\r0dg6nbj.default\searchplugins\icqplugin-10.xml [2009.03.08 21:54:16 | 000,000,950 | ---- | M] () -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\mozilla\firefox\profiles\r0dg6nbj.default\searchplugins\icqplugin-11.xml [2009.04.05 17:53:34 | 000,000,950 | ---- | M] () -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\mozilla\firefox\profiles\r0dg6nbj.default\searchplugins\icqplugin-12.xml [2011.03.05 13:29:22 | 000,000,950 | ---- | M] () -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\mozilla\firefox\profiles\r0dg6nbj.default\searchplugins\icqplugin-13.xml [2011.03.07 21:43:09 | 000,000,950 | ---- | M] () -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\mozilla\firefox\profiles\r0dg6nbj.default\searchplugins\icqplugin-14.xml [2011.03.26 22:16:25 | 000,000,950 | ---- | M] () -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\mozilla\firefox\profiles\r0dg6nbj.default\searchplugins\icqplugin-15.xml [2011.04.27 22:03:02 | 000,000,950 | ---- | M] () -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\mozilla\firefox\profiles\r0dg6nbj.default\searchplugins\icqplugin-16.xml [2011.06.09 20:43:06 | 000,000,950 | ---- | M] () -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\mozilla\firefox\profiles\r0dg6nbj.default\searchplugins\icqplugin-17.xml [2011.07.03 17:03:47 | 000,000,950 | ---- | M] () -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\mozilla\firefox\profiles\r0dg6nbj.default\searchplugins\icqplugin-18.xml [2011.07.05 22:19:34 | 000,000,950 | ---- | M] () -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\mozilla\firefox\profiles\r0dg6nbj.default\searchplugins\icqplugin-19.xml [2008.04.17 19:42:54 | 000,000,950 | ---- | M] () -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\mozilla\firefox\profiles\r0dg6nbj.default\searchplugins\icqplugin-2.xml [2011.08.17 19:44:20 | 000,000,950 | ---- | M] () -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\mozilla\firefox\profiles\r0dg6nbj.default\searchplugins\icqplugin-20.xml [2011.08.24 20:08:57 | 000,000,950 | ---- | M] () -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\mozilla\firefox\profiles\r0dg6nbj.default\searchplugins\icqplugin-21.xml [2011.09.14 17:26:22 | 000,000,950 | ---- | M] () -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\mozilla\firefox\profiles\r0dg6nbj.default\searchplugins\icqplugin-22.xml [2011.08.18 21:40:40 | 000,000,618 | ---- | M] () -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\mozilla\firefox\profiles\r0dg6nbj.default\searchplugins\icqplugin-23.xml [2011.10.04 17:29:52 | 000,000,950 | ---- | M] () -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\mozilla\firefox\profiles\r0dg6nbj.default\searchplugins\icqplugin-24.xml [2011.10.12 12:08:52 | 000,000,950 | ---- | M] () -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\mozilla\firefox\profiles\r0dg6nbj.default\searchplugins\icqplugin-25.xml [2011.11.11 22:38:10 | 000,000,950 | ---- | M] () -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\mozilla\firefox\profiles\r0dg6nbj.default\searchplugins\icqplugin-26.xml [2011.11.16 21:36:25 | 000,000,950 | ---- | M] () -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\mozilla\firefox\profiles\r0dg6nbj.default\searchplugins\icqplugin-27.xml [2011.12.05 18:27:15 | 000,000,950 | ---- | M] () -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\mozilla\firefox\profiles\r0dg6nbj.default\searchplugins\icqplugin-28.xml [2011.12.21 17:16:36 | 000,000,950 | ---- | M] () -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\mozilla\firefox\profiles\r0dg6nbj.default\searchplugins\icqplugin-29.xml [2008.07.07 21:23:52 | 000,000,950 | ---- | M] () -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\mozilla\firefox\profiles\r0dg6nbj.default\searchplugins\icqplugin-3.xml [2011.12.21 19:09:31 | 000,000,950 | ---- | M] () -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\mozilla\firefox\profiles\r0dg6nbj.default\searchplugins\icqplugin-30.xml [2012.01.09 18:44:33 | 000,000,950 | ---- | M] () -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\mozilla\firefox\profiles\r0dg6nbj.default\searchplugins\icqplugin-31.xml [2012.01.12 12:36:43 | 000,000,950 | ---- | M] () -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\mozilla\firefox\profiles\r0dg6nbj.default\searchplugins\icqplugin-32.xml [2012.02.09 17:28:19 | 000,000,950 | ---- | M] () -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\mozilla\firefox\profiles\r0dg6nbj.default\searchplugins\icqplugin-33.xml [2012.02.16 15:23:57 | 000,000,950 | ---- | M] () -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\mozilla\firefox\profiles\r0dg6nbj.default\searchplugins\icqplugin-34.xml [2012.02.21 18:38:08 | 000,000,950 | ---- | M] () -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\mozilla\firefox\profiles\r0dg6nbj.default\searchplugins\icqplugin-35.xml [2012.04.01 19:51:11 | 000,000,950 | ---- | M] () -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\mozilla\firefox\profiles\r0dg6nbj.default\searchplugins\icqplugin-36.xml [2012.05.16 18:41:17 | 000,000,950 | ---- | M] () -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\mozilla\firefox\profiles\r0dg6nbj.default\searchplugins\icqplugin-37.xml [2012.06.14 20:43:28 | 000,000,950 | ---- | M] () -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\mozilla\firefox\profiles\r0dg6nbj.default\searchplugins\icqplugin-38.xml [2012.06.26 18:37:33 | 000,000,950 | ---- | M] () -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\mozilla\firefox\profiles\r0dg6nbj.default\searchplugins\icqplugin-39.xml [2008.07.09 18:23:18 | 000,000,950 | ---- | M] () -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\mozilla\firefox\profiles\r0dg6nbj.default\searchplugins\icqplugin-4.xml [2012.07.30 17:58:23 | 000,000,950 | ---- | M] () -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\mozilla\firefox\profiles\r0dg6nbj.default\searchplugins\icqplugin-40.xml [2012.08.16 11:01:02 | 000,000,950 | ---- | M] () -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\mozilla\firefox\profiles\r0dg6nbj.default\searchplugins\icqplugin-41.xml [2012.09.04 16:52:30 | 000,000,950 | ---- | M] () -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\mozilla\firefox\profiles\r0dg6nbj.default\searchplugins\icqplugin-42.xml [2012.09.11 20:17:48 | 000,000,950 | ---- | M] () -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\mozilla\firefox\profiles\r0dg6nbj.default\searchplugins\icqplugin-43.xml [2012.11.02 11:23:39 | 000,000,950 | ---- | M] () -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\mozilla\firefox\profiles\r0dg6nbj.default\searchplugins\icqplugin-44.xml [2012.11.06 20:51:31 | 000,000,950 | ---- | M] () -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\mozilla\firefox\profiles\r0dg6nbj.default\searchplugins\icqplugin-45.xml [2012.12.11 18:45:00 | 000,000,950 | ---- | M] () -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\mozilla\firefox\profiles\r0dg6nbj.default\searchplugins\icqplugin-46.xml [2013.01.22 21:22:37 | 000,000,950 | ---- | M] () -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\mozilla\firefox\profiles\r0dg6nbj.default\searchplugins\icqplugin-47.xml [2013.02.09 18:56:18 | 000,000,950 | ---- | M] () -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\mozilla\firefox\profiles\r0dg6nbj.default\searchplugins\icqplugin-48.xml [2013.03.12 16:38:05 | 000,000,950 | ---- | M] () -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\mozilla\firefox\profiles\r0dg6nbj.default\searchplugins\icqplugin-49.xml [2008.07.23 22:53:11 | 000,000,950 | ---- | M] () -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\mozilla\firefox\profiles\r0dg6nbj.default\searchplugins\icqplugin-5.xml [2013.03.17 11:49:56 | 000,000,950 | ---- | M] () -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\mozilla\firefox\profiles\r0dg6nbj.default\searchplugins\icqplugin-50.xml [2013.04.15 17:22:27 | 000,000,950 | ---- | M] () -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\mozilla\firefox\profiles\r0dg6nbj.default\searchplugins\icqplugin-51.xml [2008.09.02 13:03:09 | 000,000,950 | ---- | M] () -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\mozilla\firefox\profiles\r0dg6nbj.default\searchplugins\icqplugin-6.xml [2008.10.12 20:25:46 | 000,000,950 | ---- | M] () -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\mozilla\firefox\profiles\r0dg6nbj.default\searchplugins\icqplugin-7.xml [2008.11.13 19:28:55 | 000,000,950 | ---- | M] () -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\mozilla\firefox\profiles\r0dg6nbj.default\searchplugins\icqplugin-8.xml [2008.12.18 16:34:30 | 000,000,950 | ---- | M] () -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\mozilla\firefox\profiles\r0dg6nbj.default\searchplugins\icqplugin-9.xml [2011.03.30 15:14:34 | 000,001,042 | ---- | M] () -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\mozilla\firefox\profiles\r0dg6nbj.default\searchplugins\icqplugin.xml [2013.03.22 22:01:15 | 000,002,432 | ---- | M] () -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\mozilla\firefox\profiles\r0dg6nbj.default\searchplugins\lastminute.xml [2013.03.22 22:01:14 | 000,005,682 | ---- | M] () -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\mozilla\firefox\profiles\r0dg6nbj.default\searchplugins\webde-suche.xml [2013.04.13 16:03:14 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2013.04.13 16:03:08 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2013.04.13 16:03:13 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013.04.13 16:06:08 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.06.14 11:01:27 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2013.04.24 20:29:12 | 000,006,470 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml [2012.09.04 16:50:04 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.06.14 11:01:27 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.06.14 11:01:27 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.06.14 11:01:27 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.14 11:01:27 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (DVDVideoSoft WebPageAdjuster Class) - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Programme\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.) O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [00TCrdMain] C:\Programme\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe (shbox.de) O4 - HKLM..\Run: [HSON] C:\Programme\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [NDSTray.exe] NDSTray.exe File not found O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [SmoothView] C:\Programme\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe (TOSHIBA) O4 - HKLM..\Run: [Toshiba Registration] C:\Programme\TOSHIBA\Registration\ToshibaRegistration.exe (Toshiba) O4 - HKLM..\Run: [TPwrMain] C:\Programme\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" File not found O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG) O4 - HKCU..\Run: [ctfmon.exe] C:\ProgramData\tjmfco.dat (Hilgraeve, Inc.) O4 - HKCU..\Run: [ICQ] C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\ICQM\icq.exe (ICQ) O4 - HKCU..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe File not found O4 - HKCU..\Run: [MyTomTomSA.exe] C:\Program Files\MyTomTom 3\MyTomTomSA.exe (TomTom) O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom) O4 - HKCU..\Run: [TOSCDSPD] TOSCDSPD.EXE File not found O4 - Startup: C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Programme\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm () O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre7\bin\jp2iexp.dll () O9 - Extra Button: ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Programme\ICQ7.6\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Programme\ICQ7.6\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe File not found O9 - Extra 'Tools' menuitem : ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe File not found O9 - Extra Button: eBay - {C08CAF1D-C0A3-40D5-9970-06D067EAC017} - hxxp://www.webtip.ch/cgi-bin/toshiba/tracker_url_de.pl?hxxp://www.ebay.de/ File not found O9 - Extra Button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Programme\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.) O9 - Extra 'Tools' menuitem : Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Programme\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000043 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O13 - gopher Prefix: missing O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {3DF6983D-D415-4AE5-8106-43987731DAA5} https://shop.aldi-fotoservice-druck.de/shop/activex/aldi_nord_express_upload.cab (AldiActiveFormX Element) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 10.17.2) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{214C0E51-6235-49F0-BCB0-62C3A0472FDA}: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (c:\progra~2\browse~1\261249~1.132\{c16c1~1\browse~1.dll) - c:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll () O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{47206f6b-3bc5-11e2-aced-001167b66309}\Shell - "" = AutoRun O33 - MountPoints2\{47206f6b-3bc5-11e2-aced-001167b66309}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013.05.16 14:46:31 | 000,128,000 | ---- | C] (Hilgraeve, Inc.) -- C:\ProgramData\tjmfco.dat [2013.05.16 14:46:31 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\ProgramData\rundll32.exe [2013.05.16 14:46:23 | 000,128,000 | ---- | C] (Hilgraeve, Inc.) -- C:\Users\iiuuzgugz0guzkkk\3251098.dll [2013.04.25 22:44:05 | 000,000,000 | ---D | C] -- C:\Windows\System32\Extensions [2013.04.25 22:43:49 | 000,000,000 | ---D | C] -- C:\Windows\System32\searchplugins [2013.04.24 20:30:06 | 000,000,000 | ---D | C] -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserProtect [2013.04.24 20:29:46 | 000,000,000 | ---D | C] -- C:\ProgramData\BrowserProtect [2013.04.24 20:29:37 | 000,000,000 | ---D | C] -- C:\Program Files\Delta [2013.04.24 20:28:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon [2013.04.24 20:28:18 | 000,000,000 | ---D | C] -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\Babylon [2013.04.24 20:25:19 | 000,000,000 | ---D | C] -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\OpenCandy [2013.04.24 20:25:19 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DVDVideoSoft [2013.04.24 20:25:18 | 000,000,000 | ---D | C] -- C:\Program Files\DVDVideoSoft [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.05.23 19:50:09 | 000,000,440 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{D9B30BB4-63C0-47D4-A444-A174F9308500}.job [2013.05.23 19:26:56 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.05.23 19:15:11 | 000,000,000 | ---- | M] () -- C:\Users\iiuuzgugz0guzkkk\defogger_reenable [2013.05.23 19:12:51 | 000,013,542 | ---- | M] () -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\nvModes.001 [2013.05.23 19:08:49 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2013.05.23 19:08:49 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2013.05.23 19:08:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.05.23 19:00:18 | 095,023,320 | ---- | M] () -- C:\ProgramData\ocfmjt.pad [2013.05.16 14:46:59 | 000,000,869 | ---- | M] () -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\msconfig.lnk [2013.05.16 14:46:53 | 000,002,634 | ---- | M] () -- C:\ProgramData\ocfmjt.js [2013.05.13 22:08:10 | 000,013,542 | ---- | M] () -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\nvModes.dat [2013.05.12 21:09:14 | 000,002,637 | ---- | M] () -- C:\Users\iiuuzgugz0guzkkk\Desktop\Microsoft Office Word 2003.lnk [2013.04.24 20:26:04 | 000,001,196 | ---- | M] () -- C:\Users\Public\Desktop\Free YouTube to MP3 Converter.lnk [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.05.23 19:15:11 | 000,000,000 | ---- | C] () -- C:\Users\iiuuzgugz0guzkkk\defogger_reenable [2013.05.16 14:46:59 | 000,000,869 | ---- | C] () -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\msconfig.lnk [2013.05.16 14:46:53 | 000,002,634 | ---- | C] () -- C:\ProgramData\ocfmjt.js [2013.05.16 14:46:33 | 095,023,320 | ---- | C] () -- C:\ProgramData\ocfmjt.pad [2013.04.24 20:26:04 | 000,001,196 | ---- | C] () -- C:\Users\Public\Desktop\Free YouTube to MP3 Converter.lnk [2010.11.08 22:46:58 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2009.05.04 21:41:16 | 012,519,424 | ---- | C] () -- C:\Users\iiuuzgugz0guzkkk\gs864w32.exe [2008.09.08 14:23:28 | 000,021,396 | ---- | C] () -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\mdbu.bin [2008.02.13 12:59:02 | 000,004,096 | -H-- | C] () -- C:\Users\iiuuzgugz0guzkkk\AppData\Local\keyfile3.drm [2007.12.08 12:30:21 | 000,000,104 | ---- | C] () -- C:\Users\iiuuzgugz0guzkkk\AppData\Local\fusioncache.dat [2007.08.06 20:29:22 | 000,000,305 | ---- | C] () -- C:\ProgramData\addr_file.html [2007.02.01 17:53:28 | 000,012,800 | ---- | C] () -- C:\Users\iiuuzgugz0guzkkk\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2007.02.01 16:40:00 | 000,013,542 | ---- | C] () -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\nvModes.dat [2007.02.01 16:40:00 | 000,013,542 | ---- | C] () -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\nvModes.001 [2007.02.01 16:03:35 | 000,001,356 | ---- | C] () -- C:\Users\iiuuzgugz0guzkkk\AppData\Local\d3d9caps.dat ========== ZeroAccess Check ========== [2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 08:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2013.04.24 20:28:18 | 000,000,000 | ---D | M] -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\Babylon [2013.05.23 19:13:17 | 000,000,000 | ---D | M] -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\Dropbox [2013.04.24 20:25:56 | 000,000,000 | ---D | M] -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\DVDVideoSoft [2013.04.24 20:26:24 | 000,000,000 | ---D | M] -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\DVDVideoSoftIEHelpers [2013.02.21 22:19:50 | 000,000,000 | ---D | M] -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\elsterformular [2013.01.22 21:18:09 | 000,000,000 | ---D | M] -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\ICQ [2007.02.18 16:23:14 | 000,000,000 | ---D | M] -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\ICQ Toolbar [2013.01.27 18:33:28 | 000,000,000 | ---D | M] -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\ICQ-Profile [2007.02.13 23:15:04 | 000,000,000 | ---D | M] -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\ICQLite [2013.01.22 21:27:14 | 000,000,000 | ---D | M] -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\ICQM [2007.02.03 12:46:12 | 000,000,000 | ---D | M] -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\InterVideo [2009.06.15 21:36:49 | 000,000,000 | ---D | M] -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\LG Electronics [2008.05.28 19:04:07 | 000,000,000 | ---D | M] -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\MAGIX [2010.10.08 20:43:33 | 000,000,000 | ---D | M] -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\Notepad++ [2013.04.24 20:25:19 | 000,000,000 | ---D | M] -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\OpenCandy [2009.04.17 20:08:42 | 000,000,000 | ---D | M] -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\phonostar-Player [2012.12.12 23:07:09 | 000,000,000 | ---D | M] -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\TeamViewer [2007.05.14 22:17:24 | 000,000,000 | ---D | M] -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\ThumbsPlus [2007.12.28 14:37:56 | 000,000,000 | ---D | M] -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\TomTom [2007.02.12 22:38:47 | 000,000,000 | ---D | M] -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\toshiba [2007.02.07 20:11:55 | 000,000,000 | ---D | M] -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\Ulead Systems ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:DFC5A2B2 < End of report > Code: 
  ATTFilter OTL Extras logfile created on: 23.05.2013 19:35:21 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = D:\
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1021,31 Mb Total Physical Memory | 250,36 Mb Available Physical Memory | 24,51% Memory free
2,25 Gb Paging File | 0,95 Gb Available in Paging File | 42,46% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 55,66 Gb Total Space | 16,84 Gb Free Space | 30,26% Space Free | Partition Type: NTFS
Drive D: | 465,76 Gb Total Space | 465,65 Gb Free Space | 99,98% Space Free | Partition Type: NTFS
Drive E: | 54,66 Gb Total Space | 46,22 Gb Free Space | 84,55% Space Free | Partition Type: NTFS
 
Computer Name: VERENAUNDJUERGY | User Name: iiuuzgugz0guzkkk | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{6085B71C-054C-4A06-91B5-E2E554D6FB35}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{68B52979-1CF8-499E-93DA-3626DB1D7530}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{717859AB-3632-4DD4-9360-6FB765DEF3B9}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{774F18B9-C3B6-4389-87DE-02BF419B19A8}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{79694605-E2AF-439C-A08C-929922A5006A}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{8F31BA82-D0E2-43A5-B4FB-43914C10518F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{9229BC7D-1E40-488F-988A-49F8C064FDEA}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{98E03507-1402-4004-9FBC-4EB2D16B6857}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{D0747B95-817D-44BB-86F3-829E10DE47B2}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06438CD4-7B78-41A6-85D1-FD79C9A8A40E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{0E927955-515C-479C-A9C0-3050913CF378}" = protocol=6 | dir=out | app=system | 
"{126F65C3-8968-4D68-A60F-8F1D2A00FB4B}" = protocol=17 | dir=in | app=c:\program files\icq7.6\icq.exe | 
"{12C7EFB6-6946-48F7-94B2-8FB7762F640F}" = protocol=6 | dir=in | app=c:\program files\ivt corporation\bluesoleil\bluesoleil.exe | 
"{17368C44-2520-49C9-A1AF-10A199CDA530}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{3CF5921C-ACD3-477B-9E14-9FDE2F4D377B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{43520274-49EB-4236-963F-852206B96BFA}" = protocol=6 | dir=in | app=c:\program files\icq7.6\icq.exe | 
"{435B11D3-3347-4C8B-B25F-F2272CA3DAD0}" = protocol=17 | dir=in | app=c:\program files\ivt corporation\bluesoleil\bluesoleil.exe | 
"{5494B71B-40FA-4A3C-BE6D-A2DA2AFBF2F7}" = protocol=6 | dir=in | app=c:\users\iiuuzgugz0guzkkk\appdata\roaming\icqm\icq.exe | 
"{60ACD675-BE1D-4562-AB91-AF85A987EA58}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{6D5568DC-48D9-435A-B775-3E114C56E60A}" = protocol=17 | dir=in | app=c:\users\iiuuzgugz0guzkkk\appdata\roaming\dropbox\bin\dropbox.exe | 
"{704C3669-5CAE-409D-AB38-1716D2E8CA9A}" = dir=in | app=c:\program files\itunes\itunes.exe | 
"{72982F38-3940-419E-B486-A73239D58A4E}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{7850E609-9C5E-4341-9249-7F9E97B5B22E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{82424EFA-6F09-4B39-8EBF-10B376076EC8}" = protocol=6 | dir=in | app=c:\program files\icq7.6\icq.exe | 
"{8954612D-BD16-4B23-BC5D-980FA1BE4FC4}" = protocol=17 | dir=in | app=c:\program files\icq7.6\icq.exe | 
"{928FF804-5B32-482C-B835-8CB1F83730CB}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{986A46C7-5A13-4D59-9D1B-70143E23C709}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{AB20474D-7C12-45E8-8292-05A918E055BA}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{AB4135ED-7263-4395-AC74-81A2A84AD581}" = protocol=6 | dir=in | app=c:\program files\ivt corporation\bluesoleil\bluesoleil.exe | 
"{AB547AAB-51B7-4E44-9998-4EA48ABE1449}" = protocol=6 | dir=in | app=c:\users\iiuuzgugz0guzkkk\appdata\roaming\dropbox\bin\dropbox.exe | 
"{AD91D522-5B9D-43B5-9900-C6A1841B24F5}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{CFBCCA02-57C0-48A2-9726-A936CC2AB07B}" = protocol=17 | dir=in | app=c:\program files\ivt corporation\bluesoleil\bluesoleil.exe | 
"{D6B94C9A-A460-416E-B6E2-32EFF03B1C11}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{E0631CFB-6D88-4C8D-9790-3A2E793D907F}" = protocol=17 | dir=in | app=c:\users\iiuuzgugz0guzkkk\appdata\roaming\icqm\icq.exe | 
"{E2E83AA3-5D4D-4A9F-9A6E-D457B11E4E7A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{F73DAC55-8802-4A83-9BB1-56F9BC872627}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
"{FE0FBD38-6761-4574-9816-437569639BC1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{FE282B89-DDA9-42C6-85EA-A02B8A13E534}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"TCP Query User{03F4B8CC-F00E-41FB-BB75-B330E91249D3}E:\programme\half life 2\hl2.exe" = protocol=6 | dir=in | app=e:\programme\half life 2\hl2.exe | 
"TCP Query User{1A705D14-EF5D-4E4F-855E-60924A8E0283}C:\users\iiuuzgugz0guzkkk\appdata\local\temp\teamviewer\version5\teamviewer.exe" = protocol=6 | dir=in | app=c:\users\iiuuzgugz0guzkkk\appdata\local\temp\teamviewer\version5\teamviewer.exe | 
"TCP Query User{1BB45E51-E0BF-4821-B3E0-CE6B0A12E450}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{1DB2C82F-4B0D-40D6-9A31-DABF10F12309}C:\program files\icqlite\icqlite.exe" = protocol=6 | dir=in | app=c:\program files\icqlite\icqlite.exe | 
"TCP Query User{21DF95ED-48A0-40EF-A1C8-5D0CD9380BD0}E:\programme\motogp2\motogp2.exe" = protocol=6 | dir=in | app=e:\programme\motogp2\motogp2.exe | 
"TCP Query User{224A8902-1BB2-4C8C-97A5-9711D76CA20F}C:\program files\icq7.4\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq7.4\icq.exe | 
"TCP Query User{4272AEEF-FEBF-4ECF-9C3C-0E99049D1C86}E:\programme\konami\pro evolution soccer 6\pes6.exe" = protocol=6 | dir=in | app=e:\programme\konami\pro evolution soccer 6\pes6.exe | 
"TCP Query User{55EADE2E-14F4-424F-A206-A0FD94E51E92}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe | 
"TCP Query User{58E71F4D-5E54-42E9-8443-2A0539D74341}C:\program files\icq7.1\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq7.1\icq.exe | 
"TCP Query User{5DA763FD-1227-40A4-9C9D-670C5BD43A05}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"TCP Query User{62B860ED-B73F-428B-B87B-D3407DD55D24}C:\users\iiuuzgugz0guzkkk\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\iiuuzgugz0guzkkk\appdata\roaming\dropbox\bin\dropbox.exe | 
"TCP Query User{858CF3D2-BC0E-4315-A8DD-27FBE4CEC47E}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe | 
"TCP Query User{A2203824-9098-43C2-87BB-0E7FA3DC965E}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"TCP Query User{C8DC81EE-057A-43E4-BCE7-DB9665EF82A3}E:\programme\motogp2\motogp2.exe" = protocol=6 | dir=in | app=e:\programme\motogp2\motogp2.exe | 
"TCP Query User{C9DAFA5C-0226-4240-806C-DEDF8F19F78E}E:\programme\half life 2\hl2.exe" = protocol=6 | dir=in | app=e:\programme\half life 2\hl2.exe | 
"TCP Query User{E4E6D3E7-5CE9-4A70-A15F-C716A39B6636}E:\programme\phonostar\ps_olect.exe" = protocol=6 | dir=in | app=e:\programme\phonostar\ps_olect.exe | 
"UDP Query User{08D3A357-734A-495F-B121-DF59FE377E3B}C:\program files\icqlite\icqlite.exe" = protocol=17 | dir=in | app=c:\program files\icqlite\icqlite.exe | 
"UDP Query User{18FEE142-752F-4D96-AFF8-5D519A0EC63B}C:\program files\icq7.1\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq7.1\icq.exe | 
"UDP Query User{4660A34A-D06F-4978-B711-8EA19A99C12E}C:\users\iiuuzgugz0guzkkk\appdata\local\temp\teamviewer\version5\teamviewer.exe" = protocol=17 | dir=in | app=c:\users\iiuuzgugz0guzkkk\appdata\local\temp\teamviewer\version5\teamviewer.exe | 
"UDP Query User{4752A7BF-07D7-454F-B5C7-5002278B2BD4}E:\programme\konami\pro evolution soccer 6\pes6.exe" = protocol=17 | dir=in | app=e:\programme\konami\pro evolution soccer 6\pes6.exe | 
"UDP Query User{4C788FFF-5440-4149-8999-651B5C2971F9}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{5E2B20BD-F340-4BB6-ADF5-724EAB72F749}E:\programme\half life 2\hl2.exe" = protocol=17 | dir=in | app=e:\programme\half life 2\hl2.exe | 
"UDP Query User{60CD8BA4-C6BB-46A8-9CCA-067CF826A57A}C:\users\iiuuzgugz0guzkkk\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\iiuuzgugz0guzkkk\appdata\roaming\dropbox\bin\dropbox.exe | 
"UDP Query User{720F7885-2E9F-4843-80CC-DAF9E572DBDC}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"UDP Query User{77CF07F7-34A9-494A-80BD-EEA4531257ED}E:\programme\motogp2\motogp2.exe" = protocol=17 | dir=in | app=e:\programme\motogp2\motogp2.exe | 
"UDP Query User{79DEDED8-AA1C-4307-A549-8CF264BC817F}E:\programme\motogp2\motogp2.exe" = protocol=17 | dir=in | app=e:\programme\motogp2\motogp2.exe | 
"UDP Query User{82250871-C5E5-429C-8576-4D01C9103A17}E:\programme\half life 2\hl2.exe" = protocol=17 | dir=in | app=e:\programme\half life 2\hl2.exe | 
"UDP Query User{BF145E4E-7A62-468F-956A-337936734B23}E:\programme\phonostar\ps_olect.exe" = protocol=17 | dir=in | app=e:\programme\phonostar\ps_olect.exe | 
"UDP Query User{C1748497-8CD8-43B9-9D93-CD7B754D6416}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"UDP Query User{CBA0EE3F-613D-4B54-AFFB-22FC01B3D047}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe | 
"UDP Query User{D7B718A9-CD90-491F-905A-E114CFE3EA0B}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe | 
"UDP Query User{E508114A-4150-4DD0-8376-C5ECF298BC8E}C:\program files\icq7.4\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq7.4\icq.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}" = BrowserProtect
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for TOSHIBA
"{2290A680-4083-410A-ADCC-7092C67FC052}" = Toshiba Online Product Information
"{268278CF-FB69-4D98-B70E-BFEC1CDCA225}" = iTunes
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{42F7C377-2A1F-44FB-A17F-053C29E81031}" = Nero 7
"{438BB9B4-65FE-4626-91D9-A8F57B18001D}" = Bluesoleil2.6.0.8 Release 070517
"{4412F224-3849-4461-A3E9-DEEF8D252790}" = Visual Studio C++ 10.0 Runtime
"{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5DDB3393-E08B-447E-925F-6C00B95D0FE7}" = iCloud
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{74892A2F-57B2-48E4-81C3-1E21E12A470B}" = TOSHIBA Supervisor Password
"{7644E42D-B096-457F-8B5B-901238FC81AE}" = ICQ7.6
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.4 - Deutsch
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B77A308F-85F5-4D68-8CB5-313332CB2779}" = TOSHIBA Hardware Setup
"{BA12FD6C-169A-11D7-A6A9-00C026281E5A}" = USB Vibration Joystick
"{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}" = TOSHIBA ConfigFree
"{C084BC61-E537-11DE-8616-005056806466}" = Google Earth
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD90E059-509B-4AEB-8ADA-E9A6C7645671}" = TOSHIBA Benutzerhandbücher
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D8E1DFEE-622B-46BA-AEFF-AB7E541C0B21}" = Steuer-Spar-Erklärung 2010
"{DF6FE172-006A-4324-AF7F-ACFE4BA290FE}" = AAVUpdateManager
"{E14ADE0E-75F3-4A46-87E5-26692DD626EC}" = Apple Mobile Device Support
"{E26DEDC7-1A99-4F8C-9615-6DB112E6495B}_is1" = Texas Hold'em Poker 3D - Deluxe Edition 1.0
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9-Reihe
"{EBB794ED-D282-4334-92FB-254481EFF514}" = Pro Evolution Soccer 6
"{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA
"{F7B05784-334C-4F76-8BAB-30ABEB7FD534}" = TIPCI
"{FA4C2D53-205F-4245-9717-F3761154824D}" = Safari
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"Adobe Acrobat 4.0" = Adobe Acrobat 4.0
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Agere Systems Soft Modem" = TOSHIBA Software Modem
"Avira AntiVir Desktop" = Avira Free Antivirus
"CCleaner" = CCleaner
"delta" = Delta toolbar  
"ElsterFormular" = ElsterFormular
"Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.12.2.422
"FreePDF_XP" = FreePDF XP (Remove only)
"Google Updater" = Google Updater
"InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for TOSHIBA
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{EBB794ED-D282-4334-92FB-254481EFF514}" = Pro Evolution Soccer 6
"InstallShield_{F7B05784-334C-4F76-8BAB-30ABEB7FD534}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MotoGP2_is1" = MotoGP2
"Mozilla Firefox 20.0.1 (x86 de)" = Mozilla Firefox 20.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MyTomTom" = MyTomTom 3.1.0.530
"NVIDIA Drivers" = NVIDIA Drivers
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"Rossmann Fotowelt Software" = Rossmann Fotowelt Software 4.12.1
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"ThumbsPlus7x" = ThumbsPlus 7x (deutsch)
"TomTom HOME" = TomTom HOME 2.8.3.2499
"Uninstall_is1" = Uninstall 1.0.0.1
"Windows Media Encoder 9" = Windows Media Encoder 9-Reihe
"WinRAR archiver" = WinRAR Archivierer
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Avira SearchFree Toolbar plus Web Protection Updater
"Dropbox" = Dropbox
"ICQ" = ICQ 8.0 (build 5988, für aktuellen Benutzer)
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 23.05.2013 13:00:28 | Computer Name = VerenaundJuergy | Source = EventSystem | ID = 4609
Description = 
 
Error - 23.05.2013 13:09:01 | Computer Name = VerenaundJuergy | Source = ESENT | ID = 412
Description = Windows (2528)Windows: Die Kopfzeile der Protokolldatei C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log
 konnte nicht gelesen werden. Fehler -501.
 
Error - 23.05.2013 13:09:01 | Computer Name = VerenaundJuergy | Source = ESENT | ID = 412
Description = Windows (2528)Windows: Die Kopfzeile der Protokolldatei C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log
 konnte nicht gelesen werden. Fehler -501.
 
Error - 23.05.2013 13:09:01 | Computer Name = VerenaundJuergy | Source = Windows Search Service | ID = 9000
Description = 
 
Error - 23.05.2013 13:09:01 | Computer Name = VerenaundJuergy | Source = Windows Search Service | ID = 7040
Description = 
 
Error - 23.05.2013 13:09:01 | Computer Name = VerenaundJuergy | Source = Windows Search Service | ID = 9002
Description = 
 
Error - 23.05.2013 13:09:01 | Computer Name = VerenaundJuergy | Source = Windows Search Service | ID = 3029
Description = 
 
Error - 23.05.2013 13:09:04 | Computer Name = VerenaundJuergy | Source = Windows Search Service | ID = 3029
Description = 
 
Error - 23.05.2013 13:09:04 | Computer Name = VerenaundJuergy | Source = Windows Search Service | ID = 3028
Description = 
 
Error - 23.05.2013 13:09:04 | Computer Name = VerenaundJuergy | Source = Windows Search Service | ID = 3058
Description = 
 
[ Media Center Events ]
Error - 02.09.2007 16:14:14 | Computer Name = VerenaundJuergy | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
 GetLastError returned 10000105  Prozess: DefaultDomain Objektname: Media Center Guide
 
Error - 08.06.2009 13:59:37 | Computer Name = VerenaundJuergy | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
 GetLastError returned 10000105  Prozess: DefaultDomain Objektname: Media Center Guide
 
[ System Events ]
Error - 23.05.2013 13:00:00 | Computer Name = VERENAUNDJUERGY | Source = DCOM | ID = 10005
Description = 
 
Error - 23.05.2013 13:00:00 | Computer Name = VERENAUNDJUERGY | Source = LSM | ID = 1048
Description = 
 
Error - 23.05.2013 13:00:14 | Computer Name = VERENAUNDJUERGY | Source = DCOM | ID = 10005
Description = 
 
Error - 23.05.2013 13:00:28 | Computer Name = VerenaundJuergy | Source = DCOM | ID = 10005
Description = 
 
Error - 23.05.2013 13:00:33 | Computer Name = VerenaundJuergy | Source = DCOM | ID = 10005
Description = 
 
Error - 23.05.2013 13:00:35 | Computer Name = VerenaundJuergy | Source = DCOM | ID = 10005
Description = 
 
Error - 23.05.2013 13:00:35 | Computer Name = VerenaundJuergy | Source = DCOM | ID = 10005
Description = 
 
Error - 23.05.2013 13:12:01 | Computer Name = VerenaundJuergy | Source = DCOM | ID = 10005
Description = 
 
Error - 23.05.2013 13:15:02 | Computer Name = VerenaundJuergy | Source = DCOM | ID = 10010
Description = 
 
Error - 23.05.2013 13:23:16 | Computer Name = VerenaundJuergy | Source = DCOM | ID = 10010
Description = 
 
 
< End of report >
          | 
| Themen zu GVU Trojaner 2013 unter Vista | 
| antivir, avira, avira searchfree toolbar, bho, bluescreen, bonjour, converter, dvdvideosoft ltd., error, excel, failed, firefox, flash player, home, iexplore.exe, install.exe, kis, logfile, mp3, object, plug-in, realtek, registry, scan, security, svchost.exe, symantec, trojaner, vista, visual studio |