Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: GVU Trojaner 2013 unter Vista

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 23.05.2013, 20:42   #1
hornet
 
GVU Trojaner 2013 unter Vista - Standard

GVU Trojaner 2013 unter Vista



Hallo,
habe gerade den Rechner meiner Schwester zu Hause. Sie hat den GVU Trojaner drauf.
Ich werde den Rechner auf jeden Fall platt machen, nur ist es zur Datensicherung sicherlich besser, den Läppi erst mal zu bereinigen und dann die Daten zu sichern.

Folgendes habe ich bisher durchgeführt:
- virtuelle Laufwerke mit DeFogger deaktiviert
- Scan mit OLT
- Scan mit Gmer

Am Anfang erschien der Sperrbildschirm beim normalen Start UND beim Start im abgesicherten Modus mit Netzwerktreibern. Nachdem der Rechner ein paar mal abgeschmiert ist komme ich komischerweise wieder ganz normal auf den Desktop.
Im abgesicherten Modus mit Netzwerktreibern erscheint der Sperrbildschirm aber immer noch.

Habe also die o.g. Scans im normalen Modus durchegeführt. Nach dem OLT Scan hat mir AntiVir einen verdächtigen Fund (JS/Agent.480412) gemeldet, den ich daraufhin entfernt habe.
Der Scan mit GMER bricht leider nach wenigen Minuten mit einem Bluescreen ab!

Ich hoffe, ihr könnt mir beim Bereinigen der Kiste helfen. Dafür schon mal ein fettes Danke!
Falls noch Infos fehlen, bitten nen kleinen Hinweis, dann reiche ich sie sofort nach.

Gruß hornet

Hier die Logs:
OLT.txt
Code:
ATTFilter
OTL logfile created on: 23.05.2013 19:35:21 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = D:\
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1021,31 Mb Total Physical Memory | 250,36 Mb Available Physical Memory | 24,51% Memory free
2,25 Gb Paging File | 0,95 Gb Available in Paging File | 42,46% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 55,66 Gb Total Space | 16,84 Gb Free Space | 30,26% Space Free | Partition Type: NTFS
Drive D: | 465,76 Gb Total Space | 465,65 Gb Free Space | 99,98% Space Free | Partition Type: NTFS
Drive E: | 54,66 Gb Total Space | 46,22 Gb Free Space | 84,55% Space Free | Partition Type: NTFS
 
Computer Name: VERENAUNDJUERGY | User Name: iiuuzgugz0guzkkk | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.05.23 18:48:36 | 000,602,112 | ---- | M] (OldTimer Tools) -- D:\OTL.exe
PRC - [2013.05.07 14:03:41 | 000,562,744 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe
PRC - [2013.05.07 14:03:00 | 000,345,312 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2013.05.07 01:08:11 | 006,579,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SoftwareDistribution\Download\Install\Windows-KB890830-V4.20-delta.exe
PRC - [2013.05.03 15:57:16 | 000,093,832 | ---- | M] (Microsoft Corporation) -- d:\f67f7aabe1058a83d042b5b46dc2e0\mrtstub.exe
PRC - [2013.03.22 16:09:37 | 002,787,280 | ---- | M] () -- C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe
PRC - [2013.03.20 13:06:54 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2013.03.20 13:03:30 | 000,079,584 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2013.03.20 13:03:20 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2013.03.11 00:38:48 | 001,644,680 | ---- | M] (Ask) -- C:\Programme\Ask.com\Updater\Updater.exe
PRC - [2012.01.23 06:43:08 | 000,092,592 | ---- | M] (TomTom) -- C:\Programme\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2011.11.14 13:02:04 | 000,435,672 | ---- | M] (TomTom) -- C:\Programme\MyTomTom 3\MyTomTomSA.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.04.11 08:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2008.10.24 17:35:44 | 000,128,296 | ---- | M] () -- C:\Programme\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
PRC - [2008.07.22 22:44:06 | 000,357,376 | ---- | M] (shbox.de) -- C:\Programme\FreePDF_XP\fpassist.exe
PRC - [2008.01.19 09:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe
PRC - [2008.01.19 09:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2008.01.19 09:33:23 | 000,020,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RacAgent.exe
PRC - [2007.01.15 17:14:54 | 000,147,456 | ---- | M] (Nero AG) -- C:\Programme\Common Files\Ahead\Lib\NMBgMonitor.exe
PRC - [2007.01.15 17:13:50 | 001,208,320 | ---- | M] (Nero AG) -- C:\Programme\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
PRC - [2006.12.14 20:07:26 | 000,411,768 | ---- | M] (TOSHIBA Corporation) -- C:\Programme\TOSHIBA\Power Saver\TPwrMain.exe
PRC - [2006.12.14 20:06:14 | 000,428,152 | ---- | M] (TOSHIBA Corporation) -- C:\Programme\TOSHIBA\Power Saver\TosCoSrv.exe
PRC - [2006.12.11 18:27:12 | 000,530,552 | ---- | M] (TOSHIBA Corporation) -- C:\Programme\TOSHIBA\FlashCards\TCrdMain.exe
PRC - [2006.11.14 21:33:10 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe
PRC - [2006.11.13 11:29:40 | 000,413,696 | ---- | M] (TOSHIBA) -- C:\Programme\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
PRC - [2006.11.07 15:50:50 | 003,772,416 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2006.10.31 23:40:16 | 000,077,824 | ---- | M] (TOSHIBA CORPORATION) -- c:\Programme\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe
PRC - [2006.10.27 14:11:02 | 000,192,512 | ---- | M] (Synaptics, Inc.) -- C:\Programme\Synaptics\SynTP\SynToshiba.exe
PRC - [2006.09.12 09:03:00 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2006.08.23 17:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Programme\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
PRC - [2006.05.25 19:30:16 | 000,114,688 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe
PRC - [2004.06.14 17:18:08 | 000,471,040 | ---- | M] (InstallShield Software Corporation) -- C:\Programme\Common Files\InstallShield\UpdateService\agent.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.03.22 16:09:37 | 002,787,280 | ---- | M] () -- C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe
MOD - [2013.03.22 16:08:36 | 002,520,016 | ---- | M] () -- c:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll
MOD - [2013.01.22 21:27:10 | 000,138,576 | ---- | M] () -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\ICQM\ICQ\dll\mramenu.dll
MOD - [2013.01.14 22:36:20 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\b757806657fa5db2b1ed1a89b026b463\System.Xml.ni.dll
MOD - [2013.01.14 22:32:59 | 001,593,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\78157a494dc9a7e52be8840decfcd9cc\System.Drawing.ni.dll
MOD - [2013.01.14 22:30:59 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\4d2c890606d2a3a43a90684115bfccfc\PresentationFramework.Aero.ni.dll
MOD - [2013.01.14 22:30:44 | 014,329,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\668c039655437b25586280e1fbff8ef0\PresentationFramework.ni.dll
MOD - [2013.01.14 22:29:06 | 012,219,392 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\a8080296b18898342ce986091c08b0a4\PresentationCore.ni.dll
MOD - [2013.01.14 22:28:04 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\9126f2ff9fd9c05900f67e963ccc27ef\WindowsBase.ni.dll
MOD - [2013.01.14 22:27:41 | 007,977,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\cc149d08e75f8c53cd28ac926b38c370\System.ni.dll
MOD - [2013.01.14 22:26:59 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\2227d1559f87943255069398608d5c56\mscorlib.ni.dll
MOD - [2012.12.12 07:34:13 | 005,025,792 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
MOD - [2011.11.14 13:02:08 | 000,202,712 | ---- | M] () -- C:\Programme\MyTomTom 3\TomTomSupporterProxy.dll
MOD - [2011.11.14 13:02:06 | 000,063,960 | ---- | M] () -- C:\Programme\MyTomTom 3\TomTomSupporterBase.dll
MOD - [2011.11.14 13:01:52 | 007,964,160 | ---- | M] () -- C:\Programme\MyTomTom 3\QtGui4.dll
MOD - [2011.11.14 13:01:52 | 002,648,064 | ---- | M] () -- C:\Programme\MyTomTom 3\QtXmlPatterns4.dll
MOD - [2011.11.14 13:01:52 | 002,302,464 | ---- | M] () -- C:\Programme\MyTomTom 3\QtCore4.dll
MOD - [2011.11.14 13:01:52 | 000,980,480 | ---- | M] () -- C:\Programme\MyTomTom 3\QtNetwork4.dll
MOD - [2011.11.14 13:01:52 | 000,357,888 | ---- | M] () -- C:\Programme\MyTomTom 3\QtXml4.dll
MOD - [2011.06.24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.06.24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2009.03.30 06:42:11 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2009.02.25 03:16:56 | 000,110,592 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationCore.resources\3.0.0.0_de_31bf3856ad364e35\PresentationCore.resources.dll
MOD - [2006.12.14 15:22:52 | 000,950,272 | ---- | M] () -- C:\Programme\TOSHIBA\FlashCards\de\TCrdMain.resources.dll
MOD - [2006.12.01 19:55:42 | 000,009,216 | ---- | M] () -- C:\Programme\TOSHIBA\TBS\NotifyTBS.dll
MOD - [2006.11.09 19:27:06 | 000,090,112 | ---- | M] () -- C:\Programme\TOSHIBA\FlashCards\TWarnMsg\TWarnMsg.dll
MOD - [2006.11.08 19:08:30 | 000,009,216 | ---- | M] () -- C:\Programme\TOSHIBA\PCDiag\NotifyPCD.dll
MOD - [2006.10.20 14:49:22 | 000,009,216 | ---- | M] () -- C:\Programme\TOSHIBA\ConfigFree\NotifyCFF.dll
MOD - [2006.10.10 11:44:16 | 000,009,728 | ---- | M] () -- C:\Programme\TOSHIBA\TOSHIBA Assist\NotifyX.dll
MOD - [2006.10.07 12:57:04 | 000,053,248 | ---- | M] () -- C:\Programme\TOSHIBA\TOSHIBA Disc Creator\NotifyTDC.dll
MOD - [2006.09.16 23:19:36 | 000,126,976 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll
 
 
========== Services (SafeList) ==========
 
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\ALDI Foto Service Nord\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon -- (CLTNetCnService)
SRV - [2013.05.16 14:46:31 | 000,128,000 | ---- | M] (Hilgraeve, Inc.) [On_Demand | Stopped] -- C:\ProgramData\tjmfco.dat -- (Winmgmt)
SRV - [2013.05.16 14:28:04 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.05.07 14:03:41 | 000,562,744 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe -- (AntiVirWebService)
SRV - [2013.04.13 16:05:49 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.03.22 16:09:37 | 002,787,280 | ---- | M] () [Auto | Running] -- C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe -- (BrowserProtect)
SRV - [2013.03.20 13:06:54 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013.03.20 13:03:20 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.01.23 06:43:08 | 000,092,592 | ---- | M] (TomTom) [Auto | Running] -- C:\Programme\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2008.10.24 17:35:44 | 000,128,296 | ---- | M] () [Auto | Running] -- C:\Programme\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe -- (AAV UpdateService)
SRV - [2008.01.19 09:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008.01.19 09:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2006.12.14 20:06:14 | 000,428,152 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Programme\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2006.11.14 21:33:10 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe -- (CFSvcs)
SRV - [2006.10.31 23:40:16 | 000,077,824 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- c:\Programme\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006.09.12 09:03:00 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2006.08.23 17:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Programme\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [2006.05.25 19:30:16 | 000,114,688 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2013.03.20 13:09:04 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2013.03.20 13:09:03 | 000,135,136 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2013.03.20 13:09:03 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2013.03.20 13:09:02 | 000,084,744 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2007.09.26 14:12:22 | 002,251,776 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32)
DRV - [2007.07.11 15:51:48 | 000,019,840 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2007.07.11 10:45:00 | 000,021,632 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2007.07.11 10:40:18 | 000,012,416 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2007.05.11 03:10:50 | 000,034,704 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\blueletaudio.sys -- (BlueletAudio)
DRV - [2007.05.09 01:59:40 | 000,036,496 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btcusb.sys -- (Btcsrusb)
DRV - [2007.03.05 06:00:04 | 000,027,792 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BlueletSCOAudio.sys -- (BlueletSCOAudio)
DRV - [2007.03.05 05:59:04 | 000,018,320 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btnetdrv.sys -- (BT)
DRV - [2007.03.05 05:56:18 | 000,035,600 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\BtHidMgr.sys -- (BTHidMgr)
DRV - [2007.03.05 05:55:12 | 000,020,880 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\VBTEnum.sys -- (BTHidEnum)
DRV - [2007.03.05 05:53:18 | 000,044,304 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VCommMgr.sys -- (VcommMgr)
DRV - [2007.03.05 05:52:18 | 000,034,448 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VComm.sys -- (VComm)
DRV - [2006.12.07 21:25:00 | 004,456,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2006.11.21 14:57:36 | 000,113,792 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfbd.sys -- (tosrfbd)
DRV - [2006.11.19 23:11:14 | 000,007,168 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\FwLnk.sys -- (FwLnk)
DRV - [2006.10.30 10:42:28 | 001,786,880 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32)
DRV - [2006.10.28 01:29:10 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfusb.sys -- (Tosrfusb)
DRV - [2006.10.23 17:32:20 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfec.sys -- (tosrfec)
DRV - [2006.10.18 12:50:04 | 000,016,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2006.10.05 23:22:14 | 000,016,768 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TVALZ_O.SYS -- (TVALZ)
DRV - [2006.10.05 17:07:46 | 000,073,600 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TosRfhid.sys -- (Tosrfhid)
DRV - [2006.08.31 07:53:00 | 001,161,152 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006.07.06 14:44:00 | 000,168,448 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tifm21.sys -- (tifm21)
DRV - [2006.02.14 19:50:52 | 000,216,320 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\KR10I.sys -- (KR10I)
DRV - [2006.02.14 19:41:20 | 000,208,256 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\KR10N.sys -- (KR10N)
DRV - [2005.08.01 17:45:08 | 000,064,896 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\tosrfcom.sys -- (Tosrfcom)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Prev Search Bar = hxxp://google.icq.com/search/search_frame.php
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://google.icq.com/search/search_frame.php
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://google.icq.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.avira.com/?l=dis&o=APN10261&gct=hp&dc=EU&locale=de_DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10261&src=crm&q={searchTerms}&locale=&apn_ptnrs=^AGS&apn_dtid=^YYYYYY^YY^DE&apn_uid=cbe26291-5f6d-4268-9f3e-6eb476e7e7e8&apn_sauid=8F1C5B40-F5F6-4637-B78C-635D3AC596C9
IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GCNV_de
IE - HKCU\..\SearchScopes\{BE9654C9-9D79-42ec-B55A-3CAEB12DBF58}: "URL" = hxxp://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKCU\..\SearchScopes\{FFEBBF0A-C22C-4172-89FF-45215A135AC8}: "URL" = hxxp://search.icq.com/search/results.php?q=%s&ch_id=hm&search_mode=web
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.2.9&q="
FF - prefs.js..browser.search.order.1: "Delta Search"
FF - prefs.js..browser.search.selectedEngine: "Delta Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..network.proxy.type: 4
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\ProgramData\Mozilla\Firefox Extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2007.07.23 19:23:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}: C:\Program Files\Common Files\DVDVideoSoft\plugins\ff\ [2013.04.24 20:25:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.04.13 16:06:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.04.13 16:03:39 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.04.13 16:06:12 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.04.13 16:03:39 | 000,000,000 | ---D | M]
 
[2008.09.02 12:37:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\mozilla\Extensions
[2008.08.10 13:36:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2013.05.13 21:05:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\mozilla\Firefox\Profiles\r0dg6nbj.default\extensions
[2010.05.02 12:42:14 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\mozilla\Firefox\Profiles\r0dg6nbj.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.09.06 20:13:10 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\mozilla\Firefox\Profiles\r0dg6nbj.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2012.07.25 20:06:29 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\mozilla\Firefox\Profiles\r0dg6nbj.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2009.09.12 16:31:01 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\mozilla\Firefox\Profiles\r0dg6nbj.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2013.04.24 20:29:38 | 000,000,000 | ---D | M] (Delta Toolbar) -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\mozilla\Firefox\Profiles\r0dg6nbj.default\extensions\ffxtlbr@delta.com
[2013.04.25 22:04:13 | 000,000,000 | ---D | M] ("Avira SearchFree Toolbar plus Web Protection") -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\mozilla\Firefox\Profiles\r0dg6nbj.default\extensions\toolbar@ask.com
[2013.05.13 21:05:33 | 000,620,130 | ---- | M] () (No name found) -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\mozilla\firefox\profiles\r0dg6nbj.default\extensions\toolbar@web.de.xpi
[2012.12.11 18:41:20 | 000,036,098 | ---- | M] () (No name found) -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\mozilla\firefox\profiles\r0dg6nbj.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
[2013.02.19 21:09:30 | 000,007,919 | ---- | M] () (No name found) -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\mozilla\firefox\profiles\r0dg6nbj.default\extensions\toolbar@ask.com\chrome\content\Abine\chrome\content\ff\view_expiry.js
[2013.03.22 22:01:14 | 000,001,050 | ---- | M] () -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\mozilla\firefox\profiles\r0dg6nbj.default\searchplugins\11-suche.xml
[2013.04.25 20:10:55 | 000,002,413 | ---- | M] () -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\mozilla\firefox\profiles\r0dg6nbj.default\searchplugins\askcom.xml
[2013.05.03 13:33:07 | 000,006,473 | ---- | M] () -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\mozilla\firefox\profiles\r0dg6nbj.default\searchplugins\babylon.xml
[2013.05.03 13:33:07 | 000,006,473 | ---- | M] () -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\mozilla\firefox\profiles\r0dg6nbj.default\searchplugins\BrowserProtect.xml
[2013.04.24 20:29:44 | 000,001,294 | ---- | M] () -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\mozilla\firefox\profiles\r0dg6nbj.default\searchplugins\delta.xml
[2013.03.22 22:01:15 | 000,002,418 | ---- | M] () -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\mozilla\firefox\profiles\r0dg6nbj.default\searchplugins\englische-ergebnisse.xml
[2013.03.22 22:01:14 | 000,010,701 | ---- | M] () -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\mozilla\firefox\profiles\r0dg6nbj.default\searchplugins\gmx-suche.xml
[2013.05.12 20:23:07 | 000,000,950 | ---- | M] () -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\mozilla\firefox\profiles\r0dg6nbj.default\searchplugins\icqplugin-1.xml
[2009.02.06 22:17:00 | 000,000,950 | ---- | M] () -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\mozilla\firefox\profiles\r0dg6nbj.default\searchplugins\icqplugin-10.xml
[2009.03.08 21:54:16 | 000,000,950 | ---- | M] () -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\mozilla\firefox\profiles\r0dg6nbj.default\searchplugins\icqplugin-11.xml
[2009.04.05 17:53:34 | 000,000,950 | ---- | M] () -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\mozilla\firefox\profiles\r0dg6nbj.default\searchplugins\icqplugin-12.xml
[2011.03.05 13:29:22 | 000,000,950 | ---- | M] () -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\mozilla\firefox\profiles\r0dg6nbj.default\searchplugins\icqplugin-13.xml
[2011.03.07 21:43:09 | 000,000,950 | ---- | M] () -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\mozilla\firefox\profiles\r0dg6nbj.default\searchplugins\icqplugin-14.xml
[2011.03.26 22:16:25 | 000,000,950 | ---- | M] () -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\mozilla\firefox\profiles\r0dg6nbj.default\searchplugins\icqplugin-15.xml
[2011.04.27 22:03:02 | 000,000,950 | ---- | M] () -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\mozilla\firefox\profiles\r0dg6nbj.default\searchplugins\icqplugin-16.xml
[2011.06.09 20:43:06 | 000,000,950 | ---- | M] () -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\mozilla\firefox\profiles\r0dg6nbj.default\searchplugins\icqplugin-17.xml
[2011.07.03 17:03:47 | 000,000,950 | ---- | M] () -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\mozilla\firefox\profiles\r0dg6nbj.default\searchplugins\icqplugin-18.xml
[2011.07.05 22:19:34 | 000,000,950 | ---- | M] () -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\mozilla\firefox\profiles\r0dg6nbj.default\searchplugins\icqplugin-19.xml
[2008.04.17 19:42:54 | 000,000,950 | ---- | M] () -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\mozilla\firefox\profiles\r0dg6nbj.default\searchplugins\icqplugin-2.xml
[2011.08.17 19:44:20 | 000,000,950 | ---- | M] () -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\mozilla\firefox\profiles\r0dg6nbj.default\searchplugins\icqplugin-20.xml
[2011.08.24 20:08:57 | 000,000,950 | ---- | M] () -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\mozilla\firefox\profiles\r0dg6nbj.default\searchplugins\icqplugin-21.xml
[2011.09.14 17:26:22 | 000,000,950 | ---- | M] () -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\mozilla\firefox\profiles\r0dg6nbj.default\searchplugins\icqplugin-22.xml
[2011.08.18 21:40:40 | 000,000,618 | ---- | M] () -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\mozilla\firefox\profiles\r0dg6nbj.default\searchplugins\icqplugin-23.xml
[2011.10.04 17:29:52 | 000,000,950 | ---- | M] () -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\mozilla\firefox\profiles\r0dg6nbj.default\searchplugins\icqplugin-24.xml
[2011.10.12 12:08:52 | 000,000,950 | ---- | M] () -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\mozilla\firefox\profiles\r0dg6nbj.default\searchplugins\icqplugin-25.xml
[2011.11.11 22:38:10 | 000,000,950 | ---- | M] () -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\mozilla\firefox\profiles\r0dg6nbj.default\searchplugins\icqplugin-26.xml
[2011.11.16 21:36:25 | 000,000,950 | ---- | M] () -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\mozilla\firefox\profiles\r0dg6nbj.default\searchplugins\icqplugin-27.xml
[2011.12.05 18:27:15 | 000,000,950 | ---- | M] () -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\mozilla\firefox\profiles\r0dg6nbj.default\searchplugins\icqplugin-28.xml
[2011.12.21 17:16:36 | 000,000,950 | ---- | M] () -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\mozilla\firefox\profiles\r0dg6nbj.default\searchplugins\icqplugin-29.xml
[2008.07.07 21:23:52 | 000,000,950 | ---- | M] () -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\mozilla\firefox\profiles\r0dg6nbj.default\searchplugins\icqplugin-3.xml
[2011.12.21 19:09:31 | 000,000,950 | ---- | M] () -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\mozilla\firefox\profiles\r0dg6nbj.default\searchplugins\icqplugin-30.xml
[2012.01.09 18:44:33 | 000,000,950 | ---- | M] () -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\mozilla\firefox\profiles\r0dg6nbj.default\searchplugins\icqplugin-31.xml
[2012.01.12 12:36:43 | 000,000,950 | ---- | M] () -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\mozilla\firefox\profiles\r0dg6nbj.default\searchplugins\icqplugin-32.xml
[2012.02.09 17:28:19 | 000,000,950 | ---- | M] () -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\mozilla\firefox\profiles\r0dg6nbj.default\searchplugins\icqplugin-33.xml
[2012.02.16 15:23:57 | 000,000,950 | ---- | M] () -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\mozilla\firefox\profiles\r0dg6nbj.default\searchplugins\icqplugin-34.xml
[2012.02.21 18:38:08 | 000,000,950 | ---- | M] () -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\mozilla\firefox\profiles\r0dg6nbj.default\searchplugins\icqplugin-35.xml
[2012.04.01 19:51:11 | 000,000,950 | ---- | M] () -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\mozilla\firefox\profiles\r0dg6nbj.default\searchplugins\icqplugin-36.xml
[2012.05.16 18:41:17 | 000,000,950 | ---- | M] () -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\mozilla\firefox\profiles\r0dg6nbj.default\searchplugins\icqplugin-37.xml
[2012.06.14 20:43:28 | 000,000,950 | ---- | M] () -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\mozilla\firefox\profiles\r0dg6nbj.default\searchplugins\icqplugin-38.xml
[2012.06.26 18:37:33 | 000,000,950 | ---- | M] () -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\mozilla\firefox\profiles\r0dg6nbj.default\searchplugins\icqplugin-39.xml
[2008.07.09 18:23:18 | 000,000,950 | ---- | M] () -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\mozilla\firefox\profiles\r0dg6nbj.default\searchplugins\icqplugin-4.xml
[2012.07.30 17:58:23 | 000,000,950 | ---- | M] () -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\mozilla\firefox\profiles\r0dg6nbj.default\searchplugins\icqplugin-40.xml
[2012.08.16 11:01:02 | 000,000,950 | ---- | M] () -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\mozilla\firefox\profiles\r0dg6nbj.default\searchplugins\icqplugin-41.xml
[2012.09.04 16:52:30 | 000,000,950 | ---- | M] () -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\mozilla\firefox\profiles\r0dg6nbj.default\searchplugins\icqplugin-42.xml
[2012.09.11 20:17:48 | 000,000,950 | ---- | M] () -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\mozilla\firefox\profiles\r0dg6nbj.default\searchplugins\icqplugin-43.xml
[2012.11.02 11:23:39 | 000,000,950 | ---- | M] () -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\mozilla\firefox\profiles\r0dg6nbj.default\searchplugins\icqplugin-44.xml
[2012.11.06 20:51:31 | 000,000,950 | ---- | M] () -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\mozilla\firefox\profiles\r0dg6nbj.default\searchplugins\icqplugin-45.xml
[2012.12.11 18:45:00 | 000,000,950 | ---- | M] () -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\mozilla\firefox\profiles\r0dg6nbj.default\searchplugins\icqplugin-46.xml
[2013.01.22 21:22:37 | 000,000,950 | ---- | M] () -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\mozilla\firefox\profiles\r0dg6nbj.default\searchplugins\icqplugin-47.xml
[2013.02.09 18:56:18 | 000,000,950 | ---- | M] () -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\mozilla\firefox\profiles\r0dg6nbj.default\searchplugins\icqplugin-48.xml
[2013.03.12 16:38:05 | 000,000,950 | ---- | M] () -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\mozilla\firefox\profiles\r0dg6nbj.default\searchplugins\icqplugin-49.xml
[2008.07.23 22:53:11 | 000,000,950 | ---- | M] () -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\mozilla\firefox\profiles\r0dg6nbj.default\searchplugins\icqplugin-5.xml
[2013.03.17 11:49:56 | 000,000,950 | ---- | M] () -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\mozilla\firefox\profiles\r0dg6nbj.default\searchplugins\icqplugin-50.xml
[2013.04.15 17:22:27 | 000,000,950 | ---- | M] () -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\mozilla\firefox\profiles\r0dg6nbj.default\searchplugins\icqplugin-51.xml
[2008.09.02 13:03:09 | 000,000,950 | ---- | M] () -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\mozilla\firefox\profiles\r0dg6nbj.default\searchplugins\icqplugin-6.xml
[2008.10.12 20:25:46 | 000,000,950 | ---- | M] () -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\mozilla\firefox\profiles\r0dg6nbj.default\searchplugins\icqplugin-7.xml
[2008.11.13 19:28:55 | 000,000,950 | ---- | M] () -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\mozilla\firefox\profiles\r0dg6nbj.default\searchplugins\icqplugin-8.xml
[2008.12.18 16:34:30 | 000,000,950 | ---- | M] () -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\mozilla\firefox\profiles\r0dg6nbj.default\searchplugins\icqplugin-9.xml
[2011.03.30 15:14:34 | 000,001,042 | ---- | M] () -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\mozilla\firefox\profiles\r0dg6nbj.default\searchplugins\icqplugin.xml
[2013.03.22 22:01:15 | 000,002,432 | ---- | M] () -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\mozilla\firefox\profiles\r0dg6nbj.default\searchplugins\lastminute.xml
[2013.03.22 22:01:14 | 000,005,682 | ---- | M] () -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\mozilla\firefox\profiles\r0dg6nbj.default\searchplugins\webde-suche.xml
[2013.04.13 16:03:14 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2013.04.13 16:03:08 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2013.04.13 16:03:13 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013.04.13 16:06:08 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.06.14 11:01:27 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013.04.24 20:29:12 | 000,006,470 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2012.09.04 16:50:04 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.06.14 11:01:27 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.14 11:01:27 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.14 11:01:27 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.14 11:01:27 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (DVDVideoSoft WebPageAdjuster Class) - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Programme\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [00TCrdMain] C:\Programme\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [HSON] C:\Programme\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [NDSTray.exe] NDSTray.exe File not found
O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SmoothView] C:\Programme\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe (TOSHIBA)
O4 - HKLM..\Run: [Toshiba Registration] C:\Programme\TOSHIBA\Registration\ToshibaRegistration.exe (Toshiba)
O4 - HKLM..\Run: [TPwrMain] C:\Programme\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" File not found
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [ctfmon.exe] C:\ProgramData\tjmfco.dat (Hilgraeve, Inc.)
O4 - HKCU..\Run: [ICQ] C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\ICQM\icq.exe (ICQ)
O4 - HKCU..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe File not found
O4 - HKCU..\Run: [MyTomTomSA.exe] C:\Program Files\MyTomTom 3\MyTomTomSA.exe (TomTom)
O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - HKCU..\Run: [TOSCDSPD] TOSCDSPD.EXE File not found
O4 - Startup: C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Programme\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm ()
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre7\bin\jp2iexp.dll ()
O9 - Extra Button: ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Programme\ICQ7.6\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Programme\ICQ7.6\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe File not found
O9 - Extra 'Tools' menuitem : ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe File not found
O9 - Extra Button: eBay - {C08CAF1D-C0A3-40D5-9970-06D067EAC017} - hxxp://www.webtip.ch/cgi-bin/toshiba/tracker_url_de.pl?hxxp://www.ebay.de/ File not found
O9 - Extra Button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Programme\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
O9 - Extra 'Tools' menuitem : Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Programme\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000043 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {3DF6983D-D415-4AE5-8106-43987731DAA5} https://shop.aldi-fotoservice-druck.de/shop/activex/aldi_nord_express_upload.cab (AldiActiveFormX Element)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 10.17.2)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{214C0E51-6235-49F0-BCB0-62C3A0472FDA}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (c:\progra~2\browse~1\261249~1.132\{c16c1~1\browse~1.dll) - c:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll ()
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{47206f6b-3bc5-11e2-aced-001167b66309}\Shell - "" = AutoRun
O33 - MountPoints2\{47206f6b-3bc5-11e2-aced-001167b66309}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.05.16 14:46:31 | 000,128,000 | ---- | C] (Hilgraeve, Inc.) -- C:\ProgramData\tjmfco.dat
[2013.05.16 14:46:31 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\ProgramData\rundll32.exe
[2013.05.16 14:46:23 | 000,128,000 | ---- | C] (Hilgraeve, Inc.) -- C:\Users\iiuuzgugz0guzkkk\3251098.dll
[2013.04.25 22:44:05 | 000,000,000 | ---D | C] -- C:\Windows\System32\Extensions
[2013.04.25 22:43:49 | 000,000,000 | ---D | C] -- C:\Windows\System32\searchplugins
[2013.04.24 20:30:06 | 000,000,000 | ---D | C] -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserProtect
[2013.04.24 20:29:46 | 000,000,000 | ---D | C] -- C:\ProgramData\BrowserProtect
[2013.04.24 20:29:37 | 000,000,000 | ---D | C] -- C:\Program Files\Delta
[2013.04.24 20:28:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2013.04.24 20:28:18 | 000,000,000 | ---D | C] -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\Babylon
[2013.04.24 20:25:19 | 000,000,000 | ---D | C] -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\OpenCandy
[2013.04.24 20:25:19 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DVDVideoSoft
[2013.04.24 20:25:18 | 000,000,000 | ---D | C] -- C:\Program Files\DVDVideoSoft
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.05.23 19:50:09 | 000,000,440 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{D9B30BB4-63C0-47D4-A444-A174F9308500}.job
[2013.05.23 19:26:56 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.05.23 19:15:11 | 000,000,000 | ---- | M] () -- C:\Users\iiuuzgugz0guzkkk\defogger_reenable
[2013.05.23 19:12:51 | 000,013,542 | ---- | M] () -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\nvModes.001
[2013.05.23 19:08:49 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013.05.23 19:08:49 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013.05.23 19:08:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.05.23 19:00:18 | 095,023,320 | ---- | M] () -- C:\ProgramData\ocfmjt.pad
[2013.05.16 14:46:59 | 000,000,869 | ---- | M] () -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\msconfig.lnk
[2013.05.16 14:46:53 | 000,002,634 | ---- | M] () -- C:\ProgramData\ocfmjt.js
[2013.05.13 22:08:10 | 000,013,542 | ---- | M] () -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\nvModes.dat
[2013.05.12 21:09:14 | 000,002,637 | ---- | M] () -- C:\Users\iiuuzgugz0guzkkk\Desktop\Microsoft Office Word 2003.lnk
[2013.04.24 20:26:04 | 000,001,196 | ---- | M] () -- C:\Users\Public\Desktop\Free YouTube to MP3 Converter.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.05.23 19:15:11 | 000,000,000 | ---- | C] () -- C:\Users\iiuuzgugz0guzkkk\defogger_reenable
[2013.05.16 14:46:59 | 000,000,869 | ---- | C] () -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\msconfig.lnk
[2013.05.16 14:46:53 | 000,002,634 | ---- | C] () -- C:\ProgramData\ocfmjt.js
[2013.05.16 14:46:33 | 095,023,320 | ---- | C] () -- C:\ProgramData\ocfmjt.pad
[2013.04.24 20:26:04 | 000,001,196 | ---- | C] () -- C:\Users\Public\Desktop\Free YouTube to MP3 Converter.lnk
[2010.11.08 22:46:58 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009.05.04 21:41:16 | 012,519,424 | ---- | C] () -- C:\Users\iiuuzgugz0guzkkk\gs864w32.exe
[2008.09.08 14:23:28 | 000,021,396 | ---- | C] () -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\mdbu.bin
[2008.02.13 12:59:02 | 000,004,096 | -H-- | C] () -- C:\Users\iiuuzgugz0guzkkk\AppData\Local\keyfile3.drm
[2007.12.08 12:30:21 | 000,000,104 | ---- | C] () -- C:\Users\iiuuzgugz0guzkkk\AppData\Local\fusioncache.dat
[2007.08.06 20:29:22 | 000,000,305 | ---- | C] () -- C:\ProgramData\addr_file.html
[2007.02.01 17:53:28 | 000,012,800 | ---- | C] () -- C:\Users\iiuuzgugz0guzkkk\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007.02.01 16:40:00 | 000,013,542 | ---- | C] () -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\nvModes.dat
[2007.02.01 16:40:00 | 000,013,542 | ---- | C] () -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\nvModes.001
[2007.02.01 16:03:35 | 000,001,356 | ---- | C] () -- C:\Users\iiuuzgugz0guzkkk\AppData\Local\d3d9caps.dat
 
========== ZeroAccess Check ==========
 
[2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 08:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2013.04.24 20:28:18 | 000,000,000 | ---D | M] -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\Babylon
[2013.05.23 19:13:17 | 000,000,000 | ---D | M] -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\Dropbox
[2013.04.24 20:25:56 | 000,000,000 | ---D | M] -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\DVDVideoSoft
[2013.04.24 20:26:24 | 000,000,000 | ---D | M] -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\DVDVideoSoftIEHelpers
[2013.02.21 22:19:50 | 000,000,000 | ---D | M] -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\elsterformular
[2013.01.22 21:18:09 | 000,000,000 | ---D | M] -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\ICQ
[2007.02.18 16:23:14 | 000,000,000 | ---D | M] -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\ICQ Toolbar
[2013.01.27 18:33:28 | 000,000,000 | ---D | M] -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\ICQ-Profile
[2007.02.13 23:15:04 | 000,000,000 | ---D | M] -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\ICQLite
[2013.01.22 21:27:14 | 000,000,000 | ---D | M] -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\ICQM
[2007.02.03 12:46:12 | 000,000,000 | ---D | M] -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\InterVideo
[2009.06.15 21:36:49 | 000,000,000 | ---D | M] -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\LG Electronics
[2008.05.28 19:04:07 | 000,000,000 | ---D | M] -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\MAGIX
[2010.10.08 20:43:33 | 000,000,000 | ---D | M] -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\Notepad++
[2013.04.24 20:25:19 | 000,000,000 | ---D | M] -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\OpenCandy
[2009.04.17 20:08:42 | 000,000,000 | ---D | M] -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\phonostar-Player
[2012.12.12 23:07:09 | 000,000,000 | ---D | M] -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\TeamViewer
[2007.05.14 22:17:24 | 000,000,000 | ---D | M] -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\ThumbsPlus
[2007.12.28 14:37:56 | 000,000,000 | ---D | M] -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\TomTom
[2007.02.12 22:38:47 | 000,000,000 | ---D | M] -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\toshiba
[2007.02.07 20:11:55 | 000,000,000 | ---D | M] -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\Ulead Systems
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:DFC5A2B2

< End of report >
         
Extras.txt
Code:
ATTFilter
OTL Extras logfile created on: 23.05.2013 19:35:21 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = D:\
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1021,31 Mb Total Physical Memory | 250,36 Mb Available Physical Memory | 24,51% Memory free
2,25 Gb Paging File | 0,95 Gb Available in Paging File | 42,46% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 55,66 Gb Total Space | 16,84 Gb Free Space | 30,26% Space Free | Partition Type: NTFS
Drive D: | 465,76 Gb Total Space | 465,65 Gb Free Space | 99,98% Space Free | Partition Type: NTFS
Drive E: | 54,66 Gb Total Space | 46,22 Gb Free Space | 84,55% Space Free | Partition Type: NTFS
 
Computer Name: VERENAUNDJUERGY | User Name: iiuuzgugz0guzkkk | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{6085B71C-054C-4A06-91B5-E2E554D6FB35}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{68B52979-1CF8-499E-93DA-3626DB1D7530}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{717859AB-3632-4DD4-9360-6FB765DEF3B9}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{774F18B9-C3B6-4389-87DE-02BF419B19A8}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{79694605-E2AF-439C-A08C-929922A5006A}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{8F31BA82-D0E2-43A5-B4FB-43914C10518F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{9229BC7D-1E40-488F-988A-49F8C064FDEA}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{98E03507-1402-4004-9FBC-4EB2D16B6857}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{D0747B95-817D-44BB-86F3-829E10DE47B2}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06438CD4-7B78-41A6-85D1-FD79C9A8A40E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{0E927955-515C-479C-A9C0-3050913CF378}" = protocol=6 | dir=out | app=system | 
"{126F65C3-8968-4D68-A60F-8F1D2A00FB4B}" = protocol=17 | dir=in | app=c:\program files\icq7.6\icq.exe | 
"{12C7EFB6-6946-48F7-94B2-8FB7762F640F}" = protocol=6 | dir=in | app=c:\program files\ivt corporation\bluesoleil\bluesoleil.exe | 
"{17368C44-2520-49C9-A1AF-10A199CDA530}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{3CF5921C-ACD3-477B-9E14-9FDE2F4D377B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{43520274-49EB-4236-963F-852206B96BFA}" = protocol=6 | dir=in | app=c:\program files\icq7.6\icq.exe | 
"{435B11D3-3347-4C8B-B25F-F2272CA3DAD0}" = protocol=17 | dir=in | app=c:\program files\ivt corporation\bluesoleil\bluesoleil.exe | 
"{5494B71B-40FA-4A3C-BE6D-A2DA2AFBF2F7}" = protocol=6 | dir=in | app=c:\users\iiuuzgugz0guzkkk\appdata\roaming\icqm\icq.exe | 
"{60ACD675-BE1D-4562-AB91-AF85A987EA58}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{6D5568DC-48D9-435A-B775-3E114C56E60A}" = protocol=17 | dir=in | app=c:\users\iiuuzgugz0guzkkk\appdata\roaming\dropbox\bin\dropbox.exe | 
"{704C3669-5CAE-409D-AB38-1716D2E8CA9A}" = dir=in | app=c:\program files\itunes\itunes.exe | 
"{72982F38-3940-419E-B486-A73239D58A4E}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{7850E609-9C5E-4341-9249-7F9E97B5B22E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{82424EFA-6F09-4B39-8EBF-10B376076EC8}" = protocol=6 | dir=in | app=c:\program files\icq7.6\icq.exe | 
"{8954612D-BD16-4B23-BC5D-980FA1BE4FC4}" = protocol=17 | dir=in | app=c:\program files\icq7.6\icq.exe | 
"{928FF804-5B32-482C-B835-8CB1F83730CB}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{986A46C7-5A13-4D59-9D1B-70143E23C709}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{AB20474D-7C12-45E8-8292-05A918E055BA}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{AB4135ED-7263-4395-AC74-81A2A84AD581}" = protocol=6 | dir=in | app=c:\program files\ivt corporation\bluesoleil\bluesoleil.exe | 
"{AB547AAB-51B7-4E44-9998-4EA48ABE1449}" = protocol=6 | dir=in | app=c:\users\iiuuzgugz0guzkkk\appdata\roaming\dropbox\bin\dropbox.exe | 
"{AD91D522-5B9D-43B5-9900-C6A1841B24F5}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{CFBCCA02-57C0-48A2-9726-A936CC2AB07B}" = protocol=17 | dir=in | app=c:\program files\ivt corporation\bluesoleil\bluesoleil.exe | 
"{D6B94C9A-A460-416E-B6E2-32EFF03B1C11}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{E0631CFB-6D88-4C8D-9790-3A2E793D907F}" = protocol=17 | dir=in | app=c:\users\iiuuzgugz0guzkkk\appdata\roaming\icqm\icq.exe | 
"{E2E83AA3-5D4D-4A9F-9A6E-D457B11E4E7A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{F73DAC55-8802-4A83-9BB1-56F9BC872627}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
"{FE0FBD38-6761-4574-9816-437569639BC1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{FE282B89-DDA9-42C6-85EA-A02B8A13E534}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"TCP Query User{03F4B8CC-F00E-41FB-BB75-B330E91249D3}E:\programme\half life 2\hl2.exe" = protocol=6 | dir=in | app=e:\programme\half life 2\hl2.exe | 
"TCP Query User{1A705D14-EF5D-4E4F-855E-60924A8E0283}C:\users\iiuuzgugz0guzkkk\appdata\local\temp\teamviewer\version5\teamviewer.exe" = protocol=6 | dir=in | app=c:\users\iiuuzgugz0guzkkk\appdata\local\temp\teamviewer\version5\teamviewer.exe | 
"TCP Query User{1BB45E51-E0BF-4821-B3E0-CE6B0A12E450}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{1DB2C82F-4B0D-40D6-9A31-DABF10F12309}C:\program files\icqlite\icqlite.exe" = protocol=6 | dir=in | app=c:\program files\icqlite\icqlite.exe | 
"TCP Query User{21DF95ED-48A0-40EF-A1C8-5D0CD9380BD0}E:\programme\motogp2\motogp2.exe" = protocol=6 | dir=in | app=e:\programme\motogp2\motogp2.exe | 
"TCP Query User{224A8902-1BB2-4C8C-97A5-9711D76CA20F}C:\program files\icq7.4\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq7.4\icq.exe | 
"TCP Query User{4272AEEF-FEBF-4ECF-9C3C-0E99049D1C86}E:\programme\konami\pro evolution soccer 6\pes6.exe" = protocol=6 | dir=in | app=e:\programme\konami\pro evolution soccer 6\pes6.exe | 
"TCP Query User{55EADE2E-14F4-424F-A206-A0FD94E51E92}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe | 
"TCP Query User{58E71F4D-5E54-42E9-8443-2A0539D74341}C:\program files\icq7.1\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq7.1\icq.exe | 
"TCP Query User{5DA763FD-1227-40A4-9C9D-670C5BD43A05}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"TCP Query User{62B860ED-B73F-428B-B87B-D3407DD55D24}C:\users\iiuuzgugz0guzkkk\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\iiuuzgugz0guzkkk\appdata\roaming\dropbox\bin\dropbox.exe | 
"TCP Query User{858CF3D2-BC0E-4315-A8DD-27FBE4CEC47E}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe | 
"TCP Query User{A2203824-9098-43C2-87BB-0E7FA3DC965E}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"TCP Query User{C8DC81EE-057A-43E4-BCE7-DB9665EF82A3}E:\programme\motogp2\motogp2.exe" = protocol=6 | dir=in | app=e:\programme\motogp2\motogp2.exe | 
"TCP Query User{C9DAFA5C-0226-4240-806C-DEDF8F19F78E}E:\programme\half life 2\hl2.exe" = protocol=6 | dir=in | app=e:\programme\half life 2\hl2.exe | 
"TCP Query User{E4E6D3E7-5CE9-4A70-A15F-C716A39B6636}E:\programme\phonostar\ps_olect.exe" = protocol=6 | dir=in | app=e:\programme\phonostar\ps_olect.exe | 
"UDP Query User{08D3A357-734A-495F-B121-DF59FE377E3B}C:\program files\icqlite\icqlite.exe" = protocol=17 | dir=in | app=c:\program files\icqlite\icqlite.exe | 
"UDP Query User{18FEE142-752F-4D96-AFF8-5D519A0EC63B}C:\program files\icq7.1\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq7.1\icq.exe | 
"UDP Query User{4660A34A-D06F-4978-B711-8EA19A99C12E}C:\users\iiuuzgugz0guzkkk\appdata\local\temp\teamviewer\version5\teamviewer.exe" = protocol=17 | dir=in | app=c:\users\iiuuzgugz0guzkkk\appdata\local\temp\teamviewer\version5\teamviewer.exe | 
"UDP Query User{4752A7BF-07D7-454F-B5C7-5002278B2BD4}E:\programme\konami\pro evolution soccer 6\pes6.exe" = protocol=17 | dir=in | app=e:\programme\konami\pro evolution soccer 6\pes6.exe | 
"UDP Query User{4C788FFF-5440-4149-8999-651B5C2971F9}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{5E2B20BD-F340-4BB6-ADF5-724EAB72F749}E:\programme\half life 2\hl2.exe" = protocol=17 | dir=in | app=e:\programme\half life 2\hl2.exe | 
"UDP Query User{60CD8BA4-C6BB-46A8-9CCA-067CF826A57A}C:\users\iiuuzgugz0guzkkk\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\iiuuzgugz0guzkkk\appdata\roaming\dropbox\bin\dropbox.exe | 
"UDP Query User{720F7885-2E9F-4843-80CC-DAF9E572DBDC}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"UDP Query User{77CF07F7-34A9-494A-80BD-EEA4531257ED}E:\programme\motogp2\motogp2.exe" = protocol=17 | dir=in | app=e:\programme\motogp2\motogp2.exe | 
"UDP Query User{79DEDED8-AA1C-4307-A549-8CF264BC817F}E:\programme\motogp2\motogp2.exe" = protocol=17 | dir=in | app=e:\programme\motogp2\motogp2.exe | 
"UDP Query User{82250871-C5E5-429C-8576-4D01C9103A17}E:\programme\half life 2\hl2.exe" = protocol=17 | dir=in | app=e:\programme\half life 2\hl2.exe | 
"UDP Query User{BF145E4E-7A62-468F-956A-337936734B23}E:\programme\phonostar\ps_olect.exe" = protocol=17 | dir=in | app=e:\programme\phonostar\ps_olect.exe | 
"UDP Query User{C1748497-8CD8-43B9-9D93-CD7B754D6416}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"UDP Query User{CBA0EE3F-613D-4B54-AFFB-22FC01B3D047}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe | 
"UDP Query User{D7B718A9-CD90-491F-905A-E114CFE3EA0B}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe | 
"UDP Query User{E508114A-4150-4DD0-8376-C5ECF298BC8E}C:\program files\icq7.4\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq7.4\icq.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}" = BrowserProtect
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for TOSHIBA
"{2290A680-4083-410A-ADCC-7092C67FC052}" = Toshiba Online Product Information
"{268278CF-FB69-4D98-B70E-BFEC1CDCA225}" = iTunes
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{42F7C377-2A1F-44FB-A17F-053C29E81031}" = Nero 7
"{438BB9B4-65FE-4626-91D9-A8F57B18001D}" = Bluesoleil2.6.0.8 Release 070517
"{4412F224-3849-4461-A3E9-DEEF8D252790}" = Visual Studio C++ 10.0 Runtime
"{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5DDB3393-E08B-447E-925F-6C00B95D0FE7}" = iCloud
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{74892A2F-57B2-48E4-81C3-1E21E12A470B}" = TOSHIBA Supervisor Password
"{7644E42D-B096-457F-8B5B-901238FC81AE}" = ICQ7.6
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.4 - Deutsch
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B77A308F-85F5-4D68-8CB5-313332CB2779}" = TOSHIBA Hardware Setup
"{BA12FD6C-169A-11D7-A6A9-00C026281E5A}" = USB Vibration Joystick
"{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}" = TOSHIBA ConfigFree
"{C084BC61-E537-11DE-8616-005056806466}" = Google Earth
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD90E059-509B-4AEB-8ADA-E9A6C7645671}" = TOSHIBA Benutzerhandbücher
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D8E1DFEE-622B-46BA-AEFF-AB7E541C0B21}" = Steuer-Spar-Erklärung 2010
"{DF6FE172-006A-4324-AF7F-ACFE4BA290FE}" = AAVUpdateManager
"{E14ADE0E-75F3-4A46-87E5-26692DD626EC}" = Apple Mobile Device Support
"{E26DEDC7-1A99-4F8C-9615-6DB112E6495B}_is1" = Texas Hold'em Poker 3D - Deluxe Edition 1.0
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9-Reihe
"{EBB794ED-D282-4334-92FB-254481EFF514}" = Pro Evolution Soccer 6
"{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA
"{F7B05784-334C-4F76-8BAB-30ABEB7FD534}" = TIPCI
"{FA4C2D53-205F-4245-9717-F3761154824D}" = Safari
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"Adobe Acrobat 4.0" = Adobe Acrobat 4.0
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Agere Systems Soft Modem" = TOSHIBA Software Modem
"Avira AntiVir Desktop" = Avira Free Antivirus
"CCleaner" = CCleaner
"delta" = Delta toolbar  
"ElsterFormular" = ElsterFormular
"Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.12.2.422
"FreePDF_XP" = FreePDF XP (Remove only)
"Google Updater" = Google Updater
"InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for TOSHIBA
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{EBB794ED-D282-4334-92FB-254481EFF514}" = Pro Evolution Soccer 6
"InstallShield_{F7B05784-334C-4F76-8BAB-30ABEB7FD534}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MotoGP2_is1" = MotoGP2
"Mozilla Firefox 20.0.1 (x86 de)" = Mozilla Firefox 20.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MyTomTom" = MyTomTom 3.1.0.530
"NVIDIA Drivers" = NVIDIA Drivers
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"Rossmann Fotowelt Software" = Rossmann Fotowelt Software 4.12.1
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"ThumbsPlus7x" = ThumbsPlus 7x (deutsch)
"TomTom HOME" = TomTom HOME 2.8.3.2499
"Uninstall_is1" = Uninstall 1.0.0.1
"Windows Media Encoder 9" = Windows Media Encoder 9-Reihe
"WinRAR archiver" = WinRAR Archivierer
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Avira SearchFree Toolbar plus Web Protection Updater
"Dropbox" = Dropbox
"ICQ" = ICQ 8.0 (build 5988, für aktuellen Benutzer)
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 23.05.2013 13:00:28 | Computer Name = VerenaundJuergy | Source = EventSystem | ID = 4609
Description = 
 
Error - 23.05.2013 13:09:01 | Computer Name = VerenaundJuergy | Source = ESENT | ID = 412
Description = Windows (2528)Windows: Die Kopfzeile der Protokolldatei C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log
 konnte nicht gelesen werden. Fehler -501.
 
Error - 23.05.2013 13:09:01 | Computer Name = VerenaundJuergy | Source = ESENT | ID = 412
Description = Windows (2528)Windows: Die Kopfzeile der Protokolldatei C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log
 konnte nicht gelesen werden. Fehler -501.
 
Error - 23.05.2013 13:09:01 | Computer Name = VerenaundJuergy | Source = Windows Search Service | ID = 9000
Description = 
 
Error - 23.05.2013 13:09:01 | Computer Name = VerenaundJuergy | Source = Windows Search Service | ID = 7040
Description = 
 
Error - 23.05.2013 13:09:01 | Computer Name = VerenaundJuergy | Source = Windows Search Service | ID = 9002
Description = 
 
Error - 23.05.2013 13:09:01 | Computer Name = VerenaundJuergy | Source = Windows Search Service | ID = 3029
Description = 
 
Error - 23.05.2013 13:09:04 | Computer Name = VerenaundJuergy | Source = Windows Search Service | ID = 3029
Description = 
 
Error - 23.05.2013 13:09:04 | Computer Name = VerenaundJuergy | Source = Windows Search Service | ID = 3028
Description = 
 
Error - 23.05.2013 13:09:04 | Computer Name = VerenaundJuergy | Source = Windows Search Service | ID = 3058
Description = 
 
[ Media Center Events ]
Error - 02.09.2007 16:14:14 | Computer Name = VerenaundJuergy | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
 GetLastError returned 10000105  Prozess: DefaultDomain Objektname: Media Center Guide

 
Error - 08.06.2009 13:59:37 | Computer Name = VerenaundJuergy | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
 GetLastError returned 10000105  Prozess: DefaultDomain Objektname: Media Center Guide

 
[ System Events ]
Error - 23.05.2013 13:00:00 | Computer Name = VERENAUNDJUERGY | Source = DCOM | ID = 10005
Description = 
 
Error - 23.05.2013 13:00:00 | Computer Name = VERENAUNDJUERGY | Source = LSM | ID = 1048
Description = 
 
Error - 23.05.2013 13:00:14 | Computer Name = VERENAUNDJUERGY | Source = DCOM | ID = 10005
Description = 
 
Error - 23.05.2013 13:00:28 | Computer Name = VerenaundJuergy | Source = DCOM | ID = 10005
Description = 
 
Error - 23.05.2013 13:00:33 | Computer Name = VerenaundJuergy | Source = DCOM | ID = 10005
Description = 
 
Error - 23.05.2013 13:00:35 | Computer Name = VerenaundJuergy | Source = DCOM | ID = 10005
Description = 
 
Error - 23.05.2013 13:00:35 | Computer Name = VerenaundJuergy | Source = DCOM | ID = 10005
Description = 
 
Error - 23.05.2013 13:12:01 | Computer Name = VerenaundJuergy | Source = DCOM | ID = 10005
Description = 
 
Error - 23.05.2013 13:15:02 | Computer Name = VerenaundJuergy | Source = DCOM | ID = 10010
Description = 
 
Error - 23.05.2013 13:23:16 | Computer Name = VerenaundJuergy | Source = DCOM | ID = 10010
Description = 
 
 
< End of report >
         

Alt 23.05.2013, 21:06   #2
markusg
/// Malware-holic
 
GVU Trojaner 2013 unter Vista - Standard

GVU Trojaner 2013 unter Vista



Hi,


otl fix

Fixen mit OTL

  • Starte bitte die OTL.exe.
  • Kopiere nun den Inhalt aus der Codebox in die Textbox.

Code:
ATTFilter
:OTL
O4 - HKCU..\Run: [ctfmon.exe] C:\ProgramData\tjmfco.dat (Hilgraeve, Inc.)
:files
:Commands
[emptytemp]
         
  • Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
  • Schließe bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread



starte in den normalen modus.

falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden

Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang
in den Thread posten!




Drücke bitte die + E Taste.
  • Öffne dein Systemlaufwerk ( meistens C: )
  • Suche nun
    folgenden Ordner: _OTL und öffne diesen.
  • Mache einen Rechtsklick auf den Ordner Movedfiles --> Senden an --> Zip-Komprimierter Ordner

  • Dies wird eine Movedfiles.zip Datei in _OTL erstellen
  • Lade diese bitte in unseren Uploadchannel
    hoch. ( Durchsuchen --> C:\_OTL\Movedfiles.zip )
Teile mir mit ob der Upload problemlos geklappt hat. Danke im voraus
__________________

__________________

Alt 24.05.2013, 06:48   #3
hornet
 
GVU Trojaner 2013 unter Vista - Standard

GVU Trojaner 2013 unter Vista



Hi,
vielen Dank für die schnelle Antwort!

Der Fix ist durchgelaufen und der Upload hat auch problemlos funktioniert.
Hier das Log-File:

Code:
ATTFilter
All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ctfmon.exe deleted successfully.
File move failed. C:\ProgramData\tjmfco.dat scheduled to be moved on reboot.
========== FILES ==========
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Gast
->Temp folder emptied: 49595 bytes
->Temporary Internet Files folder emptied: 106942 bytes
 
User: iiuuzgugz0guzkkk
->Temp folder emptied: 520363313 bytes
->Temporary Internet Files folder emptied: 199125496 bytes
->Java cache emptied: 59035993 bytes
->FireFox cache emptied: 331691628 bytes
->Flash cache emptied: 30637 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 80947444 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 1.136,00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 05242013_063935

Files\Folders moved on Reboot...
File move failed. C:\ProgramData\tjmfco.dat scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
         
__________________

Alt 24.05.2013, 10:16   #4
markusg
/// Malware-holic
 
GVU Trojaner 2013 unter Vista - Standard

GVU Trojaner 2013 unter Vista



THX
Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.

b
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 25.05.2013, 00:06   #5
hornet
 
GVU Trojaner 2013 unter Vista - Standard

GVU Trojaner 2013 unter Vista



Hi,
das LogFile von TDSSKiller:
Code:
ATTFilter
00:58:46.0205 5648  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
00:58:46.0326 5648  ============================================================
00:58:46.0326 5648  Current date / time: 2013/05/25 00:58:46.0326
00:58:46.0326 5648  SystemInfo:
00:58:46.0326 5648  
00:58:46.0327 5648  OS Version: 6.0.6002 ServicePack: 2.0
00:58:46.0327 5648  Product type: Workstation
00:58:46.0327 5648  ComputerName: VERENAUNDJUERGY
00:58:46.0327 5648  UserName: iiuuzgugz0guzkkk
00:58:46.0327 5648  Windows directory: C:\Windows
00:58:46.0327 5648  System windows directory: C:\Windows
00:58:46.0327 5648  Processor architecture: Intel x86
00:58:46.0328 5648  Number of processors: 2
00:58:46.0328 5648  Page size: 0x1000
00:58:46.0328 5648  Boot type: Normal boot
00:58:46.0328 5648  ============================================================
00:58:52.0432 5648  Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
00:58:52.0436 5648  Drive \Device\Harddisk1\DR2 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
00:58:52.0445 5648  ============================================================
00:58:52.0445 5648  \Device\Harddisk0\DR0:
00:58:52.0456 5648  MBR partitions:
00:58:52.0456 5648  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x6F54000
00:58:52.0456 5648  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x7242800, BlocksNum 0x6D51800
00:58:52.0456 5648  \Device\Harddisk1\DR2:
00:58:52.0457 5648  MBR partitions:
00:58:52.0457 5648  \Device\Harddisk1\DR2\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A384C02
00:58:52.0457 5648  ============================================================
00:58:52.0487 5648  C: <-> \Device\Harddisk0\DR0\Partition1
00:58:52.0634 5648  E: <-> \Device\Harddisk0\DR0\Partition2
00:58:52.0654 5648  D: <-> \Device\Harddisk1\DR2\Partition1
00:58:52.0655 5648  ============================================================
00:58:52.0655 5648  Initialize success
00:58:52.0655 5648  ============================================================
00:59:46.0277 2376  ============================================================
00:59:46.0277 2376  Scan started
00:59:46.0277 2376  Mode: Manual; SigCheck; TDLFS; 
00:59:46.0277 2376  ============================================================
00:59:53.0211 2376  ================ Scan system memory ========================
00:59:53.0211 2376  System memory - ok
00:59:53.0212 2376  ================ Scan services =============================
00:59:53.0726 2376  [ 7EEB488346FBFA3731276C3EE8A8FD9E ] AAV UpdateService C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
00:59:54.0394 2376  AAV UpdateService - ok
00:59:55.0044 2376  [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI            C:\Windows\system32\drivers\acpi.sys
00:59:55.0193 2376  ACPI - ok
00:59:55.0296 2376  [ F040037B149FD0F5A5044AE563390FA7 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
00:59:55.0419 2376  AdobeFlashPlayerUpdateSvc - ok
00:59:55.0609 2376  [ 2EDC5BBAC6C651ECE337BDE8ED97C9FB ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
00:59:55.0850 2376  adp94xx - ok
00:59:55.0917 2376  [ B84088CA3CDCA97DA44A984C6CE1CCAD ] adpahci         C:\Windows\system32\drivers\adpahci.sys
00:59:56.0026 2376  adpahci - ok
00:59:56.0093 2376  [ 7880C67BCCC27C86FD05AA2AFB5EA469 ] adpu160m        C:\Windows\system32\drivers\adpu160m.sys
00:59:56.0397 2376  adpu160m - ok
00:59:56.0461 2376  [ 9AE713F8E30EFC2ABCCD84904333DF4D ] adpu320         C:\Windows\system32\drivers\adpu320.sys
00:59:56.0562 2376  adpu320 - ok
00:59:56.0733 2376  [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
00:59:57.0005 2376  AeLookupSvc - ok
00:59:57.0132 2376  [ 3911B972B55FEA0478476B2E777B29FA ] AFD             C:\Windows\system32\drivers\afd.sys
00:59:57.0365 2376  AFD - ok
00:59:57.0412 2376  [ 1CB677BF1DABD3BAF4F944E2C90D6C73 ] AgereModemAudio C:\Windows\system32\agrsmsvc.exe
00:59:57.0512 2376  AgereModemAudio - ok
00:59:57.0828 2376  [ 4E6294A06BE883C9BD685A8DFD9FCD4E ] AgereSoftModem  C:\Windows\system32\DRIVERS\AGRSM.sys
00:59:58.0144 2376  AgereSoftModem - ok
00:59:58.0250 2376  [ EF23439CDD587F64C2C1B8825CEAD7D8 ] agp440          C:\Windows\system32\drivers\agp440.sys
00:59:58.0348 2376  agp440 - ok
00:59:58.0467 2376  [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx         C:\Windows\system32\drivers\djsvs.sys
00:59:58.0541 2376  aic78xx - ok
00:59:58.0623 2376  [ A1545B731579895D8CC44FC0481C1192 ] ALG             C:\Windows\System32\alg.exe
00:59:59.0175 2376  ALG - ok
00:59:59.0231 2376  [ 90395B64600EBB4552E26E178C94B2E4 ] aliide          C:\Windows\system32\drivers\aliide.sys
00:59:59.0336 2376  aliide - ok
00:59:59.0410 2376  [ 2B13E304C9DFDFA5EB582F6A149FA2C7 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
00:59:59.0468 2376  amdagp - ok
00:59:59.0498 2376  [ 0577DF1D323FE75A739C787893D300EA ] amdide          C:\Windows\system32\drivers\amdide.sys
00:59:59.0582 2376  amdide - ok
00:59:59.0691 2376  [ DC487885BCEF9F28EECE6FAC0E5DDFC5 ] AmdK7           C:\Windows\system32\drivers\amdk7.sys
01:00:00.0026 2376  AmdK7 - ok
01:00:00.0072 2376  [ 0CA0071DA4315B00FC1328CA86B425DA ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
01:00:00.0311 2376  AmdK8 - ok
01:00:00.0542 2376  [ D9A92E6DD41C5ADC045AE485026AA40C ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
01:00:00.0651 2376  AntiVirSchedulerService - ok
01:00:00.0722 2376  [ 66A7A38F7C439153B758548375EB9E5E ] AntiVirService  C:\Program Files\Avira\AntiVir Desktop\avguard.exe
01:00:00.0775 2376  AntiVirService - ok
01:00:00.0928 2376  [ 9EDAE2D1CA368E8D01BEE8BFBC9488E4 ] AntiVirWebService C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
01:00:01.0075 2376  AntiVirWebService - ok
01:00:01.0164 2376  [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo         C:\Windows\System32\appinfo.dll
01:00:01.0298 2376  Appinfo - ok
01:00:01.0557 2376  [ 4FE5C6D40664AE07BE5105874357D2ED ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
01:00:01.0615 2376  Apple Mobile Device - ok
01:00:01.0752 2376  [ 5F673180268BB1FDB69C99B6619FE379 ] arc             C:\Windows\system32\drivers\arc.sys
01:00:01.0830 2376  arc - ok
01:00:01.0888 2376  [ 957F7540B5E7F602E44648C7DE5A1C05 ] arcsas          C:\Windows\system32\drivers\arcsas.sys
01:00:02.0061 2376  arcsas - ok
01:00:02.0168 2376  [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
01:00:02.0333 2376  AsyncMac - ok
01:00:02.0464 2376  [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi           C:\Windows\system32\drivers\atapi.sys
01:00:02.0509 2376  atapi - ok
01:00:02.0659 2376  [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
01:00:02.0833 2376  AudioEndpointBuilder - ok
01:00:02.0963 2376  [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv        C:\Windows\System32\Audiosrv.dll
01:00:03.0054 2376  Audiosrv - ok
01:00:03.0195 2376  [ 87425709A251386064C99B684BF96F72 ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
01:00:03.0308 2376  avgntflt - ok
01:00:03.0383 2376  [ D50FBA68163BC498F2C136E0E5BA8E2F ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
01:00:03.0484 2376  avipbb - ok
01:00:03.0574 2376  [ CB8741CD7B126499FED40C9B197F6AC5 ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
01:00:03.0685 2376  avkmgr - ok
01:00:03.0776 2376  [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep            C:\Windows\system32\drivers\Beep.sys
01:00:03.0945 2376  Beep - ok
01:00:04.0112 2376  [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE             C:\Windows\System32\bfe.dll
01:00:04.0592 2376  BFE - ok
01:00:05.0015 2376  [ 93952506C6D67330367F7E7934B6A02F ] BITS            C:\Windows\System32\qmgr.dll
01:00:05.0330 2376  BITS - ok
01:00:05.0342 2376  blbdrive - ok
01:00:05.0468 2376  [ 852A1BD08E7DFEB9E30B5440881C0501 ] BlueletAudio    C:\Windows\system32\DRIVERS\blueletaudio.sys
01:00:05.0563 2376  BlueletAudio - ok
01:00:05.0659 2376  [ 8FC27B12A02B43947787F0EF1885DF9B ] BlueletSCOAudio C:\Windows\system32\DRIVERS\BlueletSCOAudio.sys
01:00:05.0821 2376  BlueletSCOAudio - ok
01:00:05.0972 2376  [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
01:00:06.0063 2376  Bonjour Service - ok
01:00:06.0154 2376  [ 35F376253F687BDE63976CCB3F2108CA ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
01:00:06.0329 2376  bowser - ok
01:00:06.0378 2376  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\Windows\system32\drivers\brfiltlo.sys
01:00:06.0516 2376  BrFiltLo - ok
01:00:06.0545 2376  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\Windows\system32\drivers\brfiltup.sys
01:00:06.0656 2376  BrFiltUp - ok
01:00:06.0768 2376  [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser         C:\Windows\System32\browser.dll
01:00:06.0925 2376  Browser - ok
01:00:07.0686 2376  [ D9C8DC2D7EC28E3FF25C99EF17C8631A ] BrowserProtect  C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe
01:00:08.0302 2376  BrowserProtect - ok
01:00:08.0375 2376  [ B304E75CFF293029EDDF094246747113 ] Brserid         C:\Windows\system32\drivers\brserid.sys
01:00:08.0575 2376  Brserid - ok
01:00:08.0609 2376  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\Windows\system32\drivers\brserwdm.sys
01:00:08.0803 2376  BrSerWdm - ok
01:00:08.0961 2376  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\Windows\system32\drivers\brusbmdm.sys
01:00:09.0382 2376  BrUsbMdm - ok
01:00:09.0552 2376  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\Windows\system32\drivers\brusbser.sys
01:00:09.0969 2376  BrUsbSer - ok
01:00:10.0080 2376  [ C5CCE2B26F73F8CF7F3C82159E79AA08 ] BT              C:\Windows\system32\DRIVERS\btnetdrv.sys
01:00:10.0310 2376  BT - ok
01:00:10.0415 2376  [ DA473D279420234170DA795F1CAD4479 ] Btcsrusb        C:\Windows\system32\Drivers\btcusb.sys
01:00:10.0493 2376  Btcsrusb - ok
01:00:10.0570 2376  [ CE643D0918123D76A5CAAB008FCA9663 ] BTHidEnum       C:\Windows\system32\Drivers\vbtenum.sys
01:00:10.0664 2376  BTHidEnum - ok
01:00:10.0705 2376  [ DFCA4FE4C8AEC786B4D0F432EB730F48 ] BTHidMgr        C:\Windows\system32\Drivers\BTHidMgr.sys
01:00:10.0797 2376  BTHidMgr - ok
01:00:10.0885 2376  [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
01:00:11.0151 2376  BTHMODEM - ok
01:00:11.0286 2376  [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
01:00:11.0467 2376  cdfs - ok
01:00:11.0605 2376  [ 6B4BFFB9BECD728097024276430DB314 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
01:00:11.0771 2376  cdrom - ok
01:00:11.0863 2376  [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc     C:\Windows\System32\certprop.dll
01:00:11.0978 2376  CertPropSvc - ok
01:00:12.0293 2376  [ C82162949BBA6CC5D006C7BD008F3CF1 ] CFSvcs          C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
01:00:12.0368 2376  CFSvcs ( UnsignedFile.Multi.Generic ) - warning
01:00:12.0368 2376  CFSvcs - detected UnsignedFile.Multi.Generic (1)
01:00:12.0421 2376  [ DA8E0AFC7BAA226C538EF53AC2F90897 ] circlass        C:\Windows\system32\drivers\circlass.sys
01:00:12.0623 2376  circlass - ok
01:00:12.0757 2376  [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS            C:\Windows\system32\CLFS.sys
01:00:12.0849 2376  CLFS - ok
01:00:13.0003 2376  [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
01:00:13.0092 2376  clr_optimization_v2.0.50727_32 - ok
01:00:13.0181 2376  CLTNetCnService - ok
01:00:13.0321 2376  [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
01:00:13.0520 2376  CmBatt - ok
01:00:13.0613 2376  [ 45201046C776FFDAF3FC8A0029C581C8 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
01:00:13.0750 2376  cmdide - ok
01:00:13.0815 2376  [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
01:00:13.0908 2376  Compbatt - ok
01:00:13.0922 2376  COMSysApp - ok
01:00:14.0027 2376  [ 2A213AE086BBEC5E937553C7D9A2B22C ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
01:00:14.0080 2376  crcdisk - ok
01:00:14.0126 2376  [ 22A7F883508176489F559EE745B5BF5D ] Crusoe          C:\Windows\system32\drivers\crusoe.sys
01:00:14.0371 2376  Crusoe - ok
01:00:14.0537 2376  [ F1E8C34892336D33EDDCDFE44E474F64 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
01:00:14.0987 2376  CryptSvc - ok
01:00:15.0362 2376  [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch      C:\Windows\system32\rpcss.dll
01:00:15.0807 2376  DcomLaunch - ok
01:00:15.0901 2376  [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
01:00:16.0056 2376  DfsC - ok
01:00:16.0318 2376  [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR            C:\Windows\system32\DFSR.exe
01:00:16.0878 2376  DFSR - ok
01:00:17.0034 2376  [ 9028559C132146FB75EB7ACF384B086A ] Dhcp            C:\Windows\System32\dhcpcsvc.dll
01:00:17.0170 2376  Dhcp - ok
01:00:17.0290 2376  [ 5D4AEFC3386920236A548271F8F1AF6A ] disk            C:\Windows\system32\drivers\disk.sys
01:00:17.0374 2376  disk - ok
01:00:17.0476 2376  [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache        C:\Windows\System32\dnsrslvr.dll
01:00:17.0620 2376  Dnscache - ok
01:00:17.0701 2376  [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc         C:\Windows\System32\dot3svc.dll
01:00:17.0853 2376  dot3svc - ok
01:00:17.0920 2376  [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS             C:\Windows\system32\dps.dll
01:00:18.0048 2376  DPS - ok
01:00:18.0166 2376  [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
01:00:18.0380 2376  drmkaud - ok
01:00:18.0621 2376  [ FB85F7F69E9B109820409243F578CC4D ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
01:00:19.0095 2376  DXGKrnl - ok
01:00:19.0161 2376  [ D00EEAE1CACD77A1A8396BBC19140BBA ] E100B           C:\Windows\system32\DRIVERS\e100b325.sys
01:00:19.0365 2376  E100B - ok
01:00:19.0624 2376  [ F88FB26547FD2CE6D0A5AF2985892C48 ] E1G60           C:\Windows\system32\DRIVERS\E1G60I32.sys
01:00:20.0204 2376  E1G60 - ok
01:00:20.0328 2376  [ C0B95E40D85CD807D614E264248A45B9 ] EapHost         C:\Windows\System32\eapsvc.dll
01:00:20.0484 2376  EapHost - ok
01:00:20.0618 2376  [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache          C:\Windows\system32\drivers\ecache.sys
01:00:20.0718 2376  Ecache - ok
01:00:21.0172 2376  [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
01:00:21.0531 2376  ehRecvr - ok
01:00:21.0576 2376  [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched         C:\Windows\ehome\ehsched.exe
01:00:22.0216 2376  ehSched - ok
01:00:22.0353 2376  [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart         C:\Windows\ehome\ehstart.dll
01:00:22.0530 2376  ehstart - ok
01:00:22.0738 2376  [ E8F3F21A71720C84BCF423B80028359F ] elxstor         C:\Windows\system32\drivers\elxstor.sys
01:00:22.0893 2376  elxstor - ok
01:00:23.0098 2376  [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt         C:\Windows\system32\emdmgmt.dll
01:00:23.0553 2376  EMDMgmt - ok
01:00:23.0712 2376  [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem     C:\Windows\system32\es.dll
01:00:24.0334 2376  EventSystem - ok
01:00:24.0447 2376  [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat           C:\Windows\system32\drivers\exfat.sys
01:00:24.0693 2376  exfat - ok
01:00:24.0801 2376  [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
01:00:24.0981 2376  fastfat - ok
01:00:25.0142 2376  [ 63BDADA84951B9C03E641800E176898A ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
01:00:25.0424 2376  fdc - ok
01:00:25.0620 2376  [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost         C:\Windows\system32\fdPHost.dll
01:00:25.0762 2376  fdPHost - ok
01:00:25.0893 2376  [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub        C:\Windows\system32\fdrespub.dll
01:00:26.0203 2376  FDResPub - ok
01:00:26.0280 2376  [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
01:00:26.0391 2376  FileInfo - ok
01:00:26.0453 2376  [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
01:00:27.0081 2376  Filetrace - ok
01:00:27.0123 2376  FirebirdServerMAGIXInstance - ok
01:00:27.0232 2376  [ 6603957EFF5EC62D25075EA8AC27DE68 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
01:00:27.0537 2376  flpydisk - ok
01:00:27.0667 2376  [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
01:00:27.0792 2376  FltMgr - ok
01:00:27.0878 2376  [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
01:00:27.0922 2376  FontCache3.0.0.0 - ok
01:00:27.0967 2376  [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
01:00:28.0191 2376  Fs_Rec - ok
01:00:28.0238 2376  [ CBC22823628544735625B280665E434E ] FwLnk           C:\Windows\system32\DRIVERS\FwLnk.sys
01:00:28.0339 2376  FwLnk - ok
01:00:28.0450 2376  [ 4E1CD0A45C50A8882616CAE5BF82F3C5 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
01:00:28.0634 2376  gagp30kx - ok
01:00:28.0684 2376  [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
01:00:28.0762 2376  GEARAspiWDM - ok
01:00:28.0969 2376  [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc           C:\Windows\System32\gpsvc.dll
01:00:29.0141 2376  gpsvc - ok
01:00:29.0467 2376  [ 408DDD80EEDE47175F6844817B90213E ] gusvc           C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
01:00:29.0537 2376  gusvc - ok
01:00:29.0700 2376  [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
01:00:29.0991 2376  HdAudAddService - ok
01:00:30.0223 2376  [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
01:00:30.0448 2376  HDAudBus - ok
01:00:30.0495 2376  [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth          C:\Windows\system32\drivers\hidbth.sys
01:00:30.0702 2376  HidBth - ok
01:00:30.0774 2376  [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr           C:\Windows\system32\drivers\hidir.sys
01:00:30.0986 2376  HidIr - ok
01:00:31.0049 2376  [ 84067081F3318162797385E11A8F0582 ] hidserv         C:\Windows\system32\hidserv.dll
01:00:31.0203 2376  hidserv - ok
01:00:31.0317 2376  [ CCA4B519B17E23A00B826C55716809CC ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
01:00:31.0502 2376  HidUsb - ok
01:00:31.0617 2376  [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc          C:\Windows\system32\kmsvc.dll
01:00:31.0786 2376  hkmsvc - ok
01:00:31.0906 2376  [ DF353B401001246853763C4B7AAA6F50 ] HpCISSs         C:\Windows\system32\drivers\hpcisss.sys
01:00:32.0210 2376  HpCISSs - ok
01:00:32.0290 2376  [ F870AA3E254628EBEAFE754108D664DE ] HTTP            C:\Windows\system32\drivers\HTTP.sys
01:00:32.0494 2376  HTTP - ok
01:00:32.0723 2376  [ 324C2152FF2C61ABAE92D09F3CCA4D63 ] i2omp           C:\Windows\system32\drivers\i2omp.sys
01:00:32.0933 2376  i2omp - ok
01:00:33.0067 2376  [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
01:00:33.0288 2376  i8042prt - ok
01:00:33.0405 2376  [ C957BF4B5D80B46C5017BF0101E6C906 ] iaStorV         C:\Windows\system32\drivers\iastorv.sys
01:00:33.0570 2376  iaStorV - ok
01:00:33.0666 2376  [ DAF66902F08796F9C694901660E5A64A ] IDriverT        C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
01:00:33.0822 2376  IDriverT ( UnsignedFile.Multi.Generic ) - warning
01:00:33.0822 2376  IDriverT - detected UnsignedFile.Multi.Generic (1)
01:00:34.0021 2376  [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
01:00:34.0244 2376  idsvc - ok
01:00:34.0274 2376  [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
01:00:34.0346 2376  iirsp - ok
01:00:34.0519 2376  [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT          C:\Windows\System32\ikeext.dll
01:00:34.0776 2376  IKEEXT - ok
01:00:35.0046 2376  [ 2690BE9907B36B7C3EA2859C74926FA1 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
01:00:35.0288 2376  IntcAzAudAddService - ok
01:00:35.0411 2376  [ 83AA759F3189E6370C30DE5DC5590718 ] intelide        C:\Windows\system32\drivers\intelide.sys
01:00:35.0496 2376  intelide - ok
01:00:35.0549 2376  [ 224191001E78C89DFA78924C3EA595FF ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
01:00:35.0696 2376  intelppm - ok
01:00:35.0758 2376  [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
01:00:35.0927 2376  IPBusEnum - ok
01:00:36.0020 2376  [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
01:00:36.0432 2376  IpFilterDriver - ok
01:00:36.0472 2376  [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
01:00:36.0620 2376  iphlpsvc - ok
01:00:36.0630 2376  IpInIp - ok
01:00:36.0710 2376  [ 40F34F8ABA2A015D780E4B09138B6C17 ] IPMIDRV         C:\Windows\system32\drivers\ipmidrv.sys
01:00:36.0917 2376  IPMIDRV - ok
01:00:36.0971 2376  [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT           C:\Windows\system32\DRIVERS\ipnat.sys
01:00:37.0116 2376  IPNAT - ok
01:00:37.0197 2376  [ E46B17060D3962A384AE484094614788 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
01:00:37.0312 2376  iPod Service - ok
01:00:37.0416 2376  [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
01:00:37.0579 2376  IRENUM - ok
01:00:37.0670 2376  [ 350FCA7E73CF65BCEF43FAE1E4E91293 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
01:00:37.0792 2376  isapnp - ok
01:00:37.0907 2376  [ 232FA340531D940AAC623B121A595034 ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
01:00:38.0011 2376  iScsiPrt - ok
01:00:38.0146 2376  [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi        C:\Windows\system32\drivers\iteatapi.sys
01:00:38.0349 2376  iteatapi - ok
01:00:38.0420 2376  [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid         C:\Windows\system32\drivers\iteraid.sys
01:00:38.0502 2376  iteraid - ok
01:00:38.0569 2376  [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
01:00:38.0650 2376  kbdclass - ok
01:00:38.0770 2376  [ D2600CB17B7408B4A83F231DC9A11AC3 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
01:00:39.0022 2376  kbdhid - ok
01:00:39.0084 2376  [ A3E186B4B935905B829219502557314E ] KeyIso          C:\Windows\system32\lsass.exe
01:00:39.0255 2376  KeyIso - ok
01:00:39.0375 2376  [ 1E0D65F7FFEB4E99B2EEC1CCB5754CC8 ] KR10I           C:\Windows\system32\drivers\kr10i.sys
01:00:39.0476 2376  KR10I - ok
01:00:39.0597 2376  [ 0F9E83709CBB60B1549F3A65D0AB6E4F ] KR10N           C:\Windows\system32\drivers\kr10n.sys
01:00:39.0845 2376  KR10N - ok
01:00:40.0045 2376  [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
01:00:40.0360 2376  KSecDD - ok
01:00:40.0444 2376  [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm           C:\Windows\system32\msdtckrm.dll
01:00:40.0654 2376  KtmRm - ok
01:00:40.0751 2376  [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer    C:\Windows\system32\srvsvc.dll
01:00:40.0905 2376  LanmanServer - ok
01:00:41.0050 2376  [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
01:00:41.0279 2376  LanmanWorkstation - ok
01:00:41.0370 2376  [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
01:00:41.0536 2376  lltdio - ok
01:00:41.0726 2376  [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
01:00:41.0938 2376  lltdsvc - ok
01:00:41.0990 2376  [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts         C:\Windows\System32\lmhsvc.dll
01:00:42.0233 2376  lmhosts - ok
01:00:42.0301 2376  [ A2262FB9F28935E862B4DB46438C80D2 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
01:00:42.0372 2376  LSI_FC - ok
01:00:42.0495 2376  [ 30D73327D390F72A62F32C103DAF1D6D ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
01:00:42.0574 2376  LSI_SAS - ok
01:00:42.0628 2376  [ E1E36FEFD45849A95F1AB81DE0159FE3 ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
01:00:42.0689 2376  LSI_SCSI - ok
01:00:42.0751 2376  [ 8F5C7426567798E62A3B3614965D62CC ] luafv           C:\Windows\system32\drivers\luafv.sys
01:00:42.0883 2376  luafv - ok
01:00:42.0963 2376  [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
01:00:43.0069 2376  Mcx2Svc - ok
01:00:43.0204 2376  [ D153B14FC6598EAE8422A2037553ADCE ] megasas         C:\Windows\system32\drivers\megasas.sys
01:00:43.0291 2376  megasas - ok
01:00:43.0420 2376  [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS           C:\Windows\system32\mmcss.dll
01:00:43.0631 2376  MMCSS - ok
01:00:43.0852 2376  [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem           C:\Windows\system32\drivers\modem.sys
01:00:44.0004 2376  Modem - ok
01:00:44.0157 2376  [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
01:00:44.0427 2376  monitor - ok
01:00:44.0504 2376  [ 5BF6A1326A335C5298477754A506D263 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
01:00:44.0585 2376  mouclass - ok
01:00:44.0680 2376  [ 93B8D4869E12CFBE663915502900876F ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
01:00:44.0819 2376  mouhid - ok
01:00:44.0891 2376  [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr        C:\Windows\system32\drivers\mountmgr.sys
01:00:45.0021 2376  MountMgr - ok
01:00:45.0203 2376  [ 7EDBBB9351A38C6BB0FE98CFD44DB430 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
01:00:45.0303 2376  MozillaMaintenance - ok
01:00:45.0385 2376  [ 583A41F26278D9E0EA548163D6139397 ] mpio            C:\Windows\system32\drivers\mpio.sys
01:00:45.0473 2376  mpio - ok
01:00:45.0552 2376  [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
01:00:45.0745 2376  mpsdrv - ok
01:00:45.0999 2376  [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc          C:\Windows\system32\mpssvc.dll
01:00:46.0245 2376  MpsSvc - ok
01:00:46.0330 2376  [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x        C:\Windows\system32\drivers\mraid35x.sys
01:00:46.0432 2376  Mraid35x - ok
01:00:46.0547 2376  [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
01:00:46.0680 2376  MRxDAV - ok
01:00:46.0759 2376  [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
01:00:46.0920 2376  mrxsmb - ok
01:00:47.0079 2376  [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
01:00:47.0464 2376  mrxsmb10 - ok
01:00:47.0570 2376  [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
01:00:47.0743 2376  mrxsmb20 - ok
01:00:47.0803 2376  [ 742AED7939E734C36B7E8D6228CE26B7 ] msahci          C:\Windows\system32\drivers\msahci.sys
01:00:47.0933 2376  msahci - ok
01:00:47.0990 2376  [ 3FC82A2AE4CC149165A94699183D3028 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
01:00:48.0183 2376  msdsm - ok
01:00:48.0265 2376  [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC           C:\Windows\System32\msdtc.exe
01:00:48.0527 2376  MSDTC - ok
01:00:48.0672 2376  [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
01:00:48.0851 2376  Msfs - ok
01:00:49.0152 2376  [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
01:00:49.0273 2376  msisadrv - ok
01:00:49.0324 2376  [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
01:00:49.0616 2376  MSiSCSI - ok
01:00:49.0626 2376  msiserver - ok
01:00:49.0704 2376  [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
01:00:49.0849 2376  MSKSSRV - ok
01:00:49.0907 2376  [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
01:00:50.0063 2376  MSPCLOCK - ok
01:00:50.0243 2376  [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
01:00:50.0356 2376  MSPQM - ok
01:00:50.0431 2376  [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
01:00:50.0633 2376  MsRPC - ok
01:00:50.0679 2376  [ E384487CB84BE41D09711C30CA79646C ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
01:00:50.0770 2376  mssmbios - ok
01:00:50.0807 2376  [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
01:00:50.0934 2376  MSTEE - ok
01:00:50.0996 2376  [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup             C:\Windows\system32\Drivers\mup.sys
01:00:51.0075 2376  Mup - ok
01:00:51.0146 2376  [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent        C:\Windows\system32\qagentRT.dll
01:00:51.0296 2376  napagent - ok
01:00:51.0348 2376  [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
01:00:51.0437 2376  NativeWifiP - ok
01:00:51.0713 2376  [ 89844C3D3A7AAE8999E229C88E452633 ] NBService       C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
01:00:52.0082 2376  NBService ( UnsignedFile.Multi.Generic ) - warning
01:00:52.0082 2376  NBService - detected UnsignedFile.Multi.Generic (1)
01:00:52.0152 2376  [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS            C:\Windows\system32\drivers\ndis.sys
01:00:52.0397 2376  NDIS - ok
01:00:52.0442 2376  [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
01:00:52.0578 2376  NdisTapi - ok
01:00:52.0631 2376  [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
01:00:52.0805 2376  Ndisuio - ok
01:00:52.0887 2376  [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
01:00:52.0981 2376  NdisWan - ok
01:00:53.0019 2376  [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
01:00:53.0197 2376  NDProxy - ok
01:00:53.0261 2376  [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
01:00:53.0444 2376  NetBIOS - ok
01:00:53.0526 2376  [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt           C:\Windows\system32\DRIVERS\netbt.sys
01:00:53.0668 2376  netbt - ok
01:00:53.0703 2376  [ A3E186B4B935905B829219502557314E ] Netlogon        C:\Windows\system32\lsass.exe
01:00:53.0753 2376  Netlogon - ok
01:00:53.0801 2376  [ C8052711DAECC48B982434C5116CA401 ] Netman          C:\Windows\System32\netman.dll
01:00:53.0924 2376  Netman - ok
01:00:54.0006 2376  [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm        C:\Windows\System32\netprofm.dll
01:00:54.0152 2376  netprofm - ok
01:00:54.0222 2376  [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
01:00:54.0347 2376  NetTcpPortSharing - ok
01:00:54.0645 2376  [ ACC6170D80C69E50145B370023B64ED3 ] NETw3v32        C:\Windows\system32\DRIVERS\NETw3v32.sys
01:00:55.0227 2376  NETw3v32 - ok
01:00:55.0893 2376  [ 6522DD40A5F67CED020BD81B856613FB ] NETw4v32        C:\Windows\system32\DRIVERS\NETw4v32.sys
01:00:56.0171 2376  NETw4v32 - ok
01:00:56.0388 2376  [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
01:00:56.0525 2376  nfrd960 - ok
01:00:56.0700 2376  [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc          C:\Windows\System32\nlasvc.dll
01:00:56.0826 2376  NlaSvc - ok
01:00:56.0999 2376  [ 8DD0CDB0C700992D10169D8769EF5F43 ] NMIndexingService C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
01:00:57.0052 2376  NMIndexingService ( UnsignedFile.Multi.Generic ) - warning
01:00:57.0053 2376  NMIndexingService - detected UnsignedFile.Multi.Generic (1)
01:00:57.0089 2376  [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
01:00:57.0218 2376  Npfs - ok
01:00:57.0271 2376  [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi             C:\Windows\system32\nsisvc.dll
01:00:57.0402 2376  nsi - ok
01:00:57.0490 2376  [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
01:00:57.0696 2376  nsiproxy - ok
01:00:57.0999 2376  [ 2C1121F2B87E9A6B12485DF53CD848C7 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
01:00:58.0667 2376  Ntfs - ok
01:00:58.0738 2376  [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi       C:\Windows\system32\drivers\ntrigdigi.sys
01:00:58.0944 2376  ntrigdigi - ok
01:00:59.0051 2376  [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null            C:\Windows\system32\drivers\Null.sys
01:00:59.0194 2376  Null - ok
01:01:00.0166 2376  [ B02587FA997723297384C95F424E78FA ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
01:01:02.0385 2376  nvlddmkm - ok
01:01:02.0434 2376  [ E69E946F80C1C31C53003BFBF50CBB7C ] nvraid          C:\Windows\system32\drivers\nvraid.sys
01:01:02.0533 2376  nvraid - ok
01:01:02.0566 2376  [ 9E0BA19A28C498A6D323D065DB76DFFC ] nvstor          C:\Windows\system32\drivers\nvstor.sys
01:01:02.0630 2376  nvstor - ok
01:01:02.0708 2376  [ 07C186427EB8FCC3D8D7927187F260F7 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
01:01:02.0809 2376  nv_agp - ok
01:01:02.0833 2376  NwlnkFlt - ok
01:01:02.0849 2376  NwlnkFwd - ok
01:01:02.0916 2376  [ 6F310E890D46E246E0E261A63D9B36B4 ] ohci1394        C:\Windows\system32\DRIVERS\ohci1394.sys
01:01:03.0044 2376  ohci1394 - ok
01:01:03.0205 2376  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
01:01:03.0284 2376  ose - ok
01:01:03.0538 2376  [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc        C:\Windows\system32\p2psvc.dll
01:01:03.0890 2376  p2pimsvc - ok
01:01:04.0078 2376  [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc          C:\Windows\system32\p2psvc.dll
01:01:04.0258 2376  p2psvc - ok
01:01:04.0363 2376  [ 0FA9B5055484649D63C303FE404E5F4D ] Parport         C:\Windows\system32\drivers\parport.sys
01:01:04.0571 2376  Parport - ok
01:01:04.0631 2376  [ B9C2B89F08670E159F7181891E449CD9 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
01:01:04.0727 2376  partmgr - ok
01:01:04.0792 2376  [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm          C:\Windows\system32\drivers\parvdm.sys
01:01:05.0026 2376  Parvdm - ok
01:01:05.0142 2376  [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc          C:\Windows\System32\pcasvc.dll
01:01:05.0288 2376  PcaSvc - ok
01:01:05.0379 2376  [ 941DC1D19E7E8620F40BBC206981EFDB ] pci             C:\Windows\system32\drivers\pci.sys
01:01:05.0458 2376  pci - ok
01:01:05.0533 2376  [ 3B1901E401473E03EB8C874271E50C26 ] pciide          C:\Windows\system32\drivers\pciide.sys
01:01:05.0789 2376  pciide - ok
01:01:05.0976 2376  [ 3BB2244F343B610C29C98035504C9B75 ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
01:01:06.0196 2376  pcmcia - ok
01:01:06.0450 2376  [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
01:01:06.0788 2376  PEAUTH - ok
01:01:07.0017 2376  [ B1689DF169143F57053F795390C99DB3 ] pla             C:\Windows\system32\pla.dll
01:01:07.0462 2376  pla - ok
01:01:07.0667 2376  [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
01:01:07.0840 2376  PlugPlay - ok
01:01:07.0956 2376  [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg     C:\Windows\system32\p2psvc.dll
01:01:08.0032 2376  PNRPAutoReg - ok
01:01:08.0093 2376  [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc         C:\Windows\system32\p2psvc.dll
01:01:08.0195 2376  PNRPsvc - ok
01:01:08.0316 2376  [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
01:01:08.0454 2376  PolicyAgent - ok
01:01:08.0563 2376  [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
01:01:08.0737 2376  PptpMiniport - ok
01:01:08.0773 2376  [ 0E3CEF5D28B40CF273281D620C50700A ] Processor       C:\Windows\system32\drivers\processr.sys
01:01:08.0957 2376  Processor - ok
01:01:09.0035 2376  [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc         C:\Windows\system32\profsvc.dll
01:01:09.0158 2376  ProfSvc - ok
01:01:09.0203 2376  [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
01:01:09.0276 2376  ProtectedStorage - ok
01:01:09.0333 2376  [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched          C:\Windows\system32\DRIVERS\pacer.sys
01:01:09.0416 2376  PSched - ok
01:01:09.0523 2376  [ CCDAC889326317792480C0A67156A1EC ] ql2300          C:\Windows\system32\drivers\ql2300.sys
01:01:09.0879 2376  ql2300 - ok
01:01:09.0950 2376  [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
01:01:10.0080 2376  ql40xx - ok
01:01:10.0176 2376  [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE           C:\Windows\system32\qwave.dll
01:01:10.0347 2376  QWAVE - ok
01:01:10.0393 2376  [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
01:01:10.0479 2376  QWAVEdrv - ok
01:01:10.0520 2376  [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
01:01:10.0654 2376  RasAcd - ok
01:01:10.0758 2376  [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto         C:\Windows\System32\rasauto.dll
01:01:10.0927 2376  RasAuto - ok
01:01:10.0998 2376  [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
01:01:11.0184 2376  Rasl2tp - ok
01:01:11.0362 2376  [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan          C:\Windows\System32\rasmans.dll
01:01:11.0522 2376  RasMan - ok
01:01:11.0610 2376  [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
01:01:11.0750 2376  RasPppoe - ok
01:01:11.0795 2376  [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
01:01:11.0971 2376  RasSstp - ok
01:01:12.0028 2376  [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
01:01:12.0202 2376  rdbss - ok
01:01:12.0274 2376  [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
01:01:12.0429 2376  RDPCDD - ok
01:01:12.0509 2376  [ E8BD98D46F2ED77132BA927FCCB47D8B ] rdpdr           C:\Windows\system32\drivers\rdpdr.sys
01:01:12.0770 2376  rdpdr - ok
01:01:12.0796 2376  [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
01:01:12.0998 2376  RDPENCDD - ok
01:01:13.0082 2376  [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
01:01:13.0382 2376  RDPWD - ok
01:01:13.0503 2376  [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess    C:\Windows\System32\mprdim.dll
01:01:13.0652 2376  RemoteAccess - ok
01:01:13.0803 2376  [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry  C:\Windows\system32\regsvc.dll
01:01:13.0978 2376  RemoteRegistry - ok
01:01:14.0050 2376  [ 75E8A6BFA7374ABA833AE92BF41AE4E6 ] ROOTMODEM       C:\Windows\system32\Drivers\RootMdm.sys
01:01:14.0323 2376  ROOTMODEM - ok
01:01:14.0367 2376  [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator      C:\Windows\system32\locator.exe
01:01:14.0598 2376  RpcLocator - ok
01:01:14.0769 2376  [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs           C:\Windows\system32\rpcss.dll
01:01:15.0080 2376  RpcSs - ok
01:01:15.0152 2376  [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
01:01:15.0438 2376  rspndr - ok
01:01:15.0469 2376  [ A3E186B4B935905B829219502557314E ] SamSs           C:\Windows\system32\lsass.exe
01:01:15.0517 2376  SamSs - ok
01:01:15.0589 2376  [ 3CE8F073A557E172B330109436984E30 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
01:01:15.0789 2376  sbp2port - ok
01:01:15.0919 2376  [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
01:01:16.0098 2376  SCardSvr - ok
01:01:16.0583 2376  [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule        C:\Windows\system32\schedsvc.dll
01:01:17.0371 2376  Schedule - ok
01:01:17.0404 2376  [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc     C:\Windows\System32\certprop.dll
01:01:17.0478 2376  SCPolicySvc - ok
01:01:17.0528 2376  [ 8F36B54688C31EED4580129040C6A3D3 ] sdbus           C:\Windows\system32\DRIVERS\sdbus.sys
01:01:17.0764 2376  sdbus - ok
01:01:17.0855 2376  [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
01:01:18.0260 2376  SDRSVC - ok
01:01:18.0329 2376  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
01:01:18.0567 2376  secdrv - ok
01:01:18.0638 2376  [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon        C:\Windows\system32\seclogon.dll
01:01:18.0824 2376  seclogon - ok
01:01:18.0860 2376  [ A9BBAB5759771E523F55563D6CBE140F ] SENS            C:\Windows\System32\sens.dll
01:01:19.0030 2376  SENS - ok
01:01:19.0109 2376  [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
01:01:19.0356 2376  Serenum - ok
01:01:19.0409 2376  [ C70D69A918B178D3C3B06339B40C2E1B ] Serial          C:\Windows\system32\drivers\serial.sys
01:01:19.0768 2376  Serial - ok
01:01:19.0842 2376  [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
01:01:20.0019 2376  sermouse - ok
01:01:20.0125 2376  [ D2193326F729B163125610DBF3E17D57 ] SessionEnv      C:\Windows\system32\sessenv.dll
01:01:20.0271 2376  SessionEnv - ok
01:01:20.0375 2376  [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk         C:\Windows\system32\DRIVERS\sffdisk.sys
01:01:20.0514 2376  sffdisk - ok
01:01:20.0574 2376  [ 8FD08A310645FE872EEEC6E08C6BF3EE ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
01:01:20.0831 2376  sffp_mmc - ok
01:01:20.0927 2376  [ 9F66A46C55D6F1CCABC79BB7AFCCC545 ] sffp_sd         C:\Windows\system32\DRIVERS\sffp_sd.sys
01:01:21.0051 2376  sffp_sd - ok
01:01:21.0111 2376  [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
01:01:21.0300 2376  sfloppy - ok
01:01:21.0382 2376  [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
01:01:21.0659 2376  SharedAccess - ok
01:01:21.0829 2376  [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
01:01:21.0994 2376  ShellHWDetection - ok
01:01:22.0181 2376  [ D2A595D6EEBEEAF4334F8E50EFBC9931 ] sisagp          C:\Windows\system32\drivers\sisagp.sys
01:01:22.0604 2376  sisagp - ok
01:01:22.0658 2376  [ CEDD6F4E7D84E9F98B34B3FE988373AA ] SiSRaid2        C:\Windows\system32\drivers\sisraid2.sys
01:01:22.0996 2376  SiSRaid2 - ok
01:01:23.0089 2376  [ DF843C528C4F69D12CE41CE462E973A7 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
01:01:23.0251 2376  SiSRaid4 - ok
01:01:23.0515 2376  [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate     C:\Program Files\Skype\Updater\Updater.exe
01:01:23.0665 2376  SkypeUpdate - ok
01:01:24.0594 2376  [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc           C:\Windows\system32\SLsvc.exe
01:01:26.0844 2376  slsvc - ok
01:01:26.0948 2376  [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify      C:\Windows\system32\SLUINotify.dll
01:01:27.0065 2376  SLUINotify - ok
01:01:27.0143 2376  [ 7B75299A4D201D6A6533603D6914AB04 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
01:01:27.0392 2376  Smb - ok
01:01:27.0429 2376  [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
01:01:27.0499 2376  SNMPTRAP - ok
01:01:27.0571 2376  [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr           C:\Windows\system32\drivers\spldr.sys
01:01:27.0725 2376  spldr - ok
01:01:27.0791 2376  [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler         C:\Windows\System32\spoolsv.exe
01:01:27.0933 2376  Spooler - ok
01:01:28.0224 2376  [ 41987F9FC0E61ADF54F581E15029AD91 ] srv             C:\Windows\system32\DRIVERS\srv.sys
01:01:28.0832 2376  srv - ok
01:01:28.0895 2376  [ FF33AFF99564B1AA534F58868CBE41EF ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
01:01:29.0208 2376  srv2 - ok
01:01:29.0261 2376  [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
01:01:29.0506 2376  srvnet - ok
01:01:29.0562 2376  [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
01:01:29.0740 2376  SSDPSRV - ok
01:01:29.0808 2376  [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv          C:\Windows\system32\DRIVERS\ssmdrv.sys
01:01:29.0974 2376  ssmdrv - ok
01:01:30.0066 2376  [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
01:01:30.0199 2376  SstpSvc - ok
01:01:30.0469 2376  [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc          C:\Windows\System32\wiaservc.dll
01:01:31.0361 2376  stisvc - ok
01:01:31.0454 2376  [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
01:01:31.0527 2376  swenum - ok
01:01:31.0644 2376  [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv           C:\Windows\System32\swprv.dll
01:01:31.0844 2376  swprv - ok
01:01:31.0971 2376  [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx         C:\Windows\system32\drivers\symc8xx.sys
01:01:32.0088 2376  Symc8xx - ok
01:01:32.0143 2376  [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi          C:\Windows\system32\drivers\sym_hi.sys
01:01:32.0220 2376  Sym_hi - ok
01:01:32.0294 2376  [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3          C:\Windows\system32\drivers\sym_u3.sys
01:01:32.0516 2376  Sym_u3 - ok
01:01:32.0742 2376  [ 2D2C815364A878C7E358D5F549711197 ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
01:01:32.0848 2376  SynTP - ok
01:01:32.0987 2376  [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain         C:\Windows\system32\sysmain.dll
01:01:33.0512 2376  SysMain - ok
01:01:33.0637 2376  [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
01:01:34.0446 2376  TabletInputService - ok
01:01:34.0544 2376  [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv         C:\Windows\System32\tapisrv.dll
01:01:34.0707 2376  TapiSrv - ok
01:01:34.0775 2376  [ CB05822CD9CC6C688168E113C603DBE7 ] TBS             C:\Windows\System32\tbssvc.dll
01:01:34.0899 2376  TBS - ok
01:01:35.0161 2376  [ 74E2D020C47BB2B2FCCBA29A518A7EB4 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
01:01:35.0610 2376  Tcpip - ok
01:01:36.0077 2376  [ 74E2D020C47BB2B2FCCBA29A518A7EB4 ] Tcpip6          C:\Windows\system32\DRIVERS\tcpip.sys
01:01:36.0198 2376  Tcpip6 - ok
01:01:36.0291 2376  [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
01:01:36.0650 2376  tcpipreg - ok
01:01:36.0741 2376  [ 1825BCEB47BF41C5A9F0E44DE82FC27A ] tdcmdpst        C:\Windows\system32\DRIVERS\tdcmdpst.sys
01:01:36.0877 2376  tdcmdpst - ok
01:01:36.0934 2376  [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
01:01:37.0131 2376  TDPIPE - ok
01:01:37.0188 2376  [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
01:01:37.0369 2376  TDTCP - ok
01:01:37.0544 2376  [ 76B06EB8A01FC8624D699E7045303E54 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
01:01:37.0721 2376  tdx - ok
01:01:37.0757 2376  [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
01:01:37.0890 2376  TermDD - ok
01:01:38.0032 2376  [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService     C:\Windows\System32\termsrv.dll
01:01:38.0378 2376  TermService - ok
01:01:38.0498 2376  [ C7230FBEE14437716701C15BE02C27B8 ] Themes          C:\Windows\system32\shsvcs.dll
01:01:38.0582 2376  Themes - ok
01:01:38.0616 2376  [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER     C:\Windows\system32\mmcss.dll
01:01:38.0715 2376  THREADORDER - ok
01:01:39.0001 2376  [ F779BA4CD37963AB4600C9871B7752A3 ] tifm21          C:\Windows\system32\drivers\tifm21.sys
01:01:39.0202 2376  tifm21 - ok
01:01:39.0278 2376  [ D540858E65BFA6FDED41AD2495ECE344 ] TODDSrv         C:\Windows\system32\TODDSrv.exe
01:01:39.0620 2376  TODDSrv ( UnsignedFile.Multi.Generic ) - warning
01:01:39.0620 2376  TODDSrv - detected UnsignedFile.Multi.Generic (1)
01:01:39.0933 2376  [ 3199A477F0F06EEDE41BD55179F8EB05 ] TomTomHOMEService C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
01:01:40.0104 2376  TomTomHOMEService - ok
01:01:40.0296 2376  [ FE267A802103687E45DE449BE05CE87C ] TosCoSrv        C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
01:01:40.0681 2376  TosCoSrv - ok
01:01:40.0846 2376  [ 76148C3159718B701252F87B067904A6 ] TOSHIBA Bluetooth Service c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
01:01:40.0951 2376  TOSHIBA Bluetooth Service ( UnsignedFile.Multi.Generic ) - warning
01:01:40.0951 2376  TOSHIBA Bluetooth Service - detected UnsignedFile.Multi.Generic (1)
01:01:41.0052 2376  [ B758FDA2E4389DC41688E4B8CEE832A0 ] tosrfbd         C:\Windows\system32\DRIVERS\tosrfbd.sys
01:01:41.0255 2376  tosrfbd - ok
01:01:41.0411 2376  [ 5BA1CA3B3CDDB1DDC67DF473F05D1EC2 ] Tosrfcom        C:\Windows\system32\drivers\Tosrfcom.sys
01:01:42.0460 2376  Tosrfcom - ok
01:01:43.0075 2376  [ 5C4103544612E5011EF46301B93D1AA6 ] tosrfec         C:\Windows\system32\DRIVERS\tosrfec.sys
01:01:43.0583 2376  tosrfec - ok
01:01:43.0840 2376  [ 28099A4E52148319AFA685D93A2244D0 ] Tosrfhid        C:\Windows\system32\DRIVERS\Tosrfhid.sys
01:01:45.0140 2376  Tosrfhid - ok
01:01:45.0567 2376  [ 20CC46C5D3326122E1A0A8C9DAD00E0D ] Tosrfusb        C:\Windows\system32\DRIVERS\tosrfusb.sys
01:01:46.0159 2376  Tosrfusb - ok
01:01:46.0248 2376  [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks          C:\Windows\System32\trkwks.dll
01:01:46.0630 2376  TrkWks - ok
01:01:46.0695 2376  [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
01:01:46.0800 2376  TrustedInstaller - ok
01:01:46.0852 2376  [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
01:01:47.0036 2376  tssecsrv - ok
01:01:47.0126 2376  [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp           C:\Windows\system32\DRIVERS\tunmp.sys
01:01:47.0373 2376  tunmp - ok
01:01:47.0544 2376  [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
01:01:47.0651 2376  tunnel - ok
01:01:47.0762 2376  [ 521C5F39829875ADF5466DD94C6282C7 ] TVALZ           C:\Windows\system32\DRIVERS\TVALZ_O.SYS
01:01:47.0915 2376  TVALZ - ok
01:01:48.0045 2376  [ C3ADE15414120033A36C0F293D4A4121 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
01:01:48.0179 2376  uagp35 - ok
01:01:48.0346 2376  [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
01:01:48.0559 2376  udfs - ok
01:01:48.0808 2376  [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
01:01:49.0024 2376  UI0Detect - ok
01:01:49.0441 2376  [ 332D341D92B933600D41953B08360DFB ] UleadBurningHelper C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
01:01:49.0577 2376  UleadBurningHelper ( UnsignedFile.Multi.Generic ) - warning
01:01:49.0577 2376  UleadBurningHelper - detected UnsignedFile.Multi.Generic (1)
01:01:49.0660 2376  [ 75E6890EBFCE0841D3291B02E7A8BDB0 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
01:01:49.0784 2376  uliagpkx - ok
01:01:49.0885 2376  [ 3CD4EA35A6221B85DCC25DAA46313F8D ] uliahci         C:\Windows\system32\drivers\uliahci.sys
01:01:50.0012 2376  uliahci - ok
01:01:50.0083 2376  [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata          C:\Windows\system32\drivers\ulsata.sys
01:01:50.0214 2376  UlSata - ok
01:01:50.0268 2376  [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2         C:\Windows\system32\drivers\ulsata2.sys
01:01:50.0426 2376  ulsata2 - ok
01:01:50.0494 2376  [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
01:01:50.0649 2376  umbus - ok
01:01:50.0907 2376  [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost        C:\Windows\System32\upnphost.dll
01:01:51.0052 2376  upnphost - ok
01:01:51.0130 2376  [ 6E421CCC57059B0186C6259CA3B6DFC9 ] USBAAPL         C:\Windows\system32\Drivers\usbaapl.sys
01:01:51.0281 2376  USBAAPL - ok
01:01:51.0353 2376  [ 5AADC9297C39AA249CD994ACDBA19034 ] usbbus          C:\Windows\system32\DRIVERS\lgusbbus.sys
01:01:51.0478 2376  usbbus - ok
01:01:51.0535 2376  [ 8BD3AE150D97BA4E633C6C5C51B41AE1 ] usbccgp         C:\Windows\system32\drivers\usbccgp.sys
01:01:51.0864 2376  usbccgp - ok
01:01:51.0939 2376  [ E9476E6C486E76BC4898074768FB7131 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
01:01:52.0167 2376  usbcir - ok
01:01:52.0236 2376  [ 4650FFE04E5922399B0E932319E6B215 ] UsbDiag         C:\Windows\system32\DRIVERS\lgusbdiag.sys
01:01:52.0355 2376  UsbDiag - ok
01:01:52.0407 2376  [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
01:01:52.0561 2376  usbehci - ok
01:01:52.0653 2376  [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
01:01:52.0801 2376  usbhub - ok
01:01:52.0868 2376  [ 2666FE171E0C2E7085CCD5FE0BAC09E3 ] USBModem        C:\Windows\system32\DRIVERS\lgusbmodem.sys
01:01:52.0977 2376  USBModem - ok
01:01:53.0068 2376  [ 38DBC7DD6CC5A72011F187425384388B ] usbohci         C:\Windows\system32\drivers\usbohci.sys
01:01:53.0292 2376  usbohci - ok
01:01:53.0356 2376  [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
01:01:53.0594 2376  usbprint - ok
01:01:53.0700 2376  [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
01:01:53.0892 2376  USBSTOR - ok
01:01:53.0959 2376  [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
01:01:54.0288 2376  usbuhci - ok
01:01:54.0372 2376  [ 228F444F9AF0D3B9ECA9FC3F4FEB12F2 ] usb_rndisx      C:\Windows\system32\DRIVERS\usb8023x.sys
01:01:54.0476 2376  usb_rndisx - ok
01:01:54.0562 2376  [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms           C:\Windows\System32\uxsms.dll
01:01:54.0699 2376  UxSms - ok
01:01:54.0780 2376  [ 51750B0539986186C6931FC40D171521 ] VComm           C:\Windows\system32\DRIVERS\VComm.sys
01:01:54.0912 2376  VComm - ok
01:01:54.0969 2376  [ 6D9C891C0A761AFED1F3609C2E56F2B9 ] VcommMgr        C:\Windows\system32\Drivers\VcommMgr.sys
01:01:55.0057 2376  VcommMgr - ok
01:01:55.0148 2376  [ CD88D1B7776DC17A119049742EC07EB4 ] vds             C:\Windows\System32\vds.exe
01:01:55.0304 2376  vds - ok
01:01:55.0366 2376  [ 7D92BE0028ECDEDEC74617009084B5EF ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
01:01:55.0585 2376  vga - ok
01:01:55.0679 2376  [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave         C:\Windows\System32\drivers\vga.sys
01:01:55.0808 2376  VgaSave - ok
01:01:55.0892 2376  [ 045D9961E591CF0674A920B6BA3BA5CB ] viaagp          C:\Windows\system32\drivers\viaagp.sys
01:01:55.0985 2376  viaagp - ok
01:01:56.0054 2376  [ 56A4DE5F02F2E88182B0981119B4DD98 ] ViaC7           C:\Windows\system32\drivers\viac7.sys
01:01:56.0272 2376  ViaC7 - ok
01:01:56.0472 2376  [ FD2E3175FCADA350C7AB4521DCA187EC ] viaide          C:\Windows\system32\drivers\viaide.sys
01:01:56.0664 2376  viaide - ok
01:01:56.0793 2376  [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
01:01:56.0938 2376  volmgr - ok
01:01:57.0013 2376  [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
01:01:57.0123 2376  volmgrx - ok
01:01:57.0177 2376  [ 786DB5771F05EF300390399F626BF30A ] volsnap         C:\Windows\system32\drivers\volsnap.sys
01:01:57.0306 2376  volsnap - ok
01:01:57.0371 2376  [ D984439746D42B30FC65A4C3546C6829 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
01:01:57.0448 2376  vsmraid - ok
01:01:58.0008 2376  [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS             C:\Windows\system32\vssvc.exe
01:01:58.0536 2376  VSS - ok
01:01:58.0645 2376  [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time         C:\Windows\system32\w32time.dll
01:01:58.0737 2376  W32Time - ok
01:01:58.0832 2376  [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
01:01:59.0129 2376  WacomPen - ok
01:01:59.0197 2376  [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp          C:\Windows\system32\DRIVERS\wanarp.sys
01:01:59.0312 2376  Wanarp - ok
01:01:59.0368 2376  [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
01:01:59.0435 2376  Wanarpv6 - ok
01:01:59.0596 2376  [ A3CD60FD826381B49F03832590E069AF ] wcncsvc         C:\Windows\System32\wcncsvc.dll
01:01:59.0842 2376  wcncsvc - ok
01:01:59.0921 2376  [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
01:02:00.0056 2376  WcsPlugInService - ok
01:02:00.0101 2376  [ AFC5AD65B991C1E205CF25CFDBF7A6F4 ] Wd              C:\Windows\system32\drivers\wd.sys
01:02:00.0210 2376  Wd - ok
01:02:00.0301 2376  [ B6F0A7AD6D4BD325FBCD8BAC96CD8D96 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
01:02:00.0477 2376  Wdf01000 - ok
01:02:00.0534 2376  [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost  C:\Windows\system32\wdi.dll
01:02:00.0733 2376  WdiServiceHost - ok
01:02:00.0742 2376  [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost   C:\Windows\system32\wdi.dll
01:02:00.0837 2376  WdiSystemHost - ok
01:02:00.0916 2376  [ 04C37D8107320312FBAE09926103D5E2 ] WebClient       C:\Windows\System32\webclnt.dll
01:02:01.0033 2376  WebClient - ok
01:02:01.0224 2376  [ 905214925A88311FCE52F66153DE7610 ] Wecsvc          C:\Windows\system32\wecsvc.dll
01:02:01.0346 2376  Wecsvc - ok
01:02:01.0468 2376  [ 670FF720071ED741206D69BD995EA453 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
01:02:01.0658 2376  wercplsupport - ok
01:02:01.0732 2376  [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc          C:\Windows\System32\WerSvc.dll
01:02:01.0861 2376  WerSvc - ok
01:02:02.0109 2376  [ 4575AA12561C5648483403541D0D7F2B ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
01:02:02.0440 2376  WinDefend - ok
01:02:02.0479 2376  WinHttpAutoProxySvc - ok
01:02:02.0634 2376  [ D1DCE2E6A956EAD7F278D0C14573C4CA ] Winmgmt         C:\PROGRA~2\tjmfco.dat
01:02:02.0699 2376  Winmgmt ( UnsignedFile.Multi.Generic ) - warning
01:02:02.0699 2376  Winmgmt - detected UnsignedFile.Multi.Generic (1)
01:02:02.0759 2376  [ 01874D4689C212460FBABF0ECD7CB7F7 ] WinRM           C:\Windows\system32\WsmSvc.dll
01:02:03.0011 2376  WinRM - ok
01:02:03.0136 2376  [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc         C:\Windows\System32\wlansvc.dll
01:02:03.0335 2376  Wlansvc - ok
01:02:03.0385 2376  [ 701A9F884A294327E9141D73746EE279 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
01:02:03.0642 2376  WmiAcpi - ok
01:02:03.0895 2376  [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
01:02:04.0019 2376  wmiApSrv - ok
01:02:04.0418 2376  [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
01:02:04.0918 2376  WMPNetworkSvc - ok
01:02:05.0087 2376  [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc          C:\Windows\System32\wpcsvc.dll
01:02:05.0354 2376  WPCSvc - ok
01:02:05.0452 2376  [ 396D406292B0CD26E3504FFE82784702 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
01:02:05.0665 2376  WPDBusEnum - ok
01:02:05.0752 2376  [ 0CEC23084B51B8288099EB710224E955 ] WpdUsb          C:\Windows\system32\DRIVERS\wpdusb.sys
01:02:05.0897 2376  WpdUsb - ok
01:02:05.0989 2376  [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
01:02:06.0181 2376  ws2ifsl - ok
01:02:06.0234 2376  [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc          C:\Windows\System32\wscsvc.dll
01:02:06.0317 2376  wscsvc - ok
01:02:06.0328 2376  WSearch - ok
01:02:06.0505 2376  [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv        C:\Windows\system32\wuaueng.dll
01:02:06.0754 2376  wuauserv - ok
01:02:06.0821 2376  [ AC13CB789D93412106B0FB6C7EB2BCB6 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
01:02:06.0958 2376  WUDFRd - ok
01:02:07.0039 2376  [ 575A4190D989F64732119E4114045A4F ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
01:02:07.0216 2376  wudfsvc - ok
01:02:07.0267 2376  ================ Scan global ===============================
01:02:07.0303 2376  [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
01:02:07.0423 2376  [ A508314231C49AEE86987CEA3EAECAD1 ] C:\Windows\system32\winsrv.dll
01:02:07.0627 2376  [ A508314231C49AEE86987CEA3EAECAD1 ] C:\Windows\system32\winsrv.dll
01:02:07.0817 2376  [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
01:02:07.0897 2376  [Global] - ok
01:02:07.0898 2376  ================ Scan MBR ==================================
01:02:07.0912 2376  [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
01:02:09.0729 2376  \Device\Harddisk0\DR0 - ok
01:02:09.0740 2376  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR2
01:02:09.0948 2376  \Device\Harddisk1\DR2 - ok
01:02:09.0965 2376  ================ Scan VBR ==================================
01:02:10.0013 2376  [ 83E90C797EDE9BEB3FDA68197D2097A1 ] \Device\Harddisk0\DR0\Partition1
01:02:10.0017 2376  \Device\Harddisk0\DR0\Partition1 - ok
01:02:10.0047 2376  [ 7C2264F1DE741B358DB838871C397B41 ] \Device\Harddisk0\DR0\Partition2
01:02:10.0051 2376  \Device\Harddisk0\DR0\Partition2 - ok
01:02:10.0059 2376  [ 037125AEC0D4EA305F95B80AE61A4325 ] \Device\Harddisk1\DR2\Partition1
01:02:10.0064 2376  \Device\Harddisk1\DR2\Partition1 - ok
01:02:10.0065 2376  ============================================================
01:02:10.0065 2376  Scan finished
01:02:10.0065 2376  ============================================================
01:02:10.0094 1264  Detected object count: 8
01:02:10.0094 1264  Actual detected object count: 8
01:02:53.0552 1264  CFSvcs ( UnsignedFile.Multi.Generic ) - skipped by user
01:02:53.0552 1264  CFSvcs ( UnsignedFile.Multi.Generic ) - User select action: Skip 
01:02:53.0557 1264  IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
01:02:53.0557 1264  IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip 
01:02:53.0562 1264  NBService ( UnsignedFile.Multi.Generic ) - skipped by user
01:02:53.0563 1264  NBService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
01:02:53.0569 1264  NMIndexingService ( UnsignedFile.Multi.Generic ) - skipped by user
01:02:53.0569 1264  NMIndexingService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
01:02:53.0575 1264  TODDSrv ( UnsignedFile.Multi.Generic ) - skipped by user
01:02:53.0575 1264  TODDSrv ( UnsignedFile.Multi.Generic ) - User select action: Skip 
01:02:53.0582 1264  TOSHIBA Bluetooth Service ( UnsignedFile.Multi.Generic ) - skipped by user
01:02:53.0583 1264  TOSHIBA Bluetooth Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
01:02:53.0589 1264  UleadBurningHelper ( UnsignedFile.Multi.Generic ) - skipped by user
01:02:53.0589 1264  UleadBurningHelper ( UnsignedFile.Multi.Generic ) - User select action: Skip 
01:02:53.0594 1264  Winmgmt ( UnsignedFile.Multi.Generic ) - skipped by user
01:02:53.0594 1264  Winmgmt ( UnsignedFile.Multi.Generic ) - User select action: Skip
         


Alt 25.05.2013, 15:35   #6
markusg
/// Malware-holic
 
GVU Trojaner 2013 unter Vista - Standard

GVU Trojaner 2013 unter Vista



Hi,
Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
--> GVU Trojaner 2013 unter Vista

Alt 27.05.2013, 21:52   #7
hornet
 
GVU Trojaner 2013 unter Vista - Standard

GVU Trojaner 2013 unter Vista



Hi,
der Scan mit ComboFix hat nicht funktioniert. Habe AntiVir deaktiviert, den Defender und alles, was ich sonst noch so gefunden habe ausgemacht.
Die Festplatte wurde auch durchsucht und er hat einige Sachen gefunden, die er gelöscht hat. Aber dann hat er sich aufgehängt. Auf C: ist kein Logfile zu sehen.

Alt 28.05.2013, 10:09   #8
markusg
/// Malware-holic
 
GVU Trojaner 2013 unter Vista - Standard

GVU Trojaner 2013 unter Vista



neustarten, f8 drücken abgesicherter Modus wählen, in deinem Konto anmelden und noch mal versuchen. dann wieder in den normalen Modus und Log posten bitteb
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 29.05.2013, 19:26   #9
hornet
 
GVU Trojaner 2013 unter Vista - Standard

GVU Trojaner 2013 unter Vista



Hi,
jetzt hat's geklappt, danke!

Combofix.txt
Code:
ATTFilter
ComboFix 13-05-27.02 - iiuuzgugz0guzkkk 29.05.2013  19:56:46.3.2 - x86 NETWORK
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.1021.641 [GMT 2:00]
ausgeführt von:: c:\users\iiuuzgugz0guzkkk\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Outdated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Outdated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-04-28 bis 2013-05-29  ))))))))))))))))))))))))))))))
.
.
2013-05-29 18:05 . 2013-05-29 18:06	--------	d-----w-	c:\users\iiuuzgugz0guzkkk\AppData\Local\temp
2013-05-29 18:05 . 2013-05-29 18:05	--------	d-----w-	c:\users\Gast\AppData\Local\temp
2013-05-29 18:05 . 2013-05-29 18:05	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-05-23 19:10 . 2013-05-23 19:10	2639	----a-w-	c:\programdata\ocfmjt.js
2013-05-23 18:08 . 2013-05-13 06:19	7016152	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{C781DC56-8F83-4B05-83FB-944F4D95E63D}\mpengine.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-16 12:28 . 2012-04-19 13:19	692104	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2013-05-16 12:28 . 2011-06-10 18:35	71048	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2013-05-02 00:06 . 2009-10-02 18:05	238872	------w-	c:\windows\system32\MpSigStub.exe
2013-03-20 13:08 . 2013-03-20 13:09	94112	----a-w-	c:\windows\system32\WindowsAccessBridge.dll
2013-03-20 13:08 . 2012-07-25 17:48	861088	----a-w-	c:\windows\system32\npDeployJava1.dll
2013-03-20 13:08 . 2010-05-26 19:18	782240	----a-w-	c:\windows\system32\deployJava1.dll
2013-03-20 11:09 . 2013-03-20 11:18	37352	----a-w-	c:\windows\system32\drivers\avkmgr.sys
2013-03-20 11:09 . 2013-03-20 11:18	135136	----a-w-	c:\windows\system32\drivers\avipbb.sys
2013-03-20 11:09 . 2013-03-20 11:18	84744	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2013-03-11 13:25 . 2013-04-10 17:35	3603816	----a-w-	c:\windows\system32\ntkrnlpa.exe
2013-03-11 13:25 . 2013-04-10 17:35	3551080	----a-w-	c:\windows\system32\ntoskrnl.exe
2013-03-09 03:45 . 2013-04-10 17:35	49152	----a-w-	c:\windows\system32\csrsrv.dll
2013-03-09 01:28 . 2013-04-10 17:35	64000	----a-w-	c:\windows\system32\smss.exe
2013-03-08 03:53 . 2013-04-10 17:35	376320	----a-w-	c:\windows\system32\winsrv.dll
2013-03-08 03:52 . 2013-04-10 17:35	2067968	----a-w-	c:\windows\system32\mstscax.dll
2013-03-05 01:40 . 2013-04-10 17:27	2049024	----a-w-	c:\windows\system32\win32k.sys
2013-03-03 19:07 . 2013-04-10 17:35	1082232	----a-w-	c:\windows\system32\drivers\ntfs.sys
2013-04-13 14:06 . 2013-04-13 14:02	263064	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2013-03-10 1521800]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}]
2013-04-22 19:02	280736	----a-w-	c:\program files\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	129272	----a-w-	c:\users\iiuuzgugz0guzkkk\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	129272	----a-w-	c:\users\iiuuzgugz0guzkkk\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	129272	----a-w-	c:\users\iiuuzgugz0guzkkk\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-01-15 147456]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-23 68856]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2012-01-23 247728]
"ICQ"="c:\users\iiuuzgugz0guzkkk\AppData\Roaming\ICQM\icq.exe" [2013-01-22 26599784]
"MyTomTomSA.exe"="c:\program files\MyTomTom 3\MyTomTomSA.exe" [2011-11-14 435672]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-07-13 17418928]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-14 221184]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2006-12-14 411768]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2006-12-07 55416]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2006-12-14 493688]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2006-12-11 530552]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-27 815104]
"RtHDVCpl"="RtHDVCpl.exe" [2006-11-07 3772416]
"NDSTray.exe"="NDSTray.exe" [BU]
"topi"="c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2006-12-15 577536]
"Toshiba Registration"="c:\program files\Toshiba\Registration\ToshibaRegistration.exe" [2006-12-13 554640]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2006-12-07 90191]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-12-07 7766016]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-12-07 81920]
"FreePDF Assistant"="c:\program files\FreePDF_XP\fpassist.exe" [2008-07-22 357376]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-12-19 41208]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-14 81920]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-02-20 152392]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2013-03-10 1644680]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2013-05-07 345312]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
c:\users\iiuuzgugz0guzkkk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\iiuuzgugz0guzkkk\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-3-12 29106336]
msconfig.lnk - c:\windows\System32\rundll32.exe [2006-11-2 44544]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~2\BROWSE~1\261249~1.132\{C16C1~1\BROWSE~1.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R2 AAV UpdateService;AAV UpdateService;c:\program files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-05-27 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-19 12:28]
.
2013-04-02 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-07-23 14:54]
.
2013-05-27 c:\windows\Tasks\User_Feed_Synchronization-{D9B30BB4-63C0-47D4-A444-A174F9308500}.job
- c:\windows\system32\msfeedssync.exe [2008-06-20 07:33]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://search.avira.com/?l=dis&o=APN10261&gct=hp&dc=EU&locale=de_DE
uInternet Settings,ProxyOverride = *.local
IE: Free YouTube to MP3 Converter - c:\program files\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{7644E42D-B096-457F-8B5B-901238FC81AE} - c:\program files\ICQ7.6\ICQ.exe
IE: {{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - c:\program files\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 192.168.178.1
DPF: {3DF6983D-D415-4AE5-8106-43987731DAA5} - hxxps://shop.aldi-fotoservice-druck.de/shop/activex/aldi_nord_express_upload.cab
FF - ProfilePath - c:\users\iiuuzgugz0guzkkk\AppData\Roaming\Mozilla\Firefox\Profiles\r0dg6nbj.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.2.9&q=
FF - prefs.js: browser.search.selectedEngine - Delta Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: network.proxy.type - 4
FF - ExtSQL: 2013-04-24 20:29; ffxtlbr@delta.com; c:\users\iiuuzgugz0guzkkk\AppData\Roaming\Mozilla\Firefox\Profiles\r0dg6nbj.default\extensions\ffxtlbr@delta.com
FF - ExtSQL: !HIDDEN! 2007-07-23 19:23; {3112ca9c-de6d-4884-a869-9855de68056c}; c:\programdata\Mozilla\Firefox Extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - ExtSQL: !HIDDEN! 2008-12-07 21:34; {800b5000-a755-47e1-992b-48a1c1357f07}; c:\program files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
FF - ExtSQL: !HIDDEN! 2009-07-15 22:48; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - ExtSQL: !HIDDEN! 2012-12-16 22:22; {ACAA314B-EEBA-48e4-AD47-84E31C44796C}; c:\program files\Common Files\DVDVideoSoft\plugins\ff
FF - user.js: extensions.delta.tlbrSrchUrl - 
FF - user.js: extensions.delta.id - 94df5336000000000000001167b66309
FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
FF - user.js: extensions.delta.instlDay - 15819
FF - user.js: extensions.delta.vrsn - 1.8.16.16
FF - user.js: extensions.delta.vrsni - 1.8.16.16
FF - user.js: extensions.delta.vrsnTs - 1.8.16.1620:29
FF - user.js: extensions.delta.prtnrId - delta
FF - user.js: extensions.delta.prdct - delta
FF - user.js: extensions.delta.aflt - babsst
FF - user.js: extensions.delta.smplGrp - none
FF - user.js: extensions.delta.tlbrId - base
FF - user.js: extensions.delta.instlRef - sst
FF - user.js: extensions.delta.dfltLng - en
FF - user.js: extensions.delta.excTlbr - false
FF - user.js: extensions.delta.ffxUnstlRst - true
FF - user.js: extensions.delta.admin - false
FF - user.js: extensions.delta.autoRvrt - false
FF - user.js: extensions.delta.rvrt - false
FF - user.js: extensions.delta.newTab - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKCU-Run-TOSCDSPD - TOSCDSPD.EXE
HKCU-Run-MobileDocuments - c:\program files\Common Files\Apple\Internet Services\ubd.exe
HKLM-Run-WinampAgent - c:\program files\Winamp\winampa.exe
AddRemove-Adobe Acrobat 4.0 - c:\windows\ISUN0407.EXE
AddRemove-Firebird SQL Server D - c:\program files\ALDI Foto Service Nord\Common\Database\unwise.exe
AddRemove-Uninstall_is1 - c:\program files\Common Files\DVDVideoSoft\unins000.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2013-05-29 20:06
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(684)
c:\users\iiuuzgugz0guzkkk\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
Zeit der Fertigstellung: 2013-05-29  20:10:10
ComboFix-quarantined-files.txt  2013-05-29 18:09
.
Vor Suchlauf: 9 Verzeichnis(se), 18.107.789.312 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 17.977.892.864 Bytes frei
.
- - End Of File - - 486AFE2444BF7F10257D50865B7971B2
         

Alt 29.05.2013, 19:41   #10
markusg
/// Malware-holic
 
GVU Trojaner 2013 unter Vista - Standard

GVU Trojaner 2013 unter Vista



Hi,
malwarebytes:
Downloade Dir bitte Malwarebytes
  • Installiere
    das Programm in den vorgegebenen Pfad.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Starte Malwarebytes, klicke auf Aktualisierung --> Suche
    nach Aktualisierung
  • Wenn das Update beendet wurde, aktiviere vollständiger Scan durchführen und drücke auf Scannen.
  • Wenn der Scan beendet
    ist, klicke auf Ergebnisse anzeigen.
  • Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
  • Poste
    das Logfile, welches sich in Notepad öffnet, hier in den Thread.
  • Nachträglich kannst du den Bericht unter "Log Dateien" finden.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 31.05.2013, 05:13   #11
hornet
 
GVU Trojaner 2013 unter Vista - Standard

GVU Trojaner 2013 unter Vista



Hi,
beim ersten Suchlauf im normalen Modus ist der Suchlauf durchgelaufen, aber kurz vorm entfernen der 2 Funde ist er abgeschmiert.
Also nochmal im abgesicherten Modus, da hat alles funktioniert.

Logfile:
Code:
ATTFilter
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.05.30.06

Windows Vista Service Pack 2 x86 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 7.0.6002.18005
iiuuzgugz0guzkkk :: VERENAUNDJUERGY [Administrator]

30.05.2013 23:55:18
mbam-log-2013-05-30 (23-55-18).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|E:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 433049
Laufzeit: 1 Stunde(n), 9 Minute(n), 26 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 2
C:\Qoobox\Quarantine\C\ProgramData\tjmfco.dat.vir (Trojan.Agent.ED) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Qoobox\Quarantine\C\Users\iiuuzgugz0guzkkk\3251098.dll.vir (Trojan.Agent.ED) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         

Alt 31.05.2013, 10:55   #12
markusg
/// Malware-holic
 
GVU Trojaner 2013 unter Vista - Standard

GVU Trojaner 2013 unter Vista



Hi,
lade den CCleaner standard:
CCleaner - Download - Filepony
falls der CCleaner
bereits instaliert, überspringen.
öffnen, Tools (extras),uninstall Llist, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 13.06.2013, 20:09   #13
hornet
 
GVU Trojaner 2013 unter Vista - Standard

GVU Trojaner 2013 unter Vista



Hi,
sorry, war eineinhalb Wochen krank und das Notebook war am Arbeitsort.

Hier die uninstall Liste vom CCleaner:

Code:
ATTFilter
AAVUpdateManager	Akademische Arbeitsgemeinschaft	22.11.2010	14,4MB	12.00.0000						notwendig
Adobe Flash Player 11 Plugin	Adobe Systems Incorporated	16.05.2013		11.7.700.202					notwendig
Adobe Reader 9.5.5 - Deutsch	Adobe Systems Incorporated	13.06.2013	118MB	9.5.5						notwendig
Adobe Shockwave Player 11.5	Adobe Systems, Inc.	29.01.2011	7,21MB	11.5.9.615						nicht notwendig
Apple Application Support	Apple Inc.	28.02.2013	62,7MB	2.3.3								notwendig
Apple Mobile Device Support	Apple Inc.	28.02.2013	24,6MB	6.1.0.13							notwendig
Apple Software Update	Apple Inc.	21.07.2011	2,38MB	2.1.3.127								notwendig
Avira Free Antivirus	Avira	07.05.2013	109MB	13.0.0.3640									notwendig
Avira SearchFree Toolbar plus Web Protection	Ask.com	19.03.2013	3,64MB	1.15.20.0						nicht notwendig
Avira SearchFree Toolbar plus Web Protection Updater	Ask.com	19.03.2013	1,60MB	1.2.4.37949					nicht notwendig
Bluesoleil2.6.0.8 Release 070517	IVT Corporation	30.06.2008	11,3MB	2.6.0.8 Release 070517					nicht notwendig
Bluetooth Stack for Windows by Toshiba		15.12.2006	54,5MB	v5.00.10(T)							notwendig
Bonjour	Apple Inc.	13.10.2011	1,06MB	3.0.0.10										notwendig
BrowserProtect	Bit89 Inc	24.04.2013	7,86MB											nicht notwendig
CCleaner	Piriform	24.05.2013	2,35MB	4.02										notwendig
CD/DVD Drive Acoustic Silencer	TOSHIBA	31.01.2007	460KB	2.00.02									notwendig
Delta toolbar	Delta	24.04.2013		1.8.16.16										nicht notwendig
Dropbox	Dropbox, Inc.	04.04.2013	23,9MB	1.6.18											notwendig
DVD MovieFactory for TOSHIBA	Ulead Systems, Inc.	31.01.2007	253MB	5.3							notwendig
ElsterFormular	Landesfinanzdirektion Thüringen	17.03.2013	368MB	14.1.11318							notwendig
Free YouTube to MP3 Converter version 3.12.2.422	DVDVideoSoft Ltd.	24.04.2013	3,40MB	3.12.2.422			notwendig
FreePDF XP (Remove only)		04.05.2009	3,00MB										nicht notwendig
Google Earth	Google	05.01.2010	69,5MB	5.1.7894.7252										nicht notwendig
Google Updater	Google Inc.	18.09.2011	2,48MB	2.4.2432.1652									nicht notwendig
iCloud	Apple Inc.	22.12.2012	48,3MB	2.1.1.3											notwendig
ICQ 8.0 (build 5988, für aktuellen Benutzer)	Mail.Ru	21.01.2013	83,9MB	8.0.5988.0						nicht notwendig
ICQ7.6	ICQ	17.10.2011	54,4MB	7.6												nicht notwendig
iTunes	Apple Inc.	28.02.2013	186MB	11.0.2.26										notwendig
Java 7 Update 17	Oracle	19.03.2013	129MB	7.0.170										notwendig
Java(TM) 6 Update 7	Sun Microsystems, Inc.	17.08.2008	136MB	1.6.0.70							nicht notwendig
Java(TM) SE Runtime Environment 6	Sun Microsystems, Inc.	15.12.2006	114MB	1.6.0.0						nicht notwendig
JavaFX 2.1.1	Oracle Corporation	25.07.2012	20,8MB	2.1.1									nicht notwendig
Malwarebytes Anti-Malware Version 1.75.0.1300	Malwarebytes Corporation	29.05.2013	13,3MB	1.75.0.1300			notwendig
Microsoft .NET Framework 1.1		13.01.2013											nicht notwendig?
Microsoft .NET Framework 3.5 SP1	Microsoft Corporation	29.06.2009	27,8MB							notwendig
Microsoft Office Professional Edition 2003	Microsoft Corporation	11.02.2007	336MB	11.0.5614.0				notwendig
Microsoft Visual C++ 2005 Redistributable	Microsoft Corporation	08.10.2010	342KB	8.0.59193				nicht notwendig?
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17	Microsoft Corporation	17.03.2009	590KB	9.0.30729		nicht notwendig?
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148	Microsoft Corporation	19.10.2010	590KB	9.0.30729.4148		nicht notwendig?
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161	Microsoft Corporation	09.08.2011	594KB	9.0.30729.6161		nicht notwendig?
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219	Microsoft Corporation	17.10.2011	11,1MB	10.0.40219		notwendig
MotoGP2	THQ	17.02.2007	577MB													nicht notwendig
Mozilla Firefox 20.0.1 (x86 de)	Mozilla	15.04.2013	51,0MB	20.0.1									notwendig
Mozilla Maintenance Service	Mozilla	15.04.2013	204KB	20.0.1									nicht notwendig
MSXML 4.0 SP2 (KB927978)	Microsoft Corporation	12.02.2007	1,23MB	4.20.9841.0						nicht notwendig?
MSXML 4.0 SP2 (KB954430)	Microsoft Corporation	14.11.2008	1,27MB	4.20.9870.0						nicht notwendig?
MSXML 4.0 SP2 (KB973688)	Microsoft Corporation	25.11.2009	1,33MB	4.20.9876.0						nicht notwendig?
MyTomTom 3.1.0.530	TomTom	04.03.2012	17,4MB	3.1.0.530									nicht notwendig
Nero 7 Premium	Nero AG	11.02.2007	1,50GB	7.02.4716										notwendig
NVIDIA Drivers		31.01.2007													notwendig
Pro Evolution Soccer 6	KONAMI	17.02.2007	1,42GB	1.00.0000									nicht notwendig
QuickTime	Apple Inc.	22.12.2012	73,1MB	7.73.80.64									notwendig
Realtek High Definition Audio Driver	Realtek Semiconductor Corp.	15.12.2006	9,95MB	6.0.1.5326				notwendig
RedMon - Redirection Port Monitor		04.05.2009										unbekannt
Rossmann Fotowelt Software 4.12.1	ORWO Net	02.09.2012	322MB	4.12.1							nicht notwendig
Safari	Apple Inc.	22.12.2012	104MB	5.34.57.2										nicht notwendig
Skype Click to Call	Skype Technologies S.A.	06.11.2011	12,6MB	5.6.8442							nicht notwendig
Skype™ 5.10	Skype Technologies S.A.	18.07.2012	19,4MB	5.10.116								nicht notwendig
Spelling Dictionaries Support For Adobe Reader 8	Adobe Systems	29.01.2009	32,5MB	8.0.0					nicht notwendig
Steuer-Spar-Erklärung 2010	Akademische Arbeitsgemeinschaft Verlag	22.11.2010	280MB	15.13					notwendig
Synaptics Pointing Device Driver	Synaptics	15.12.2006	12,9MB	9.1.0.0							notwendig
Texas Hold'em Poker 3D - Deluxe Edition 1.0	Play + Smile Marketing GmbH	17.12.2007	137MB					nicht notwendig
Texas Instruments PCIxx21/x515/xx12 drivers.	Ihr Firmenname	15.12.2006	832KB	1.23.0000					nicht notwendig
ThumbsPlus 7x (deutsch)	Atlantic Software Exchange, Inc.	18.02.2007	29,5MB							nicht notwendig
TomTom HOME 2.8.3.2499	TomTom	04.03.2012	43,4MB	2.8.3.2499									nicht notwendig
TomTom HOME Visual Studio Merge Modules	TomTom International B.V.	23.03.2009	1,88MB	1.0.2					nicht notwendig
TOSHIBA Assist		31.01.2007	744KB	2.00.01											notwendig
TOSHIBA Benutzerhandbücher	TOSHIBA	15.12.2006	5,05MB	7.10									notwendig
TOSHIBA ConfigFree	TOSHIBA	15.12.2006	39,3MB	7.00.22										notwendig
TOSHIBA Disc Creator	TOSHIBA Corporation	15.12.2006	9,57MB	2.0.0.0								notwendig
TOSHIBA Extended Tiles for Windows Mobility Center	Toshiba	15.12.2006	1,27MB	1.00.00						notwendig
TOSHIBA Hardware Setup		31.01.2007	1,64MB	2.00.04STV									notwendig
Toshiba Online Product Information	TOSHIBA	15.12.2006	4,49MB	1.00.0002							notwendig
TOSHIBA SD Memory Utilities	TOSHIBA	15.12.2006	1,40MB	1.6									notwendig
TOSHIBA Software Modem	Agere Systems	15.12.2006											notwendig
TOSHIBA Supervisor Password		31.01.2007	1,64MB	2.00.04STV								notwendig
TOSHIBA Value Added Package	TOSHIBA Corporation	15.12.2006		1.0.7							notwendig
USB Vibration Joystick		13.02.2007	148KB	2002.10.8									nicht notwendig
Visual Studio C++ 10.0 Runtime	TomTom International B.V.	04.03.2012	8,00KB	10.0.0						nicht notwendig
Windows Media Encoder 9-Reihe		15.12.2006	13,6MB										nicht notwendig
Windows Media Player Firefox Plugin	Microsoft Corp	22.04.2008	296KB	1.0.0.8							nicht notwendig
WinDVD for TOSHIBA	InterVideo Inc.	15.12.2006	74,1MB	8.0-B6.108								notwendig
WinRAR Archivierer		11.02.2007	3,39MB											nicht notwendig
         
Gruß hornet

Alt 13.06.2013, 20:25   #14
markusg
/// Malware-holic
 
GVU Trojaner 2013 unter Vista - Standard

GVU Trojaner 2013 unter Vista



deinstaliere:
Adobe Flash Player alle
Adobe - Adobe Flash Player installieren
neueste version laden, instalieren.
adobe reader:
Adobe - Adobe Reader herunterladen - Alle Versionen
haken bei mcafee security scan raus nehmen
bitte auch mal den adobe reader wie folgt konfigurieren:
adobe reader öffnen, bearbeiten, voreinstellungen.
allgemein:
nur zertifizierte zusatz module verwenden, anhaken.
Sicherheit (erweitert)
Erweiterte Sicherheit anhaken
und alle Dateien auswählen.
internet:
hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc.
es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht.
bei javascript den haken bei java script verwenden raus nehmen
bei updater, automatisch instalieren wählen.
übernehmen /ok

deinstaliere:
Avira SearchFree : beide bitte weg.
Delta : weg damit ist adware
Java : alle
downloade Java jre:
Java-Downloads für alle Betriebssysteme
klicke:
Download der Java-Software für Windows Offline
laden, und instalieren
deinstaliere:
Spelling

Öffne CCleaner, analysieren, starten, pcneustarten
Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 13.06.2013, 22:56   #15
hornet
 
GVU Trojaner 2013 unter Vista - Standard

GVU Trojaner 2013 unter Vista



Hi,
hab alles so gemacht, wie beschrieben. Hier die Log-Datei:
Code:
ATTFilter
# AdwCleaner v2.303 - Datei am 13/06/2013 um 23:33:35 erstellt
# Aktualisiert am 08/06/2013 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Benutzer : iiuuzgugz0guzkkk - VERENAUNDJUERGY
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\iiuuzgugz0guzkkk\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
Datei Gelöscht : C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\Mozilla\Firefox\Profiles\r0dg6nbj.default\bProtector_extensions.rdf
Datei Gelöscht : C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\Mozilla\Firefox\Profiles\r0dg6nbj.default\searchplugins\11-suche.xml
Datei Gelöscht : C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\Mozilla\Firefox\Profiles\r0dg6nbj.default\searchplugins\Askcom.xml
Datei Gelöscht : C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\Mozilla\Firefox\Profiles\r0dg6nbj.default\searchplugins\Babylon.xml
Datei Gelöscht : C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\Mozilla\Firefox\Profiles\r0dg6nbj.default\searchplugins\BrowserProtect.xml
Datei Gelöscht : C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\Mozilla\Firefox\Profiles\r0dg6nbj.default\searchplugins\delta.xml
Datei Gelöscht : C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\Mozilla\Firefox\Profiles\r0dg6nbj.default\searchplugins\icqplugin.xml
Datei Gelöscht : C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\Mozilla\Firefox\Profiles\r0dg6nbj.default\searchplugins\icqplugin-1.xml
Datei Gelöscht : C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\Mozilla\Firefox\Profiles\r0dg6nbj.default\searchplugins\icqplugin-10.xml
Datei Gelöscht : C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\Mozilla\Firefox\Profiles\r0dg6nbj.default\searchplugins\icqplugin-2.xml
Datei Gelöscht : C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\Mozilla\Firefox\Profiles\r0dg6nbj.default\searchplugins\icqplugin-3.xml
Datei Gelöscht : C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\Mozilla\Firefox\Profiles\r0dg6nbj.default\searchplugins\icqplugin-4.xml
Datei Gelöscht : C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\Mozilla\Firefox\Profiles\r0dg6nbj.default\searchplugins\icqplugin-5.xml
Datei Gelöscht : C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\Mozilla\Firefox\Profiles\r0dg6nbj.default\searchplugins\icqplugin-6.xml
Datei Gelöscht : C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\Mozilla\Firefox\Profiles\r0dg6nbj.default\searchplugins\icqplugin-7.xml
Datei Gelöscht : C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\Mozilla\Firefox\Profiles\r0dg6nbj.default\searchplugins\icqplugin-8.xml
Datei Gelöscht : C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\Mozilla\Firefox\Profiles\r0dg6nbj.default\searchplugins\icqplugin-9.xml
Ordner Gelöscht : C:\Program Files\ICQ6Toolbar
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\ICQ\ICQToolbar
Ordner Gelöscht : C:\ProgramData\Trymedia
Ordner Gelöscht : C:\Users\iiuuzgugz0guzkkk\AppData\Local\PackageAware
Ordner Gelöscht : C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\dvdvideosoftiehelpers
Ordner Gelöscht : C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\Mozilla\Firefox\Profiles\r0dg6nbj.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
Ordner Gelöscht : C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\OpenCandy

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\ICQToolbar
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BE9654C9-9D79-42EC-B55A-3CAEB12DBF58}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{055FD26D-3A88-4E15-963D-DC8493744B1D}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{201F27D4-3704-41D6-89C1-AA35E39143ED}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3041D03E-FD4B-44E0-B742-2D9B88305F98}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar
Schlüssel Gelöscht : HKLM\Software\Babylon
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{855F3B16-6D32-4FE6-8A56-BBB695989046}]
Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{acaa314b-eeba-48e4-ad47-84e31c44796c}]

***** [Internet Browser] *****

-\\ Internet Explorer v7.0.6002.18005

Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.avira.com/?l=dis&o=APN10261&gct=hp&dc=EU&locale=de_DE --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Prev Search Bar] = hxxp://google.icq.com/search/search_frame.php --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - ICQ Search] = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd --> hxxp://www.google.com

-\\ Mozilla Firefox v20.0.1 (de)

Datei : C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\Mozilla\Firefox\Profiles\r0dg6nbj.default\prefs.js

C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\Mozilla\Firefox\Profiles\r0dg6nbj.default\user.js ... Gelöscht !

Gelöscht : user_pref("browser.search.defaultengine", "Ask.com");
Gelöscht : user_pref("browser.search.defaulturl", "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_v[...]
Gelöscht : user_pref("extensions.delta.admin", false);
Gelöscht : user_pref("extensions.delta.aflt", "babsst");
Gelöscht : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
Gelöscht : user_pref("extensions.delta.autoRvrt", "false");
Gelöscht : user_pref("extensions.delta.dfltLng", "en");
Gelöscht : user_pref("extensions.delta.excTlbr", false);
Gelöscht : user_pref("extensions.delta.ffxUnstlRst", true);
Gelöscht : user_pref("extensions.delta.id", "94df5336000000000000001167b66309");
Gelöscht : user_pref("extensions.delta.instlDay", "15819");
Gelöscht : user_pref("extensions.delta.instlRef", "sst");
Gelöscht : user_pref("extensions.delta.newTab", false);
Gelöscht : user_pref("extensions.delta.prdct", "delta");
Gelöscht : user_pref("extensions.delta.prtnrId", "delta");
Gelöscht : user_pref("extensions.delta.rvrt", "false");
Gelöscht : user_pref("extensions.delta.smplGrp", "none");
Gelöscht : user_pref("extensions.delta.tlbrId", "base");
Gelöscht : user_pref("extensions.delta.tlbrSrchUrl", "");
Gelöscht : user_pref("extensions.delta.vrsn", "1.8.16.16");
Gelöscht : user_pref("extensions.delta.vrsnTs", "1.8.16.1620:29:42");
Gelöscht : user_pref("extensions.delta.vrsni", "1.8.16.16");
Gelöscht : user_pref("extensions.snipit.askTbInstalled", true);
Gelöscht : user_pref("icqtoolbar.allowSendURL", false);
Gelöscht : user_pref("icqtoolbar.engineVerified", true);
Gelöscht : user_pref("icqtoolbar.firstTbRun", false);
Gelöscht : user_pref("icqtoolbar.geolastmodified", 1366483723);
Gelöscht : user_pref("icqtoolbar.history", "mit%20freundlichen%20gr%C3%BC%C3%9Fen%20cover||porzellanhochzeit||g[...]
Gelöscht : user_pref("icqtoolbar.hpChange", true);
Gelöscht : user_pref("icqtoolbar.icqgeo", 49);
Gelöscht : user_pref("icqtoolbar.installTime", "1343239609");
Gelöscht : user_pref("icqtoolbar.installsource", "1");
Gelöscht : user_pref("icqtoolbar.newtab_most_visited_state", "1");
Gelöscht : user_pref("icqtoolbar.newtab_recently_closed_state", "1");
Gelöscht : user_pref("icqtoolbar.newtab_state", "1");
Gelöscht : user_pref("icqtoolbar.numberOfSearches", 0);
Gelöscht : user_pref("icqtoolbar.previousFFVersion", "20.0.1");
Gelöscht : user_pref("icqtoolbar.skip_default_search", "no");
Gelöscht : user_pref("icqtoolbar.suggestions", false);
Gelöscht : user_pref("icqtoolbar.uniqueID", "117147954511714795451207254095410");
Gelöscht : user_pref("icqtoolbar.usageStatstTimestamp", 1366913460);
Gelöscht : user_pref("icqtoolbar.userHpApproved", true);
Gelöscht : user_pref("icqtoolbar.version", "1.5.3");
Gelöscht : user_pref("icqtoolbar.voucherHideClicks", 0);
Gelöscht : user_pref("icqtoolbar.voucherMoreLinkClicks", 0);
Gelöscht : user_pref("icqtoolbar.voucherRedeemClicks", 0);
Gelöscht : user_pref("icqtoolbar.voucherWasShown", 0);
Gelöscht : user_pref("icqtoolbar.xmlEnableHomePageDsGuard", false);
Gelöscht : user_pref("icqtoolbar.xmlEnableSuggestions", false);
Gelöscht : user_pref("icqtoolbar.xmlLanguage", "de");

*************************

AdwCleaner[S1].txt - [10018 octets] - [13/06/2013 23:33:35]

########## EOF - C:\AdwCleaner[S1].txt - [10079 octets] ##########
         
Neuerdings bekomme ich nach dem Systemstart eine Meldung (siehe Screen). Er sucht wohl nach der Datei, mit der der Trojaner geladen wurde!?

Gruß hornet
Miniaturansicht angehängter Grafiken
GVU Trojaner 2013 unter Vista-screen.jpg  

Antwort

Themen zu GVU Trojaner 2013 unter Vista
antivir, avira, avira searchfree toolbar, bho, bluescreen, bonjour, converter, dvdvideosoft ltd., error, excel, failed, firefox, flash player, home, iexplore.exe, install.exe, kis, logfile, mp3, object, realtek, registry, scan, security, svchost.exe, symantec, trojaner, vista, visual studio



Ähnliche Themen: GVU Trojaner 2013 unter Vista


  1. Unter Firefox friert Vista ein - oder doch ein Vista Explorer Problem?
    Alles rund um Windows - 10.11.2015 (24)
  2. Windows 7: Kaspersky Internet Security 2013 findet Trojaner HEUR:Exploit.Java.CVE-2013-1493.gen
    Log-Analyse und Auswertung - 20.11.2013 (57)
  3. GVU Trojaner 2013 unter Windows8
    Plagegeister aller Art und deren Bekämpfung - 13.07.2013 (2)
  4. 2x GVU Trojaner 2013 unter Windows8
    Mülltonne - 17.05.2013 (0)
  5. GVU Trojaner unter Vista 64Bit
    Log-Analyse und Auswertung - 05.03.2013 (11)
  6. GVU-Trojaner unter Windows VISTA 32 Bit Home Premium
    Plagegeister aller Art und deren Bekämpfung - 22.02.2013 (19)
  7. GVU-Trojaner unter Windows VISTA
    Log-Analyse und Auswertung - 04.02.2013 (30)
  8. GVU-Trojaner blockiert alles! (unter Windows Vista)
    Plagegeister aller Art und deren Bekämpfung - 13.01.2013 (5)
  9. Vista Anti-Virus 2013 entfernen
    Anleitungen, FAQs & Links - 11.01.2013 (2)
  10. Vista Total Security 2013 entfernen
    Anleitungen, FAQs & Links - 11.01.2013 (2)
  11. Vista Security 2013 entfernen
    Anleitungen, FAQs & Links - 11.01.2013 (2)
  12. Vista Antispyware Pro 2013 entfernen
    Anleitungen, FAQs & Links - 06.11.2012 (2)
  13. Vista Antivirus Pro 2013 entfernen
    Anleitungen, FAQs & Links - 05.11.2012 (2)
  14. Vista Defender 2013 entfernen
    Anleitungen, FAQs & Links - 02.10.2012 (2)
  15. GVU-Trojaner unter Windows Vista Home Premium
    Plagegeister aller Art und deren Bekämpfung - 07.09.2012 (18)
  16. GVU Trojaner (mit Webcam?) unter Windows Vista
    Plagegeister aller Art und deren Bekämpfung - 21.07.2012 (2)
  17. BKA Trojaner unter Vista
    Plagegeister aller Art und deren Bekämpfung - 17.08.2011 (1)

Zum Thema GVU Trojaner 2013 unter Vista - Hallo, habe gerade den Rechner meiner Schwester zu Hause. Sie hat den GVU Trojaner drauf. Ich werde den Rechner auf jeden Fall platt machen, nur ist es zur Datensicherung sicherlich - GVU Trojaner 2013 unter Vista...
Archiv
Du betrachtest: GVU Trojaner 2013 unter Vista auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.