Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Polizei Trojaner GVU

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 02.07.2013, 10:47   #1
Roger2013
 
Polizei Trojaner GVU - Standard

Polizei Trojaner GVU



Hallo Trojaner-Board,

leider hat´s uns auch erwischt.

Ein Polizei Bundestrojaner GVU, der Desktop vom Kollegen wurde gesperrt.

An bei die ersten Logdaten

Sorry, bin in Foren sehr unbeholfen.

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 09:37 on 02/07/2013 (Buero)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 02.07.2013 09:58:14 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = G:\Users\Trommi\Desktop
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16614)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,40 Gb Total Physical Memory | 1,89 Gb Available Physical Memory | 55,64% Memory free
6,81 Gb Paging File | 4,89 Gb Available in Paging File | 71,82% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = G: | %SystemRoot% = G:\Windows | %ProgramFiles% = G:\Program Files
Drive C: | 92,78 Gb Total Space | 36,28 Gb Free Space | 39,11% Space Free | Partition Type: NTFS
Drive D: | 43,95 Gb Total Space | 43,84 Gb Free Space | 99,76% Space Free | Partition Type: NTFS
Drive E: | 49,59 Gb Total Space | 36,66 Gb Free Space | 73,94% Space Free | Partition Type: NTFS
Drive G: | 279,45 Gb Total Space | 192,02 Gb Free Space | 68,71% Space Free | Partition Type: NTFS
Drive H: | 78,13 Gb Total Space | 16,99 Gb Free Space | 21,74% Space Free | Partition Type: NTFS
Drive I: | 36,36 Gb Total Space | 3,82 Gb Free Space | 10,51% Space Free | Partition Type: NTFS
 
Computer Name: BUERO-PC | User Name: Buero | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.07.02 09:38:24 | 000,602,112 | ---- | M] (OldTimer Tools) -- G:\Users\Trommi\Desktop\OTL.exe
PRC - [2013.06.21 13:36:55 | 002,095,944 | ---- | M] (G Data Software AG) -- G:\Programme\G Data\InternetSecurity\AVK\AVKWCtl.exe
PRC - [2013.06.12 13:01:11 | 000,814,472 | ---- | M] (Adobe Systems Incorporated) -- G:\Windows\System32\Macromed\Flash\FlashUtil32_11_7_700_224_ActiveX.exe
PRC - [2013.05.17 04:32:12 | 000,770,648 | ---- | M] (Microsoft Corporation) -- G:\Programme\Internet Explorer\iexplore.exe
PRC - [2013.04.16 03:09:04 | 000,233,048 | ---- | M] (RealNetworks, Inc.) -- G:\Programme\RealNetworks\RealDownloader\recordingmanager.exe
PRC - [2013.04.16 03:07:06 | 000,039,056 | ---- | M] () -- G:\Programme\RealNetworks\RealDownloader\rndlresolversvc.exe
PRC - [2013.03.22 11:13:36 | 001,957,840 | ---- | M] (G Data Software AG) -- G:\Programme\Common Files\G Data\AVKProxy\AVKProxy.exe
PRC - [2013.03.22 05:04:17 | 001,444,304 | ---- | M] (G Data Software AG) -- G:\Programme\G Data\InternetSecurity\AVKTray\AVKTray.exe
PRC - [2013.03.22 04:55:34 | 001,854,928 | ---- | M] (G Data Software AG) -- G:\Programme\G Data\InternetSecurity\Firewall\GDFirewallTray.exe
PRC - [2013.03.22 04:50:20 | 002,362,744 | ---- | M] (G Data Software AG) -- G:\Programme\G Data\InternetSecurity\Firewall\GDFwSvc.exe
PRC - [2013.03.20 14:38:50 | 000,162,856 | ---- | M] (Geek Software GmbH) -- G:\Programme\PDF24\pdf24.exe
PRC - [2013.03.18 13:01:06 | 000,745,472 | ---- | M] (Microsoft Corporation) -- G:\Windows\System32\MsSpellCheckingFacility.exe
PRC - [2013.02.25 14:59:46 | 000,696,808 | ---- | M] (G Data Software AG) -- G:\Programme\Common Files\G Data\GDScan\GDScan.exe
PRC - [2013.02.25 04:15:25 | 000,635,344 | ---- | M] (G Data Software AG) -- G:\Programme\G Data\InternetSecurity\AVK\AVKService.exe
PRC - [2013.01.18 16:21:02 | 000,873,248 | ---- | M] (NVIDIA Corporation) -- G:\Programme\NVIDIA Corporation\Display\NvXDSync.exe
PRC - [2013.01.18 16:21:00 | 001,821,984 | ---- | M] (NVIDIA Corporation) -- G:\Programme\NVIDIA Corporation\Display\nvtray.exe
PRC - [2013.01.18 09:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) -- G:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012.12.18 21:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- G:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.11.23 04:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- G:\Windows\System32\taskhost.exe
PRC - [2012.07.19 09:53:10 | 000,277,824 | ---- | M] (Intel Corporation) -- G:\Programme\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2011.12.13 10:34:54 | 000,671,552 | ---- | M] (TuneUp Software) -- G:\Programme\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
PRC - [2011.12.13 10:32:32 | 001,527,104 | ---- | M] (TuneUp Software) -- G:\Programme\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe
PRC - [2011.11.15 19:20:26 | 000,078,192 | ---- | M] (Dyn, Inc.) -- G:\Programme\Dyn Updater\DynTray.exe
PRC - [2011.07.22 15:26:40 | 000,690,472 | ---- | M] (Nero AG) -- G:\Programme\Nero\Update\NASvc.exe
PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- G:\Windows\explorer.exe
PRC - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- G:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2010.11.20 14:17:41 | 001,174,016 | ---- | M] (Microsoft Corporation) -- G:\Programme\Windows Sidebar\sidebar.exe
PRC - [2010.09.21 14:03:14 | 001,710,464 | ---- | M] (Microsoft Corp.) -- G:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2010.09.21 14:03:14 | 000,193,408 | ---- | M] (Microsoft Corp.) -- G:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2010.01.09 22:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) -- G:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.03.17 01:11:16 | 004,297,568 | ---- | M] () -- G:\Programme\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
 
 
========== Services (SafeList) ==========
 
SRV - [2013.06.25 12:31:37 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- G:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.06.21 13:36:55 | 002,095,944 | ---- | M] (G Data Software AG) [Auto | Running] -- G:\Programme\G Data\InternetSecurity\AVK\AVKWCtl.exe -- (AVKWCtl)
SRV - [2013.06.12 14:01:11 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- G:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.04.16 03:07:06 | 000,039,056 | ---- | M] () [Auto | Running] -- G:\Programme\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
SRV - [2013.03.22 11:13:36 | 001,957,840 | ---- | M] (G Data Software AG) [Auto | Running] -- G:\Programme\Common Files\G Data\AVKProxy\AVKProxy.exe -- (AVKProxy)
SRV - [2013.03.22 04:50:20 | 002,362,744 | ---- | M] (G Data Software AG) [On_Demand | Running] -- G:\Programme\G Data\InternetSecurity\Firewall\GDFwSvc.exe -- (GDFwSvc)
SRV - [2013.02.25 14:59:46 | 000,696,808 | ---- | M] (G Data Software AG) [On_Demand | Running] -- G:\Programme\Common Files\G Data\GDScan\GDScan.exe -- (GDScan)
SRV - [2013.02.25 04:15:25 | 000,635,344 | ---- | M] (G Data Software AG) [Auto | Running] -- G:\Programme\G Data\InternetSecurity\AVK\AVKService.exe -- (AVKService)
SRV - [2013.01.18 09:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- G:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012.12.29 12:26:54 | 001,260,472 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- G:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012.12.18 21:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- G:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.12.14 11:17:04 | 003,467,768 | ---- | M] (TeamViewer GmbH) [Disabled | Stopped] -- G:\Programme\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8)
SRV - [2012.09.20 14:28:48 | 030,785,672 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- G:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2012.08.25 03:10:01 | 000,276,288 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- G:\Windows\System32\IntelCpHeciSvc.exe -- (cphs)
SRV - [2012.07.19 09:53:10 | 000,277,824 | ---- | M] (Intel Corporation) [Auto | Running] -- G:\Programme\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2011.12.13 10:32:32 | 001,527,104 | ---- | M] (TuneUp Software) [Auto | Running] -- G:\Programme\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2011.12.13 10:29:16 | 000,029,504 | ---- | M] (TuneUp Software) [Auto | Running] -- G:\Windows\System32\uxtuneup.dll -- (UxTuneUp)
SRV - [2011.11.15 19:20:26 | 000,095,608 | ---- | M] (Dyn, Inc.) [Auto | Stopped] -- G:\Programme\Dyn Updater\DynUpSvc.exe -- (Dyn Updater)
SRV - [2011.07.22 15:26:40 | 000,690,472 | ---- | M] (Nero AG) [Auto | Running] -- G:\Programme\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2011.06.29 15:59:18 | 000,155,344 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- G:\Programme\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe -- (Sony Ericsson PCCompanion)
SRV - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- G:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2010.09.21 14:03:14 | 001,710,464 | ---- | M] (Microsoft Corp.) [Auto | Running] -- G:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010.01.09 22:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- G:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2010.01.09 22:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- G:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- G:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- G:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Unknown] -- G:\Users\Buero\AppData\Local\Temp\aswMBR.sys -- (aswMBR)
DRV - [2013.06.26 17:11:20 | 000,054,104 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- G:\Windows\System32\drivers\gdwfpcd32.sys -- (gdwfpcd)
DRV - [2013.06.17 09:12:13 | 000,051,032 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- G:\Windows\System32\drivers\HookCentre.sys -- (HookCentre)
DRV - [2013.06.17 09:11:44 | 000,096,344 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- G:\Windows\System32\drivers\MiniIcpt.sys -- (GDMnIcpt)
DRV - [2013.06.17 09:11:44 | 000,045,912 | ---- | M] (G Data Software AG) [Kernel | Boot | Running] -- G:\Windows\System32\drivers\GDBehave.sys -- (GDBehave)
DRV - [2013.04.17 09:33:35 | 000,017,488 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- G:\Windows\gdrv.sys -- (gdrv)
DRV - [2013.04.11 08:48:24 | 000,030,896 | ---- | M] (G Data Software) [Kernel | System | Running] -- G:\Windows\System32\drivers\GRD.sys -- (GRD)
DRV - [2013.04.08 09:12:37 | 000,052,056 | ---- | M] (G Data Software AG) [Kernel | On_Demand | Running] -- G:\Windows\System32\drivers\PktIcpt.sys -- (GDPkIcpt)
DRV - [2013.02.26 01:22:06 | 008,939,296 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- G:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2013.01.28 10:30:24 | 000,062,216 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- G:\Windows\System32\drivers\ftdibus.sys -- (FTDIBUS)
DRV - [2012.08.23 16:44:32 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- G:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2012.08.23 16:40:25 | 000,049,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- G:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2012.07.03 17:25:17 | 000,149,352 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- G:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2012.07.02 15:16:00 | 000,055,104 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- G:\Windows\System32\drivers\HECI.sys -- (MEI)
DRV - [2012.06.19 16:39:09 | 000,289,792 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- G:\Windows\System32\drivers\IntcDAud.sys -- (IntcDAud)
DRV - [2012.05.20 18:25:32 | 000,793,920 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- G:\Windows\System32\drivers\iusb3xhc.sys -- (iusb3xhc)
DRV - [2012.05.20 18:25:32 | 000,350,016 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- G:\Windows\System32\drivers\iusb3hub.sys -- (iusb3hub)
DRV - [2012.05.20 18:25:32 | 000,015,680 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- G:\Windows\System32\drivers\iusb3hcs.sys -- (iusb3hcs)
DRV - [2011.07.13 14:39:10 | 000,056,496 | ---- | M] (Nero AG) [Kernel | Boot | Running] -- G:\Windows\System32\drivers\NBVol.sys -- (NBVol)
DRV - [2011.07.13 14:39:10 | 000,012,464 | ---- | M] (Nero AG) [Kernel | Boot | Running] -- G:\Windows\System32\drivers\NBVolUp.sys -- (NBVolUp)
DRV - [2011.04.29 11:55:12 | 000,025,512 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- G:\Windows\System32\drivers\ggsemc.sys -- (ggsemc)
DRV - [2011.04.29 11:55:12 | 000,013,224 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- G:\Windows\System32\drivers\ggflt.sys -- (ggflt)
DRV - [2011.03.18 14:46:10 | 000,073,096 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- G:\Windows\System32\drivers\ftser2k.sys -- (FTSER2K)
DRV - [2011.02.10 10:22:58 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- G:\Programme\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- G:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009.07.26 23:39:24 | 000,659,592 | ---- | M] (www.ext2fsd.com) [Kernel | System | Running] -- G:\Windows\System32\drivers\ext2fsd.sys -- (Ext2Fsd)
DRV - [2008.11.11 13:42:00 | 000,024,832 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- G:\Windows\System32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2008.11.11 13:41:00 | 000,019,968 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- G:\Windows\System32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2008.11.11 13:41:00 | 000,013,056 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- G:\Windows\System32\drivers\lgusbbus.sys -- (usbbus)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-2432144436-981379088-275475555-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-2432144436-981379088-275475555-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-2432144436-981379088-275475555-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-2432144436-981379088-275475555-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-2432144436-981379088-275475555-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F6 72 4C 47 99 63 CA 01  [binary data]
IE - HKU\S-1-5-21-2432144436-981379088-275475555-1001\..\URLSearchHook: {213c8ed6-1d78-4d8f-8729-25006aa86a76} - No CLSID value found
IE - HKU\S-1-5-21-2432144436-981379088-275475555-1001\..\SearchScopes,DefaultScope = {BB041AC8-2009-4E10-B22F-84039E70B373}
IE - HKU\S-1-5-21-2432144436-981379088-275475555-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKU\S-1-5-21-2432144436-981379088-275475555-1001\..\SearchScopes\{51BF1669-9387-407F-B07F-97817C8BC21A}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=9M&apn_dtid=%5E&apn_uid=CA61A9C8-4166-45F8-9368-8439BA854CCE&apn_sauid=EF1EC9DA-2F4B-4EE8-8665-E6DD8C94BD34
IE - HKU\S-1-5-21-2432144436-981379088-275475555-1001\..\SearchScopes\{9CCBD921-FBD7-4816-A930-7AAB447F724E}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3242337
IE - HKU\S-1-5-21-2432144436-981379088-275475555-1001\..\SearchScopes\{BB041AC8-2009-4E10-B22F-84039E70B373}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKU\S-1-5-21-2432144436-981379088-275475555-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-2432144436-981379088-275475555-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-2432144436-981379088-275475555-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-2432144436-981379088-275475555-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-2432144436-981379088-275475555-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-2432144436-981379088-275475555-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 8A A9 BC 0A 4B 70 CB 01  [binary data]
IE - HKU\S-1-5-21-2432144436-981379088-275475555-1005\..\URLSearchHook: {213c8ed6-1d78-4d8f-8729-25006aa86a76} - No CLSID value found
IE - HKU\S-1-5-21-2432144436-981379088-275475555-1005\..\SearchScopes,DefaultScope = {BB041AC8-2009-4E10-B22F-84039E70B373}
IE - HKU\S-1-5-21-2432144436-981379088-275475555-1005\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKU\S-1-5-21-2432144436-981379088-275475555-1005\..\SearchScopes\{065D5CF5-6E0E-42A8-86DF-6862F065A665}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKU\S-1-5-21-2432144436-981379088-275475555-1005\..\SearchScopes\{5D59D326-FA9C-4D9D-8F13-EABD5B52E182}: "URL" = hxxp://www.amazon.de/gp/search?search-alias=aps&field-keywords={searchTerms}
IE - HKU\S-1-5-21-2432144436-981379088-275475555-1005\..\SearchScopes\{9CCBD921-FBD7-4816-A930-7AAB447F724E}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3242337
IE - HKU\S-1-5-21-2432144436-981379088-275475555-1005\..\SearchScopes\{BB041AC8-2009-4E10-B22F-84039E70B373}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKU\S-1-5-21-2432144436-981379088-275475555-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Google"
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.startup.homepage: "hxxp://www.ask.com?o=10148&l=dis&tb=AVR-3"
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: G:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: G:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: G:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: g:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: G:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: G:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Nero.com/KM: G:\PROGRA~1\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: G:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: G:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.2.32: g:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.2: G:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.2: G:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.2: G:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.2.32: g:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: G:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: G:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: G:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FCE04E1F-9378-4f39-96F6-5689A9159E45}: G:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013.06.12 11:21:43 | 000,000,000 | ---D | M]
 
[2012.06.22 15:24:35 | 000,000,000 | ---D | M] (No name found) -- G:\Users\Buero\AppData\Roaming\mozilla\Extensions
[2013.04.26 10:12:10 | 000,000,000 | ---D | M] (No name found) -- G:\Users\Buero\AppData\Roaming\mozilla\Firefox\Profiles\938svwi9.default\extensions
[2013.04.26 10:12:10 | 000,817,280 | ---- | M] () (No name found) -- G:\Users\Buero\AppData\Roaming\mozilla\firefox\profiles\938svwi9.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.06.25 12:31:38 | 000,000,000 | ---D | M] (No name found) -- G:\Programme\Mozilla Firefox\browser\extensions
[2013.06.25 12:31:38 | 000,000,000 | ---D | M] (Default) -- G:\Programme\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
========== Chrome  ==========
 
 
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - G:\Windows\System32\drivers\etc\hosts
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - G:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - G:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - G:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - G:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (no name) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - No CLSID value found.
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - G:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - G:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - No CLSID value found.
O3 - HKU\S-1-5-21-2432144436-981379088-275475555-1001\..\Toolbar\WebBrowser: (no name) - {213C8ED6-1D78-4D8F-8729-25006AA86A76} - No CLSID value found.
O3 - HKU\S-1-5-21-2432144436-981379088-275475555-1005\..\Toolbar\WebBrowser: (no name) - {213C8ED6-1D78-4D8F-8729-25006AA86A76} - No CLSID value found.
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [G Data AntiVirus Tray] G:\Programme\G Data\InternetSecurity\AVKTray\AVKTray.exe (G Data Software AG)
O4 - HKLM..\Run: [GDFirewallTray] G:\Programme\G Data\InternetSecurity\Firewall\GDFirewallTray.exe (G Data Software AG)
O4 - HKLM..\Run: [IMSS] G:\Program Files\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe (Intel Corporation)
O4 - HKLM..\Run: [PDFPrint] G:\Programme\PDF24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [USB3MON] G:\Program Files\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
O4 - HKU\S-1-5-21-2432144436-981379088-275475555-1001..\Run: [] G:\Users\Buero\AppData\Local\Temp\krlgsludoasomnsvabjrqava.exe File not found
O4 - HKU\S-1-5-21-2432144436-981379088-275475555-1005..\Run: [] G:\Users\Trommi\AppData\Local\Temp\krlgsludoasomnsvabjrqava.exe File not found
O4 - HKU\S-1-5-21-2432144436-981379088-275475555-1005..\Run: [Sony Ericsson PC Companion] G:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe (Sony Ericsson)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] G:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] G:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O8 - Extra context menu item: An OneNote s&enden - G:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Hinzufügen zu Anti-Banner - G:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - G:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - G:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - G:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - G:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - G:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - G:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - G:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O13 - gopher Prefix: missing
O16 - DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} hxxp://www.lidl-fotos.de/ips-opdata/layout/lidl02/objects/jordan.cab (JordanUploader Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {C6B95BE9-4373-4BF8-9D18-9FCEAE5563F0} https://col0-sec.mail.live.com/mail/MailMigrationCabFileHolder.aspx?n=85748869 (Mail Migration)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 10.7.2)
O16 - DPF: {E1B26101-23FB-4855-9171-F79F29CC7728} hxxp://doerflerkc.dyndns.biz/UltraCamX.cab (UltraCamX Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5B985AA6-26D7-4248-B8D1-018DDDB46818}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7811C701-3250-4564-ADCB-6C25C185ABE6}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - G:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - G:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - G:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - G:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (G:\Windows\system32\userinit.exe) - G:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (g:\program files\g data\internetsecurity\avkkid\avkcks.exe) - g:\Programme\G Data\InternetSecurity\AVKKid\AVKCKS.exe ()
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - G:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O27 - HKLM IFEO\pdf24-editor.exe: Debugger - G:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\pdf24-fax.exe: Debugger - G:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\teamviewer.exe: Debugger - G:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe (TuneUp Software)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - G:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.08.31 16:08:37 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - G:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005.03.09 13:40:55 | 000,000,000 | ---- | M] () - H:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{4cc23fd4-cf84-11de-8b69-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{4cc23fd4-cf84-11de-8b69-806e6f6e6963}\Shell\AutoRun\command - "" = F:\autorun.exe
O33 - MountPoints2\{69a2022a-722b-11e0-9b80-00508d9cd093}\Shell - "" = AutoRun
O33 - MountPoints2\{69a2022a-722b-11e0-9b80-00508d9cd093}\Shell\AutoRun\command - "" = J:\Startme.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.06.28 14:00:16 | 000,155,648 | ---- | C] (Microsoft Corporation) -- G:\ProgramData\09qdo.dat
[2013.06.26 17:11:28 | 000,000,000 | ---D | C] -- G:\ProgramData\Microsoft\Windows\Start Menu\Programs\G Data InternetSecurity 2014
[2013.06.25 12:31:33 | 000,000,000 | ---D | C] -- G:\Program Files\Mozilla Firefox
[2013.06.13 09:17:48 | 000,000,000 | ---D | C] -- G:\Users\Buero\AppData\Roaming\vlc
[2013.06.13 09:17:42 | 000,000,000 | ---D | C] -- G:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2013.06.12 11:21:33 | 000,000,000 | ---D | C] -- G:\Program Files\Common Files\xing shared
[2013.06.10 14:18:23 | 000,044,544 | ---- | C] (Microsoft Corporation) -- G:\ProgramData\rundll32.exe
 
========== Files - Modified Within 30 Days ==========
 
[2013.07.02 10:01:00 | 000,000,884 | ---- | M] () -- G:\Windows\tasks\Adobe Flash Player Updater.job
[2013.07.02 09:36:30 | 000,000,000 | ---- | M] () -- G:\Users\Buero\defogger_reenable
[2013.07.02 08:39:47 | 000,013,216 | -H-- | M] () -- G:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.07.02 08:39:47 | 000,013,216 | -H-- | M] () -- G:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.07.02 08:32:33 | 000,067,584 | --S- | M] () -- G:\Windows\bootstat.dat
[2013.07.02 08:32:27 | 2741,313,536 | -HS- | M] () -- G:\hiberfil.sys
[2013.07.01 17:41:47 | 095,023,320 | ---- | M] () -- G:\ProgramData\odq90.pad
[2013.07.01 13:59:48 | 000,002,608 | ---- | M] () -- G:\ProgramData\odq90.js
[2013.06.29 18:10:00 | 000,001,422 | ---- | M] () -- G:\Windows\tasks\hpwebreg_CN1CO4564X05JZ.job
[2013.06.28 10:18:52 | 000,000,000 | ---- | M] () -- G:\ProgramData\jmlorqe.dat
[2013.06.27 09:45:25 | 095,023,320 | ---- | M] () -- G:\ProgramData\eqrolmj.pad
[2013.06.26 17:11:28 | 000,001,945 | ---- | M] () -- G:\Users\Public\Desktop\G Data InternetSecurity 2014.lnk
[2013.06.26 17:11:20 | 000,054,104 | ---- | M] (G Data Software AG) -- G:\Windows\System32\drivers\gdwfpcd32.sys
[2013.06.25 14:36:36 | 000,696,848 | ---- | M] () -- G:\Windows\System32\perfh007.dat
[2013.06.25 14:36:36 | 000,652,166 | ---- | M] () -- G:\Windows\System32\perfh009.dat
[2013.06.25 14:36:36 | 000,148,144 | ---- | M] () -- G:\Windows\System32\perfc007.dat
[2013.06.25 14:36:36 | 000,121,098 | ---- | M] () -- G:\Windows\System32\perfc009.dat
[2013.06.17 10:56:23 | 000,000,000 | ---- | M] () -- G:\ProgramData\zdfrt.dat
[2013.06.17 09:12:13 | 000,051,032 | ---- | M] (G Data Software AG) -- G:\Windows\System32\drivers\HookCentre.sys
[2013.06.17 09:11:44 | 000,096,344 | ---- | M] (G Data Software AG) -- G:\Windows\System32\drivers\MiniIcpt.sys
[2013.06.17 09:11:44 | 000,045,912 | ---- | M] (G Data Software AG) -- G:\Windows\System32\drivers\GDBehave.sys
[2013.06.13 09:17:42 | 000,001,033 | ---- | M] () -- G:\Users\Public\Desktop\VLC media player.lnk
[2013.06.12 11:21:45 | 000,001,102 | ---- | M] () -- G:\Users\Public\Desktop\RealPlayer.lnk
[2013.06.12 11:21:21 | 000,272,896 | ---- | M] (Progressive Networks) -- G:\Windows\System32\pncrt.dll
[2013.06.10 16:57:42 | 095,023,320 | ---- | M] () -- G:\ProgramData\ij4i.pad
[2013.06.03 10:13:29 | 000,000,053 | ---- | M] () -- G:\stdout.out
[2013.06.03 10:11:17 | 000,000,000 | ---- | M] () -- G:\stderr.out
 
========== Files Created - No Company Name ==========
 
[2013.07.02 09:36:30 | 000,000,000 | ---- | C] () -- G:\Users\Buero\defogger_reenable
[2013.07.01 13:59:48 | 000,002,608 | ---- | C] () -- G:\ProgramData\odq90.js
[2013.06.28 14:00:17 | 095,023,320 | ---- | C] () -- G:\ProgramData\odq90.pad
[2013.06.24 11:04:51 | 095,023,320 | ---- | C] () -- G:\ProgramData\eqrolmj.pad
[2013.06.24 11:04:50 | 000,000,000 | ---- | C] () -- G:\ProgramData\jmlorqe.dat
[2013.06.17 09:12:20 | 000,001,945 | ---- | C] () -- G:\Users\Public\Desktop\G Data InternetSecurity 2014.lnk
[2013.06.14 16:34:00 | 000,000,000 | ---- | C] () -- G:\ProgramData\zdfrt.dat
[2013.06.13 09:17:42 | 000,001,033 | ---- | C] () -- G:\Users\Public\Desktop\VLC media player.lnk
[2013.06.12 11:21:45 | 000,001,102 | ---- | C] () -- G:\Users\Public\Desktop\RealPlayer.lnk
[2013.06.10 14:18:24 | 095,023,320 | ---- | C] () -- G:\ProgramData\ij4i.pad
[2013.04.24 10:12:17 | 000,001,500 | ---- | C] () -- G:\Users\Buero\.recently-used.xbel
[2013.04.17 09:36:32 | 000,293,889 | ---- | C] () -- G:\Windows\System32\drivers\RTAIODAT.DAT
[2013.04.17 09:35:03 | 000,598,780 | ---- | C] () -- G:\Windows\System32\igvpkrng700.bin
[2013.04.17 09:35:03 | 000,094,208 | ---- | C] () -- G:\Windows\System32\IccLibDll.dll
[2013.04.17 09:35:03 | 000,064,512 | ---- | C] () -- G:\Windows\System32\igdde32.dll
[2013.04.17 09:35:03 | 000,009,728 | ---- | C] ( ) -- G:\Windows\System32\IGFXDEVLib.dll
[2013.04.17 09:35:02 | 000,755,048 | ---- | C] () -- G:\Windows\System32\igcodeckrng700.bin
[2013.04.17 09:35:02 | 000,000,255 | ---- | C] () -- G:\Windows\System32\GfxUI.exe.config
[2013.04.16 22:53:37 | 000,000,010 | ---- | C] () -- G:\Windows\GSetup.ini
[2012.12.03 17:13:07 | 000,003,273 | ---- | C] () -- G:\Windows\SceneLib24.ini
[2012.12.03 15:20:16 | 000,001,239 | ---- | C] () -- G:\Windows\Track.INI
[2012.11.23 10:10:03 | 000,171,008 | ---- | C] () -- G:\Windows\System32\RPTlprUi.dll
[2012.11.23 10:10:03 | 000,042,496 | ---- | C] () -- G:\Windows\System32\RPTlpr.dll
[2012.11.19 10:50:50 | 002,953,448 | ---- | C] () -- G:\Windows\System32\nvcoproc.bin
[2012.06.22 17:07:41 | 000,017,408 | ---- | C] () -- G:\Users\Buero\AppData\Local\WebpageIcons.db
[2011.03.22 12:18:44 | 000,000,017 | ---- | C] () -- G:\Users\Buero\AppData\Local\resmon.resmoncfg
[2009.11.12 15:51:17 | 000,000,227 | ---- | C] () -- G:\Program Files\PanaHDS.ini
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- G:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2013.02.06 11:52:46 | 000,000,000 | ---D | M] -- G:\Users\Buero\AppData\Roaming\FreeVideoConverter
[2012.02.09 10:23:30 | 000,000,000 | ---D | M] -- G:\Users\Buero\AppData\Roaming\gotomaxx
[2013.04.24 10:12:17 | 000,000,000 | ---D | M] -- G:\Users\Buero\AppData\Roaming\gtk-2.0
[2011.06.24 10:09:55 | 000,000,000 | ---D | M] -- G:\Users\Buero\AppData\Roaming\LG Electronics
[2012.05.23 13:10:38 | 000,000,000 | ---D | M] -- G:\Users\Buero\AppData\Roaming\ScanSoft
[2011.04.01 09:31:16 | 000,000,000 | ---D | M] -- G:\Users\Buero\AppData\Roaming\TuneUp Software
[2012.11.08 14:27:27 | 000,000,000 | ---D | M] -- G:\Users\Cheffe\AppData\Roaming\Audacity
[2012.05.14 10:01:03 | 000,000,000 | ---D | M] -- G:\Users\Cheffe\AppData\Roaming\Duden
[2011.04.28 12:10:04 | 000,000,000 | ---D | M] -- G:\Users\Cheffe\AppData\Roaming\EPSON
[2012.12.27 14:07:20 | 000,000,000 | ---D | M] -- G:\Users\Cheffe\AppData\Roaming\G Data
[2013.06.10 14:18:42 | 000,000,000 | ---D | M] -- G:\Users\Cheffe\AppData\Roaming\Giki
[2012.09.11 10:41:40 | 000,000,000 | ---D | M] -- G:\Users\Cheffe\AppData\Roaming\gotomaxx
[2013.05.13 15:53:04 | 000,000,000 | ---D | M] -- G:\Users\Cheffe\AppData\Roaming\gtk-2.0
[2013.06.10 14:18:25 | 000,000,000 | ---D | M] -- G:\Users\Cheffe\AppData\Roaming\Igduiq
[2013.02.05 15:28:20 | 000,000,000 | ---D | M] -- G:\Users\Cheffe\AppData\Roaming\PriceGong
[2012.05.23 13:10:38 | 000,000,000 | ---D | M] -- G:\Users\Cheffe\AppData\Roaming\ScanSoft
[2013.05.02 14:50:31 | 000,000,000 | ---D | M] -- G:\Users\Cheffe\AppData\Roaming\SuperMailer
[2013.02.19 16:34:38 | 000,000,000 | ---D | M] -- G:\Users\Cheffe\AppData\Roaming\TeamViewer
[2011.04.01 09:58:19 | 000,000,000 | ---D | M] -- G:\Users\Cheffe\AppData\Roaming\TuneUp Software
[2013.06.10 14:18:42 | 000,000,000 | ---D | M] -- G:\Users\Cheffe\AppData\Roaming\Zaiv
[2013.04.24 12:47:16 | 000,000,000 | ---D | M] -- G:\Users\Newsletter\AppData\Roaming\TuneUp Software
[2013.04.27 09:21:59 | 000,000,000 | ---D | M] -- G:\Users\Newsletter.Buero-PC\AppData\Roaming\G Data
[2013.06.04 12:58:09 | 000,000,000 | ---D | M] -- G:\Users\Newsletter.Buero-PC\AppData\Roaming\SuperMailer
[2013.04.27 09:22:00 | 000,000,000 | ---D | M] -- G:\Users\Newsletter.Buero-PC\AppData\Roaming\TeamViewer
[2013.04.24 13:07:08 | 000,000,000 | ---D | M] -- G:\Users\Newsletter.Buero-PC\AppData\Roaming\TuneUp Software
[2012.02.09 10:17:10 | 000,000,000 | ---D | M] -- G:\Users\Trommi\AppData\Roaming\7-PDFMaker
[2013.06.19 10:54:17 | 000,000,000 | ---D | M] -- G:\Users\Trommi\AppData\Roaming\Audacity
[2012.05.14 09:30:00 | 000,000,000 | ---D | M] -- G:\Users\Trommi\AppData\Roaming\Duden
[2011.04.26 14:45:26 | 000,000,000 | ---D | M] -- G:\Users\Trommi\AppData\Roaming\EPSON
[2012.02.09 10:25:03 | 000,000,000 | ---D | M] -- G:\Users\Trommi\AppData\Roaming\gotomaxx
[2013.05.29 16:32:14 | 000,000,000 | ---D | M] -- G:\Users\Trommi\AppData\Roaming\gtk-2.0
[2012.05.23 13:10:38 | 000,000,000 | ---D | M] -- G:\Users\Trommi\AppData\Roaming\ScanSoft
[2013.04.30 10:01:20 | 000,000,000 | ---D | M] -- G:\Users\Trommi\AppData\Roaming\SuperMailer
[2013.02.20 11:23:17 | 000,000,000 | ---D | M] -- G:\Users\Trommi\AppData\Roaming\TeamViewer
[2011.04.01 09:39:26 | 000,000,000 | ---D | M] -- G:\Users\Trommi\AppData\Roaming\TuneUp Software
[2010.10.20 12:30:24 | 000,000,000 | ---D | M] -- G:\Users\Trommi\AppData\Roaming\Windows Live Writer
[2013.01.09 17:17:14 | 000,000,000 | ---D | M] -- G:\Users\Werzl\AppData\Roaming\G Data
[2013.02.19 17:24:24 | 000,000,000 | ---D | M] -- G:\Users\Werzl\AppData\Roaming\TeamViewer
[2011.04.09 10:52:59 | 000,000,000 | ---D | M] -- G:\Users\Werzl\AppData\Roaming\TuneUp Software
[2012.05.14 14:15:29 | 000,000,000 | ---D | M] -- G:\Users\Zaworski\AppData\Roaming\Duden
[2013.01.14 14:20:47 | 000,000,000 | ---D | M] -- G:\Users\Zaworski\AppData\Roaming\G Data
[2013.02.28 14:50:24 | 000,000,000 | ---D | M] -- G:\Users\Zaworski\AppData\Roaming\gtk-2.0
[2012.05.23 13:10:38 | 000,000,000 | ---D | M] -- G:\Users\Zaworski\AppData\Roaming\ScanSoft
[2013.02.20 12:19:18 | 000,000,000 | ---D | M] -- G:\Users\Zaworski\AppData\Roaming\TeamViewer
[2011.05.04 13:47:19 | 000,000,000 | ---D | M] -- G:\Users\Zaworski\AppData\Roaming\TuneUp Software
 
========== Purity Check ==========
 
 

< End of report >
         
--- --- ---
OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 02.07.2013 09:58:14 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = G:\Users\Trommi\Desktop
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16614)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,40 Gb Total Physical Memory | 1,89 Gb Available Physical Memory | 55,64% Memory free
6,81 Gb Paging File | 4,89 Gb Available in Paging File | 71,82% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = G: | %SystemRoot% = G:\Windows | %ProgramFiles% = G:\Program Files
Drive C: | 92,78 Gb Total Space | 36,28 Gb Free Space | 39,11% Space Free | Partition Type: NTFS
Drive D: | 43,95 Gb Total Space | 43,84 Gb Free Space | 99,76% Space Free | Partition Type: NTFS
Drive E: | 49,59 Gb Total Space | 36,66 Gb Free Space | 73,94% Space Free | Partition Type: NTFS
Drive G: | 279,45 Gb Total Space | 192,02 Gb Free Space | 68,71% Space Free | Partition Type: NTFS
Drive H: | 78,13 Gb Total Space | 16,99 Gb Free Space | 21,74% Space Free | Partition Type: NTFS
Drive I: | 36,36 Gb Total Space | 3,82 Gb Free Space | 10,51% Space Free | Partition Type: NTFS
 
Computer Name: BUERO-PC | User Name: Buero | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- G:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- G:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-2432144436-981379088-275475555-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- G:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- "%1" %*
htmlfile [edit] -- "G:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "G:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "G:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "G:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0983FDFC-7500-46AA-A3DA-EEA8A4DF1A13}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{0AF3024A-631C-43E2-83D2-11888830AAE7}" = lport=6004 | protocol=17 | dir=in | app=g:\program files\microsoft office\office14\outlook.exe | 
"{0DF1AF9D-209F-4FCC-BE14-E9F7D87FA6C7}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{12B61BB1-CEA8-4382-8CF0-69BF1957450D}" = lport=445 | protocol=6 | dir=in | app=system | 
"{153F8C02-87F4-478F-A0E7-45C2F38693F3}" = lport=139 | protocol=6 | dir=in | app=system | 
"{20836249-2402-44D7-8035-6989442AA9DF}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{29AD7437-9BC8-47A1-AF55-C917A2934476}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{3921E03E-BCBF-417E-A92C-DDA8F766F65B}" = rport=139 | protocol=6 | dir=out | app=system | 
"{418BFDF7-CFC2-47EB-9B9E-6C01E8C2FF96}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{49724BD5-19AA-4E5B-84BF-3721F36B04FE}" = lport=138 | protocol=17 | dir=in | app=system | 
"{4D4B764D-C07D-40B9-B476-2488BE9EC2E2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{627D7580-D112-499C-99AD-2A477A7A0D3E}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{6E814DAC-30B1-46A1-AFDE-2551D6302939}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{761ACED5-5E4D-44BD-B70E-2F667AF94447}" = lport=137 | protocol=17 | dir=in | app=system | 
"{76A2BD24-5D2B-43CE-9B89-118485960C5C}" = rport=137 | protocol=17 | dir=out | app=system | 
"{8EFA5102-A3B8-49CE-8EA2-61F4AD023481}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{990FC001-82C0-41B2-95F0-E7866DDDE650}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{A1C605B9-BCCF-4B72-9D8F-DCE75F902C1D}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{AB3EB8DC-5F2C-4304-9120-978CA6DE9F4B}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{B016E129-7782-44DB-AA59-9519B472C47B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{B13C41BE-E9DA-49D6-8169-DDBCAFBBAA76}" = rport=138 | protocol=17 | dir=out | app=system | 
"{BF71B0DE-378A-4D6A-8529-B6FCA16347BE}" = rport=445 | protocol=6 | dir=out | app=system | 
"{C1CFFC4F-DF4F-459C-A69A-17A75AD8C200}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{F5BED03E-4158-4FD2-8BE4-8F8325EBFC2A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{F5EECB98-523D-42F2-B363-D2B8FC35B6D8}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{FB592DD5-7F8C-4766-8CCF-C0487012C0BC}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0A346F69-C5A8-43EA-B9AE-07A322518F3D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{0B4A1793-1513-4BC9-93D5-EC9986B6E1D4}" = protocol=6 | dir=in | app=g:\program files\webcamxp 5\wlite.exe | 
"{0DBC480B-36CE-45CE-B168-F0EC10FAA0B2}" = protocol=17 | dir=in | app=g:\program files\microsoft office\office14\groove.exe | 
"{189E7CF2-3C8B-470E-BB97-EF86E12E38C9}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{31B1649C-FB5D-410D-B5FA-3DCAFF17782A}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{349B96F5-5659-485B-A6C6-0EAEEA38FCE6}" = protocol=17 | dir=in | app=g:\program files\webcamxp 5\wservice.exe | 
"{3CAE5411-A680-4751-A94A-353C11A206CA}" = protocol=6 | dir=in | app=g:\program files\sony ericsson\update engine\sony ericsson update engine.exe | 
"{48F42BEA-9DD8-41B6-97C5-F2EA4E3E23CA}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{4B6BD222-B291-463D-928A-4098C4391A68}" = protocol=17 | dir=in | app=g:\program files\teamviewer\version8\teamviewer_service.exe | 
"{4BE07446-26AF-4E5B-8E95-E67BBE9C8AFB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{4DD12FD7-AEEC-42DF-9F96-7F7D2D801ABC}" = protocol=17 | dir=in | app=g:\program files\webcamxp 5\wlite.exe | 
"{54255A87-DE03-444E-BF37-675C6F7ED811}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{585D1DC9-4404-4094-AC4A-77436F1A4728}" = protocol=6 | dir=in | app=g:\program files\teamviewer\version8\teamviewer_service.exe | 
"{5A810C9A-AFBE-4E5E-A0FD-F5F2A07266E5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{5B2DD4CD-0E9C-43A4-B8BD-062AD5DFF467}" = protocol=6 | dir=in | app=g:\program files\microsoft office\office14\groove.exe | 
"{5DB0D476-5CE3-433A-86C3-C54A9D259C5D}" = protocol=17 | dir=in | app=g:\program files\sony ericsson\update engine\sony ericsson update engine.exe | 
"{64680FBA-AC2F-4172-A12D-AC9A6529F822}" = dir=in | app=g:\program files\windows live\contacts\wlcomm.exe | 
"{6E7063B6-80ED-4C4B-8488-AF5E3A2076D8}" = protocol=6 | dir=in | app=g:\program files\webcamxp 5\wservice.exe | 
"{731F34BC-F01B-45F5-A186-B2E9E4E0D880}" = protocol=17 | dir=in | app=g:\program files\hp\hp officejet 6500 e710a-f\bin\devicesetup.exe | 
"{7CD559BB-0367-43D1-BE3F-6B9109D3EBC5}" = protocol=6 | dir=in | app=g:\program files\hp\hp officejet 6500 e710a-f\bin\hpnetworkcommunicator.exe | 
"{8B289105-C9AA-4F0A-A95E-9B54B7EA3A0A}" = protocol=6 | dir=in | app=g:\program files\hp\hp officejet 6500 e710a-f\bin\devicesetup.exe | 
"{8B40D312-FF45-4053-A378-161138C3F1FD}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{9BD5A20A-6D01-4EA1-8557-5BD50097B7F5}" = protocol=6 | dir=out | app=system | 
"{A48AA486-73B2-4F9D-9083-B4D4BF0B91C3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{A7F0E8C8-0A2D-43DF-BB40-B9E3E4A00048}" = protocol=6 | dir=in | app=g:\program files\teamviewer\version8\teamviewer.exe | 
"{A98EF550-91AB-4FCC-A4A9-86C6CE46343F}" = protocol=17 | dir=in | app=g:\program files\hp\hp officejet 6500 e710a-f\bin\hpnetworkcommunicator.exe | 
"{B8311498-A13D-4644-81D4-F4AAE172FD38}" = protocol=17 | dir=in | app=g:\program files\teamviewer\version8\teamviewer.exe | 
"{C4C0E8C4-B5C6-4A65-BBE2-622AAC423A32}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{CC4F2FBB-0561-47AF-B9F6-6426303DE984}" = protocol=17 | dir=in | app=g:\program files\microsoft office\office14\onenote.exe | 
"{D8141552-344D-41FF-AAF5-435200083669}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{E813827F-3488-4268-B260-2762330A8737}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{EA3A6F62-3E83-44EC-8D6F-363DAF71229F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{EF162207-AC61-4046-91DD-540FA6C01E87}" = protocol=6 | dir=in | app=g:\program files\microsoft office\office14\onenote.exe | 
"{EF4D578A-1CDB-427C-898C-7D7FE13A02D1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{F1588B0C-32EC-4632-AFEC-B12BFD4240B6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"TCP Query User{3DC86687-43B3-4921-94BE-8414328C23BF}G:\service.exe" = protocol=6 | dir=in | app=g:\service.exe | 
"TCP Query User{8055FAB7-6275-46AA-B52C-C9700E4E3B9E}G:\devicesearch 1.0.0.27\devicesearch.exe" = protocol=6 | dir=in | app=g:\devicesearch 1.0.0.27\devicesearch.exe | 
"UDP Query User{045B043A-80E6-46AF-A2F1-6E318C8C2FFA}G:\service.exe" = protocol=17 | dir=in | app=g:\service.exe | 
"UDP Query User{BC9E0808-594A-4C34-BC64-1452C345E853}G:\devicesearch 1.0.0.27\devicesearch.exe" = protocol=17 | dir=in | app=g:\devicesearch 1.0.0.27\devicesearch.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{034DCAF9-96E7-4936-9A07-712F80B5181E}" = Nero RescueAgent 11
"{037CD593-D760-4A00-B030-7BBAFA1123FE}" = HP Officejet 6500 E710a-f Hilfe
"{0713D1F9-DD77-42C1-8C7D-54D479E2E743}" = Nero SoundTrax 11
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D7A4289-99CF-4B8D-B812-86BE50A54552}" = Nero Video 11
"{11D3EF85-63E1-4AE4-A7C1-9241BDB16B51}" = Nero ControlCenter 11
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}" = TuneUp Utilities 2011
"{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel(R) USB 3.0 eXtensible Host Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java(TM) 6 Update 24
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2C3CE8F0-F4AD-4D54-A520-975309C617E2}" = LG PC Suite III
"{2CA7225D-CB12-462A-9DD1-50319E158BA5}" = Nero 11 PiP Effects Basic
"{390757AA-8830-43DC-AEE0-4E5B6F8439EB}" = Nero SoundTrax 11 Help (CHM)
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3DC873BB-FFE3-46BF-9701-26B9AE371F9F}" = RealDownloader
"{4162E4B4-DB62-4719-9921-A59B2671C1CB}" = Nero Recode 11
"{44CDB8EC-569D-4C61-B18C-8768A1FC7E15}" = Panasonic RPT Network Printer Port
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{52210D57-0B1F-4681-90DD-8659DF4BCC40}" = Moorhuhn Remake
"{528EC8F4-1C19-41BA-80A1-0B5EA21BA628}" = maxx PDFMAILER Standard
"{53C9D2D8-F188-4D2F-9D42-A1BA359DD096}" = mDecoderTool
"{53F7746A-96AA-49A5-86B8-59989680DAC5}" = Nero Burning ROM 11 Help (CHM)
"{55C2143E-FBA5-442F-9AFA-726FF068F39D}" = Nero CoverDesigner 11 Help (CHM)
"{57F80ECF-E27C-4EEE-AB58-E971BACE2639}" = Nero Recode 11 Help (CHM)
"{5A212B2D-140D-46F4-B625-2D1CA5A00594}" = Nero 11 Kwik Themes Basic
"{5D4C60AA-84E6-4E1A-8A68-69970D387BE1}" = TuneUp Utilities Language Pack (de-DE)
"{5E98FDD6-3672-4DBE-AB8B-2C9A0BED1382}" = Nero 11 Disc Menus 3
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6AB2427E-A18F-4809-9A12-29F5EBABBB3A}" = Nero BackItUp 11 Help (CHM)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7765322A-8601-47D3-AC60-B66677450D7B}" = G Data InternetSecurity 2014
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{78F2FF7C-AC3C-430C-83A7-E2859FBA630A}" = Panasonic Printing System
"{7A108EBC-C9DF-4E14-93A8-42CF316F1ECF}" = Marketsplash Schnellzugriffe
"{7DF2B5EE-2C16-4E86-9C71-8678068AD805}" = Nero 11 Disc Menus 2
"{8014FACB-1D1D-48C2-94AA-E29EE2E6B9CE}" = Nero WaveEditor 11
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 5.4.0
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUSR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{9193490D-5229-4FC4-9BB9-A6D63C09574A}" = High-Definition Video Playback
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9D8491AD-D0D2-4B51-AA4A-A8B67795A553}" = Nero Burning ROM 11
"{9E48FF52-082C-4CC2-BB67-6E10D09C0431}" = Windows Live UX Platform Language Pack
"{A0F34849-D9AB-46DD-B1BE-BB0DB60B1FE8}" = Nero 11 Disc Menus 1
"{A2CDC001-F8B3-4C64-9E74-2E3FA0FAC9D9}" = Nero 11 Video Samples
"{A4F6BE36-4826-45BA-A396-04F265A3B61D}" = Nero 11 Kwik Themes 2
"{A68575CE-050E-4E1F-A053-58BE8D9DE7AB}" = ArcSoft MediaImpression 2
"{A7A0BF2E-31CC-49E3-9913-52C503EB969D}" = Nero Audio Pack 1
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}" = RealNetworks - Microsoft Visual C++ 2010 Runtime
"{AB2BBC64-8AC8-4E66-BBF3-E22D5EACEECA}" = Nero BackItUp 11
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.02) - Deutsch
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B160A672-F326-4414-9BB0-A056C61B357C}" = Nero 11 Cliparts
"{B1F69AF3-B5B5-4CA5-ADC5-8A738EB6E574}" = Nero 11 Kwik Themes 1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 311.06
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 310.90
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.1031
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.11.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.18.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B9B1BA7F-7E07-49DD-A713-5B397A5BB66B}" = Nero Kwik Media Help (CHM)
"{BE814218-3919-4EA3-868A-2F60BC135CB4}" = Nero Kwik Media
"{BEBEE34D-84A2-4EDD-8BEA-96CC54371263}" = Nero Core Components 11
"{C0E18DC4-C74A-4889-AE3A-933471023787}" = LG PC Suite III
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{CA6BCA2F-EDEB-408F-850B-31404BE16A61}" = I.R.I.S. OCR
"{CCE210DF-7EEF-4A76-A63C-3EB091FDB992}" = welcome
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D01CE99A-8802-483C-A79F-298B691EB432}" = Nero RescueAgent 11 Help (CHM)
"{D2CBEFA4-F2D3-4E97-A171-8BFD6A31A5EC}" = Nero Express 11 Help (CHM)
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D4D66270-9147-4BDF-9946-FCA2B303AA8F}" = Nero ControlCenter 11 Help (CHM)
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E10AAE4A-98B8-420A-BD93-E0520C23D624}" = Nero Express 11
"{E51BC4B0-EA5E-49CC-AF3B-93B5C627EC22}" = Nero 11 Effects Basic
"{E89BAE75-3446-43BA-B180-7F11692A9778}" = nero.prerequisites.msi
"{EB475D31-14C0-4DC3-8E0A-8AE1711399B3}" = Nero 11
"{EB8DED20-A887-4A9C-BB5A-F3E7523DFB44}" = Nero WaveEditor 11 Help (CHM)
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony Ericsson PC Companion 2.02.002
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3743A2C-5D5F-4456-8F98-5DF36A954C50}" = Nero 11 Image Samples
"{F49EF443-B2BD-4F10-8A46-87AFCDB90EDD}" = Nero 11 Disc Menus Basic
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8EF9B71-53E7-41F5-8E54-47B4C979CB38}" = Nero Backup Drivers
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FA02ACAC-9E14-4878-A257-92A22A647C2C}" = LG USB Modem Drivers
"{FAC3C37E-EDAB-4F3A-A173-A7C70CC88F09}" = Nero Video 11 Help (CHM)
"{FBBA35E1-9449-4902-8A0F-89252C0C1407}" = HP Officejet 6500 E710a-f - Grundlegende Software für das Gerät
"{FC6AAE10-A081-42C7-9CD3-ED1D80C30941}" = ITE IT8211 ATAPI Controller
"{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel(R) SDK for OpenCL - CPU Only Runtime Package
"{FF44BCE5-5A18-4051-85F0-BC172D7B4695}" = Nero CoverDesigner 11
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Audacity_is1" = Audacity 2.0
"Carrera Streckenplaner_is1" = Carrera Streckenplaner
"DynUpdater" = Dyn Updater
"Edit4Win" = Edit4Win 3.10
"Ext2Fsd_is1" = Ext2Fsd 0.48
"InstallShield_{78F2FF7C-AC3C-430C-83A7-E2859FBA630A}" = Panasonic Printer Drivers
"Lidl-Fotos_is1" = Lidl-Fotos
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Mozilla Firefox 21.0 (x86 de)" = Mozilla Firefox 21.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NetObjects Fusion Essentials" = NetObjects Fusion Essentials
"Newsletter Software SuperMailer_is1" = SuperMailer 7.10
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"ST6UNST #1" = RS-Office Pro V7
"ST6UNST #2" = RS-Office Pro V7 (C:\RSOFFICE\)
"ST6UNST #3" = RS-Office Pro V7 (g:\RSOFFICE\)
"ST6UNST #4" = RS-Office Pro V7 (C:\RSOFFICE\) #3
"TeamViewer 8" = TeamViewer 8
"TuneUp Utilities 2011" = TuneUp Utilities 2011
"Update Engine" = Sony Ericsson Update Engine
"VLC media player" = VLC media player 2.0.6
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinLiveSuite" = Windows Live Essentials
"wintrack51_is1" = WinTrack 5.1 3D
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-2432144436-981379088-275475555-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-2432144436-981379088-275475555-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 26.06.2013 07:28:54 | Computer Name = Buero-PC | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 21.0.0.4879 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 15d8    Startzeit:
 01ce725dea462f70    Endzeit: 15    Anwendungspfad: G:\Program Files\Mozilla Firefox\firefox.exe

Berichts-ID:
 91d1b06c-de53-11e2-a507-94de8005544a  
 
Error - 27.06.2013 05:42:32 | Computer Name = Buero-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "g:\program files\Nero\Nero
 11\nero backitup\NBVSSTool_x64.exe".  Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 27.06.2013 05:42:52 | Computer Name = Buero-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "g:\program files\Nero\Nero
 11\nero recode\NeroBRServer.exe.Manifest".  Die abhängige Assemblierung "ACME,processorArchitecture="x86",type="win32",version="11.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 28.06.2013 04:00:23 | Computer Name = Buero-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "g:\program files\Nero\Nero
 11\nero backitup\NBVSSTool_x64.exe".  Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 28.06.2013 04:00:42 | Computer Name = Buero-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "g:\program files\Nero\Nero
 11\nero recode\NeroBRServer.exe.Manifest".  Die abhängige Assemblierung "ACME,processorArchitecture="x86",type="win32",version="11.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 01.07.2013 09:08:28 | Computer Name = Buero-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "g:\program files\Nero\Nero
 11\nero backitup\NBVSSTool_x64.exe".  Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 01.07.2013 09:08:47 | Computer Name = Buero-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "g:\program files\Nero\Nero
 11\nero recode\NeroBRServer.exe.Manifest".  Die abhängige Assemblierung "ACME,processorArchitecture="x86",type="win32",version="11.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 01.07.2013 11:13:32 | Computer Name = Buero-PC | Source = System Restore | ID = 8200
Description = 
 
Error - 01.07.2013 11:28:44 | Computer Name = Buero-PC | Source = System Restore | ID = 8200
Description = 
 
Error - 01.07.2013 11:38:46 | Computer Name = Buero-PC | Source = System Restore | ID = 8206
Description = 
 
Error - 02.07.2013 03:07:10 | Computer Name = Buero-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: aswMBR.exe, Version: 0.9.9.1771, 
Zeitstempel: 0x5147644e  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
 Zeitstempel: 0x4ec49b60  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00052cc7  ID des fehlerhaften
 Prozesses: 0xfe0  Startzeit der fehlerhaften Anwendung: 0x01ce76f208fc7ad2  Pfad der
 fehlerhaften Anwendung: G:\Users\Trommi\Desktop\aswMBR.exe  Pfad des fehlerhaften
 Moduls: G:\Windows\SYSTEM32\ntdll.dll  Berichtskennung: 02f19b82-e2e6-11e2-aa12-94de8005544a
 
[ System Events ]
Error - 02.07.2013 02:37:42 | Computer Name = Buero-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name
 Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet 
wurde:   %%997
 
Error - 02.07.2013 02:37:42 | Computer Name = Buero-PC | Source = PNRPSvc | ID = 102
Description = 
 
Error - 02.07.2013 02:37:42 | Computer Name = Buero-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler
 beendet:   %%997
 
Error - 02.07.2013 02:37:42 | Computer Name = Buero-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name
 Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet 
wurde:   %%997
 
Error - 02.07.2013 03:36:44 | Computer Name = Buero-PC | Source = PNRPSvc | ID = 102
Description = 
 
Error - 02.07.2013 03:36:44 | Computer Name = Buero-PC | Source = PNRPSvc | ID = 102
Description = 
 
Error - 02.07.2013 03:36:44 | Computer Name = Buero-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler
 beendet:   %%997
 
Error - 02.07.2013 03:36:44 | Computer Name = Buero-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name
 Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet 
wurde:   %%997
 
Error - 02.07.2013 03:36:44 | Computer Name = Buero-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler
 beendet:   %%997
 
Error - 02.07.2013 03:36:44 | Computer Name = Buero-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name
 Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet 
wurde:   %%997
 
[ TuneUp Events ]
Error - 26.09.2012 08:57:44 | Computer Name = Buero-PC | Source = TuneUp.UtilitiesSvc | ID = 300
Description = 
 
 
< End of report >
         
--- --- ---
GMER Logfile:
Code:
ATTFilter
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-07-02 10:28:04
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST500DM002-1BD142 rev.KC45 465,76GB
Running: gmer_2.1.19163.exe; Driver: G:\Users\Buero\AppData\Local\Temp\fwloqpob.sys


---- Kernel code sections - GMER 2.1 ----

.text           ntkrnlpa.exe!ZwRollbackEnlistment + 140D                                                                          838589F5 1 Byte  [06]
.text           ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                                            838921F2 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
?               G:\Users\Buero\AppData\Local\Temp\aswMBR.sys                                                                      Das System kann die angegebene Datei nicht finden. !

---- User code sections - GMER 2.1 ----

.text           G:\Program Files\Internet Explorer\iexplore.exe[1252] shell32.DLL!RealDriveType + 173D                            766EFE30 4 Bytes  [E5, 36, 80, 70]
.text           G:\Program Files\Internet Explorer\iexplore.exe[1252] shell32.DLL!RealDriveType + 1745                            766EFE38 8 Bytes  [1B, 57, 80, 70, 97, 83, 81, ...]
.text           G:\Program Files\Internet Explorer\iexplore.exe[2444] shell32.DLL!RealDriveType + 173D                            766EFE30 4 Bytes  [E5, 36, 80, 70]
.text           G:\Program Files\Internet Explorer\iexplore.exe[2444] shell32.DLL!RealDriveType + 1745                            766EFE38 8 Bytes  [1B, 57, 80, 70, 97, 83, 81, ...]
.text           G:\Program Files\Internet Explorer\iexplore.exe[5948] shell32.DLL!RealDriveType + 173D                            766EFE30 4 Bytes  [E5, 36, 80, 70]
.text           ...                                                                                                               
.text           G:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe[6100] kernel32.dll!SetUnhandledExceptionFilter  778BF4FB 5 Bytes  [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}
.text           G:\Program Files\Internet Explorer\iexplore.exe[11692] shell32.DLL!RealDriveType + 173D                           766EFE30 4 Bytes  [E5, 36, 80, 70]
.text           G:\Program Files\Internet Explorer\iexplore.exe[11692] shell32.DLL!RealDriveType + 1745                           766EFE38 8 Bytes  [1B, 57, 80, 70, 97, 83, 81, ...]

---- Devices - GMER 2.1 ----

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                                            NBVol.sys
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                                            NBVolUp.sys
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                                            NBVol.sys
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                                            NBVolUp.sys
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3                                                                            NBVol.sys
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3                                                                            NBVolUp.sys
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume4                                                                            NBVol.sys
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume4                                                                            NBVolUp.sys
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume5                                                                            NBVol.sys
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume5                                                                            NBVolUp.sys
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume6                                                                            NBVol.sys
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume6                                                                            NBVolUp.sys

---- Registry - GMER 2.1 ----

Reg             HKLM\SOFTWARE\Microsoft\Windows Media Player NSS\3.0\Servers\3CA63232-5DE6-437F-AE71-DEF503C848E2@IPAddress       ::1
Reg             HKLM\SOFTWARE\Microsoft\Windows Media Player NSS\3.0\Servers\796FE558-16EA-42F7-933E-262618CD0C39@IPAddress       127.0.0.1
Reg             HKLM\SOFTWARE\Microsoft\Windows Media Player NSS\3.0\Servers\D4EEDED3-E755-4B50-8154-E8B18E2778CD@IPAddress       ::1

---- EOF - GMER 2.1 ----
         
--- --- ---

Alt 05.07.2013, 12:11   #2
t'john
/// Helfer-Team
 
Polizei Trojaner GVU - Standard

Polizei Trojaner GVU





Die Bereinigung besteht aus mehreren Schritten, die ausgefuehrt werden muessen.
Diese Nacheinander abarbeiten und die 3 Logs, die dabei erstellt werden bitte in deine naechste Antwort einfuegen.

Sollte der OTL-FIX nicht richig durchgelaufen sein. Fahre nicht fort, sondern melde dies bitte.

1. Schritt

Fixen mit OTL

Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).

  • Deaktiviere etwaige Virenscanner wie Avira, Kaspersky etc.
  • Starte die OTL.exe.
    Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
  • Kopiere folgendes Skript in das Textfeld unterhalb von Benuterdefinierte Scans/Fixes:
  • Der Fix fängt mit :OTL an. Vergewissere dich, dass du ihn richtig kopiert hast.


Code:
ATTFilter
:OTL

O4 - HKU\S-1-5-21-2432144436-981379088-275475555-1001..\Run: [] G:\Users\Buero\AppData\Local\Temp\krlgsludoasomnsvabjrqava.exe File not found 
O4 - HKU\S-1-5-21-2432144436-981379088-275475555-1005..\Run: [] G:\Users\Trommi\AppData\Local\Temp\krlgsludoasomnsvabjrqava.exe File not found 
[2013.06.28 14:00:16 | 000,155,648 | ---- | C] (Microsoft Corporation) -- G:\ProgramData\09qdo.dat 
[2013.06.10 14:18:23 | 000,044,544 | ---- | C] (Microsoft Corporation) -- G:\ProgramData\rundll32.exe 
[2013.06.28 14:00:17 | 095,023,320 | ---- | C] () -- G:\ProgramData\odq90.pad 
[2013.06.10 16:57:42 | 095,023,320 | ---- | M] () -- G:\ProgramData\ij4i.pad 
[2013.06.17 10:56:23 | 000,000,000 | ---- | M] () -- G:\ProgramData\zdfrt.dat 
[2013.06.27 09:45:25 | 095,023,320 | ---- | M] () -- G:\ProgramData\eqrolmj.pad 
[2013.06.28 10:18:52 | 000,000,000 | ---- | M] () -- G:\ProgramData\jmlorqe.dat 
[2013.06.10 14:18:42 | 000,000,000 | ---D | M] -- G:\Users\Cheffe\AppData\Roaming\Giki 
[2013.06.10 14:18:25 | 000,000,000 | ---D | M] -- G:\Users\Cheffe\AppData\Roaming\Igduiq 
[2013.06.10 14:18:42 | 000,000,000 | ---D | M] -- G:\Users\Cheffe\AppData\Roaming\Zaiv 
[2013.06.29 18:10:00 | 000,001,422 | ---- | M] () -- G:\Windows\tasks\hpwebreg_CN1CO4564X05JZ.job 

:Files 
C:\ProgramData\*.exe
C:\ProgramData\*.dll
C:\ProgramData\*.tmp
C:\ProgramData\TEMP
C:\Users\Buero\*.tmp
C:\Users\Buero\AppData\*.dll
C:\Users\Buero\AppData\*.exe
C:\Users\Buero\AppData\Local\Temp\*.exe
C:\Users\Buero\AppData\LocalLow\Sun\Java\Deployment\cache
ipconfig /flushdns /c
:Commands
[emptytemp]
         
  • Schließe alle Programme.
  • Klicke auf den Fix Button.
  • Wenn OTL einen Neustart verlangt, bitte zulassen.
  • Kopiere den Inhalt des Logfiles hier in Code-Tags in Deinen Thread.
    Nachträglich kannst Du das Logfile hier einsehen => C:\_OTL\MovedFiles\<datum_nummer.log>

Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!



2. Schritt
Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.



danach:

3. Schritt
Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).
__________________

__________________

Alt 06.07.2013, 09:21   #3
Roger2013
 
Polizei Trojaner GVU - Standard

Polizei Trojaner GVU



Guten Morgen t´john,

dank für die hilfe,

Pos1, Otl,OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 06.07.2013 09:03:43 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = G:\Users\Trommi\Desktop
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16614)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,40 Gb Total Physical Memory | 2,33 Gb Available Physical Memory | 68,49% Memory free
6,80 Gb Paging File | 5,24 Gb Available in Paging File | 77,04% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = G: | %SystemRoot% = G:\Windows | %ProgramFiles% = G:\Program Files
Drive C: | 92,78 Gb Total Space | 35,92 Gb Free Space | 38,72% Space Free | Partition Type: NTFS
Drive D: | 43,95 Gb Total Space | 43,84 Gb Free Space | 99,76% Space Free | Partition Type: NTFS
Drive E: | 49,59 Gb Total Space | 36,66 Gb Free Space | 73,94% Space Free | Partition Type: NTFS
Drive G: | 279,45 Gb Total Space | 195,01 Gb Free Space | 69,78% Space Free | Partition Type: NTFS
Drive H: | 78,13 Gb Total Space | 16,99 Gb Free Space | 21,74% Space Free | Partition Type: NTFS
Drive I: | 36,36 Gb Total Space | 3,82 Gb Free Space | 10,51% Space Free | Partition Type: NTFS
Drive J: | 465,65 Gb Total Space | 165,07 Gb Free Space | 35,45% Space Free | Partition Type: FAT32
 
Computer Name: BUERO-PC | User Name: Buero | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.07.06 08:59:42 | 000,602,112 | ---- | M] (OldTimer Tools) -- G:\Users\Trommi\Desktop\OTL.exe
PRC - [2013.06.21 13:36:55 | 002,095,944 | ---- | M] (G Data Software AG) -- G:\Programme\G Data\InternetSecurity\AVK\AVKWCtl.exe
PRC - [2013.06.12 13:01:11 | 000,814,472 | ---- | M] (Adobe Systems Incorporated) -- G:\Windows\System32\Macromed\Flash\FlashUtil32_11_7_700_224_ActiveX.exe
PRC - [2013.05.17 04:32:12 | 000,770,648 | ---- | M] (Microsoft Corporation) -- G:\Programme\Internet Explorer\iexplore.exe
PRC - [2013.04.16 03:09:04 | 000,233,048 | ---- | M] (RealNetworks, Inc.) -- G:\Programme\RealNetworks\RealDownloader\recordingmanager.exe
PRC - [2013.04.16 03:07:06 | 000,039,056 | ---- | M] () -- G:\Programme\RealNetworks\RealDownloader\rndlresolversvc.exe
PRC - [2013.03.22 11:13:36 | 001,957,840 | ---- | M] (G Data Software AG) -- G:\Programme\Common Files\G Data\AVKProxy\AVKProxy.exe
PRC - [2013.03.22 05:04:17 | 001,444,304 | ---- | M] (G Data Software AG) -- G:\Programme\G Data\InternetSecurity\AVKTray\AVKTray.exe
PRC - [2013.03.22 04:55:34 | 001,854,928 | ---- | M] (G Data Software AG) -- G:\Programme\G Data\InternetSecurity\Firewall\GDFirewallTray.exe
PRC - [2013.03.22 04:50:20 | 002,362,744 | ---- | M] (G Data Software AG) -- G:\Programme\G Data\InternetSecurity\Firewall\GDFwSvc.exe
PRC - [2013.03.20 14:38:50 | 000,162,856 | ---- | M] (Geek Software GmbH) -- G:\Programme\PDF24\pdf24.exe
PRC - [2013.02.25 14:59:46 | 000,696,808 | ---- | M] (G Data Software AG) -- G:\Programme\Common Files\G Data\GDScan\GDScan.exe
PRC - [2013.02.25 04:15:25 | 000,635,344 | ---- | M] (G Data Software AG) -- G:\Programme\G Data\InternetSecurity\AVK\AVKService.exe
PRC - [2013.01.18 16:21:02 | 000,873,248 | ---- | M] (NVIDIA Corporation) -- G:\Programme\NVIDIA Corporation\Display\NvXDSync.exe
PRC - [2013.01.18 16:21:00 | 001,821,984 | ---- | M] (NVIDIA Corporation) -- G:\Programme\NVIDIA Corporation\Display\nvtray.exe
PRC - [2013.01.18 09:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) -- G:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012.12.18 21:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- G:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.11.23 04:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- G:\Windows\System32\taskhost.exe
PRC - [2012.07.19 09:53:10 | 000,277,824 | ---- | M] (Intel Corporation) -- G:\Programme\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2011.12.13 10:34:54 | 000,671,552 | ---- | M] (TuneUp Software) -- G:\Programme\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
PRC - [2011.12.13 10:32:32 | 001,527,104 | ---- | M] (TuneUp Software) -- G:\Programme\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe
PRC - [2011.11.15 19:20:26 | 000,078,192 | ---- | M] (Dyn, Inc.) -- G:\Programme\Dyn Updater\DynTray.exe
PRC - [2011.07.22 15:26:40 | 000,690,472 | ---- | M] (Nero AG) -- G:\Programme\Nero\Update\NASvc.exe
PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- G:\Windows\explorer.exe
PRC - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- G:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2010.11.20 14:17:41 | 001,174,016 | ---- | M] (Microsoft Corporation) -- G:\Programme\Windows Sidebar\sidebar.exe
PRC - [2010.09.21 14:03:14 | 001,710,464 | ---- | M] (Microsoft Corp.) -- G:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2010.09.21 14:03:14 | 000,193,408 | ---- | M] (Microsoft Corp.) -- G:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2010.01.09 22:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) -- G:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.03.17 01:11:16 | 004,297,568 | ---- | M] () -- G:\Programme\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
 
 
========== Services (SafeList) ==========
 
SRV - [2013.07.05 11:50:08 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- G:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.06.21 13:36:55 | 002,095,944 | ---- | M] (G Data Software AG) [Auto | Running] -- G:\Programme\G Data\InternetSecurity\AVK\AVKWCtl.exe -- (AVKWCtl)
SRV - [2013.06.12 14:01:11 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- G:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.04.16 03:07:06 | 000,039,056 | ---- | M] () [Auto | Running] -- G:\Programme\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
SRV - [2013.03.22 11:13:36 | 001,957,840 | ---- | M] (G Data Software AG) [Auto | Running] -- G:\Programme\Common Files\G Data\AVKProxy\AVKProxy.exe -- (AVKProxy)
SRV - [2013.03.22 04:50:20 | 002,362,744 | ---- | M] (G Data Software AG) [On_Demand | Running] -- G:\Programme\G Data\InternetSecurity\Firewall\GDFwSvc.exe -- (GDFwSvc)
SRV - [2013.02.25 14:59:46 | 000,696,808 | ---- | M] (G Data Software AG) [On_Demand | Running] -- G:\Programme\Common Files\G Data\GDScan\GDScan.exe -- (GDScan)
SRV - [2013.02.25 04:15:25 | 000,635,344 | ---- | M] (G Data Software AG) [Auto | Running] -- G:\Programme\G Data\InternetSecurity\AVK\AVKService.exe -- (AVKService)
SRV - [2013.01.18 09:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- G:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012.12.29 12:26:54 | 001,260,472 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- G:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012.12.18 21:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- G:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.12.14 11:17:04 | 003,467,768 | ---- | M] (TeamViewer GmbH) [Disabled | Stopped] -- G:\Programme\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8)
SRV - [2012.09.20 14:28:48 | 030,785,672 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- G:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2012.08.25 03:10:01 | 000,276,288 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- G:\Windows\System32\IntelCpHeciSvc.exe -- (cphs)
SRV - [2012.07.19 09:53:10 | 000,277,824 | ---- | M] (Intel Corporation) [Auto | Running] -- G:\Programme\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2011.12.13 10:32:32 | 001,527,104 | ---- | M] (TuneUp Software) [Auto | Running] -- G:\Programme\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2011.12.13 10:29:16 | 000,029,504 | ---- | M] (TuneUp Software) [Auto | Running] -- G:\Windows\System32\uxtuneup.dll -- (UxTuneUp)
SRV - [2011.11.15 19:20:26 | 000,095,608 | ---- | M] (Dyn, Inc.) [Auto | Stopped] -- G:\Programme\Dyn Updater\DynUpSvc.exe -- (Dyn Updater)
SRV - [2011.07.22 15:26:40 | 000,690,472 | ---- | M] (Nero AG) [Auto | Running] -- G:\Programme\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2011.06.29 15:59:18 | 000,155,344 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- G:\Programme\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe -- (Sony Ericsson PCCompanion)
SRV - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- G:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2010.09.21 14:03:14 | 001,710,464 | ---- | M] (Microsoft Corp.) [Auto | Running] -- G:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010.01.09 22:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- G:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2010.01.09 22:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- G:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- G:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- G:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2013.06.26 17:11:20 | 000,054,104 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- G:\Windows\System32\drivers\gdwfpcd32.sys -- (gdwfpcd)
DRV - [2013.06.17 09:12:13 | 000,051,032 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- G:\Windows\System32\drivers\HookCentre.sys -- (HookCentre)
DRV - [2013.06.17 09:11:44 | 000,096,344 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- G:\Windows\System32\drivers\MiniIcpt.sys -- (GDMnIcpt)
DRV - [2013.06.17 09:11:44 | 000,045,912 | ---- | M] (G Data Software AG) [Kernel | Boot | Running] -- G:\Windows\System32\drivers\GDBehave.sys -- (GDBehave)
DRV - [2013.04.17 09:33:35 | 000,017,488 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- G:\Windows\gdrv.sys -- (gdrv)
DRV - [2013.04.11 08:48:24 | 000,030,896 | ---- | M] (G Data Software) [Kernel | System | Running] -- G:\Windows\System32\drivers\GRD.sys -- (GRD)
DRV - [2013.04.08 09:12:37 | 000,052,056 | ---- | M] (G Data Software AG) [Kernel | On_Demand | Running] -- G:\Windows\System32\drivers\PktIcpt.sys -- (GDPkIcpt)
DRV - [2013.02.26 01:22:06 | 008,939,296 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- G:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2013.01.28 10:30:24 | 000,062,216 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- G:\Windows\System32\drivers\ftdibus.sys -- (FTDIBUS)
DRV - [2012.08.23 16:44:32 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- G:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2012.08.23 16:40:25 | 000,049,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- G:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2012.07.03 17:25:17 | 000,149,352 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- G:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2012.07.02 15:16:00 | 000,055,104 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- G:\Windows\System32\drivers\HECI.sys -- (MEI)
DRV - [2012.06.19 16:39:09 | 000,289,792 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- G:\Windows\System32\drivers\IntcDAud.sys -- (IntcDAud)
DRV - [2012.05.20 18:25:32 | 000,793,920 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- G:\Windows\System32\drivers\iusb3xhc.sys -- (iusb3xhc)
DRV - [2012.05.20 18:25:32 | 000,350,016 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- G:\Windows\System32\drivers\iusb3hub.sys -- (iusb3hub)
DRV - [2012.05.20 18:25:32 | 000,015,680 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- G:\Windows\System32\drivers\iusb3hcs.sys -- (iusb3hcs)
DRV - [2011.07.13 14:39:10 | 000,056,496 | ---- | M] (Nero AG) [Kernel | Boot | Running] -- G:\Windows\System32\drivers\NBVol.sys -- (NBVol)
DRV - [2011.07.13 14:39:10 | 000,012,464 | ---- | M] (Nero AG) [Kernel | Boot | Running] -- G:\Windows\System32\drivers\NBVolUp.sys -- (NBVolUp)
DRV - [2011.04.29 11:55:12 | 000,025,512 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- G:\Windows\System32\drivers\ggsemc.sys -- (ggsemc)
DRV - [2011.04.29 11:55:12 | 000,013,224 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- G:\Windows\System32\drivers\ggflt.sys -- (ggflt)
DRV - [2011.03.18 14:46:10 | 000,073,096 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- G:\Windows\System32\drivers\ftser2k.sys -- (FTSER2K)
DRV - [2011.02.10 10:22:58 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- G:\Programme\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- G:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009.07.26 23:39:24 | 000,659,592 | ---- | M] (www.ext2fsd.com) [Kernel | System | Running] -- G:\Windows\System32\drivers\ext2fsd.sys -- (Ext2Fsd)
DRV - [2008.11.11 13:42:00 | 000,024,832 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- G:\Windows\System32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2008.11.11 13:41:00 | 000,019,968 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- G:\Windows\System32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2008.11.11 13:41:00 | 000,013,056 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- G:\Windows\System32\drivers\lgusbbus.sys -- (usbbus)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-2432144436-981379088-275475555-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-2432144436-981379088-275475555-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-2432144436-981379088-275475555-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-2432144436-981379088-275475555-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-2432144436-981379088-275475555-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F6 72 4C 47 99 63 CA 01  [binary data]
IE - HKU\S-1-5-21-2432144436-981379088-275475555-1001\..\URLSearchHook: {213c8ed6-1d78-4d8f-8729-25006aa86a76} - No CLSID value found
IE - HKU\S-1-5-21-2432144436-981379088-275475555-1001\..\SearchScopes,DefaultScope = {BB041AC8-2009-4E10-B22F-84039E70B373}
IE - HKU\S-1-5-21-2432144436-981379088-275475555-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKU\S-1-5-21-2432144436-981379088-275475555-1001\..\SearchScopes\{51BF1669-9387-407F-B07F-97817C8BC21A}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=9M&apn_dtid=%5E&apn_uid=CA61A9C8-4166-45F8-9368-8439BA854CCE&apn_sauid=EF1EC9DA-2F4B-4EE8-8665-E6DD8C94BD34
IE - HKU\S-1-5-21-2432144436-981379088-275475555-1001\..\SearchScopes\{9CCBD921-FBD7-4816-A930-7AAB447F724E}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3242337
IE - HKU\S-1-5-21-2432144436-981379088-275475555-1001\..\SearchScopes\{BB041AC8-2009-4E10-B22F-84039E70B373}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKU\S-1-5-21-2432144436-981379088-275475555-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-2432144436-981379088-275475555-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-2432144436-981379088-275475555-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-2432144436-981379088-275475555-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-2432144436-981379088-275475555-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-2432144436-981379088-275475555-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 8A A9 BC 0A 4B 70 CB 01  [binary data]
IE - HKU\S-1-5-21-2432144436-981379088-275475555-1005\..\URLSearchHook: {213c8ed6-1d78-4d8f-8729-25006aa86a76} - No CLSID value found
IE - HKU\S-1-5-21-2432144436-981379088-275475555-1005\..\SearchScopes,DefaultScope = {BB041AC8-2009-4E10-B22F-84039E70B373}
IE - HKU\S-1-5-21-2432144436-981379088-275475555-1005\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKU\S-1-5-21-2432144436-981379088-275475555-1005\..\SearchScopes\{065D5CF5-6E0E-42A8-86DF-6862F065A665}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKU\S-1-5-21-2432144436-981379088-275475555-1005\..\SearchScopes\{5D59D326-FA9C-4D9D-8F13-EABD5B52E182}: "URL" = hxxp://www.amazon.de/gp/search?search-alias=aps&field-keywords={searchTerms}
IE - HKU\S-1-5-21-2432144436-981379088-275475555-1005\..\SearchScopes\{9CCBD921-FBD7-4816-A930-7AAB447F724E}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3242337
IE - HKU\S-1-5-21-2432144436-981379088-275475555-1005\..\SearchScopes\{BB041AC8-2009-4E10-B22F-84039E70B373}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKU\S-1-5-21-2432144436-981379088-275475555-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Google"
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.startup.homepage: "hxxp://www.ask.com?o=10148&l=dis&tb=AVR-3"
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: G:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: G:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: G:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: g:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: G:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: G:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Nero.com/KM: G:\PROGRA~1\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: G:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: G:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.2.32: g:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.2: G:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.2: G:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.2: G:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.2.32: g:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: G:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: G:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: G:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FCE04E1F-9378-4f39-96F6-5689A9159E45}: G:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013.06.12 11:21:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: G:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: G:\Program Files\Mozilla Firefox\plugins
 
[2012.06.22 15:24:35 | 000,000,000 | ---D | M] (No name found) -- G:\Users\Buero\AppData\Roaming\mozilla\Extensions
[2013.04.26 10:12:10 | 000,000,000 | ---D | M] (No name found) -- G:\Users\Buero\AppData\Roaming\mozilla\Firefox\Profiles\938svwi9.default\extensions
[2013.04.26 10:12:10 | 000,817,280 | ---- | M] () (No name found) -- G:\Users\Buero\AppData\Roaming\mozilla\firefox\profiles\938svwi9.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.07.05 11:50:05 | 000,000,000 | ---D | M] (No name found) -- G:\Programme\Mozilla Firefox\browser\extensions
[2013.07.05 11:50:08 | 000,000,000 | ---D | M] (Default) -- G:\Programme\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
========== Chrome  ==========
 
 
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - G:\Windows\System32\drivers\etc\hosts
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - G:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - G:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - G:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - G:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (no name) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - No CLSID value found.
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - G:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - G:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - No CLSID value found.
O3 - HKU\S-1-5-21-2432144436-981379088-275475555-1001\..\Toolbar\WebBrowser: (no name) - {213C8ED6-1D78-4D8F-8729-25006AA86A76} - No CLSID value found.
O3 - HKU\S-1-5-21-2432144436-981379088-275475555-1005\..\Toolbar\WebBrowser: (no name) - {213C8ED6-1D78-4D8F-8729-25006AA86A76} - No CLSID value found.
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [G Data AntiVirus Tray] G:\Programme\G Data\InternetSecurity\AVKTray\AVKTray.exe (G Data Software AG)
O4 - HKLM..\Run: [GDFirewallTray] G:\Programme\G Data\InternetSecurity\Firewall\GDFirewallTray.exe (G Data Software AG)
O4 - HKLM..\Run: [IMSS] G:\Program Files\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe (Intel Corporation)
O4 - HKLM..\Run: [PDFPrint] G:\Programme\PDF24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [USB3MON] G:\Program Files\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
O4 - HKU\S-1-5-21-2432144436-981379088-275475555-1001..\Run: [] G:\Users\Buero\AppData\Local\Temp\krlgsludoasomnsvabjrqava.exe File not found
O4 - HKU\S-1-5-21-2432144436-981379088-275475555-1005..\Run: [] G:\Users\Trommi\AppData\Local\Temp\krlgsludoasomnsvabjrqava.exe File not found
O4 - HKU\S-1-5-21-2432144436-981379088-275475555-1005..\Run: [Sony Ericsson PC Companion] G:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe (Sony Ericsson)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] G:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] G:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O8 - Extra context menu item: An OneNote s&enden - G:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Hinzufügen zu Anti-Banner - G:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - G:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - G:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - G:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - G:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - G:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - G:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - G:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O13 - gopher Prefix: missing
O16 - DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} hxxp://www.lidl-fotos.de/ips-opdata/layout/lidl02/objects/jordan.cab (JordanUploader Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {C6B95BE9-4373-4BF8-9D18-9FCEAE5563F0} https://col0-sec.mail.live.com/mail/MailMigrationCabFileHolder.aspx?n=85748869 (Mail Migration)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 10.7.2)
O16 - DPF: {E1B26101-23FB-4855-9171-F79F29CC7728} hxxp://doerflerkc.dyndns.biz/UltraCamX.cab (UltraCamX Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5B985AA6-26D7-4248-B8D1-018DDDB46818}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7811C701-3250-4564-ADCB-6C25C185ABE6}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - G:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - G:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - G:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - G:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (G:\Windows\system32\userinit.exe) - G:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (g:\program files\g data\internetsecurity\avkkid\avkcks.exe) - g:\Programme\G Data\InternetSecurity\AVKKid\AVKCKS.exe ()
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - G:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O27 - HKLM IFEO\pdf24-editor.exe: Debugger - G:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\pdf24-fax.exe: Debugger - G:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\teamviewer.exe: Debugger - G:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe (TuneUp Software)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - G:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.08.31 16:08:37 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - G:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005.03.09 13:40:55 | 000,000,000 | ---- | M] () - H:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{4cc23fd4-cf84-11de-8b69-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{4cc23fd4-cf84-11de-8b69-806e6f6e6963}\Shell\AutoRun\command - "" = F:\autorun.exe
O33 - MountPoints2\{69a2022a-722b-11e0-9b80-00508d9cd093}\Shell - "" = AutoRun
O33 - MountPoints2\{69a2022a-722b-11e0-9b80-00508d9cd093}\Shell\AutoRun\command - "" = J:\Startme.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.07.05 11:50:05 | 000,000,000 | ---D | C] -- G:\Program Files\Mozilla Firefox
[2013.06.26 17:11:28 | 000,000,000 | ---D | C] -- G:\ProgramData\Microsoft\Windows\Start Menu\Programs\G Data InternetSecurity 2014
[2013.06.13 09:17:48 | 000,000,000 | ---D | C] -- G:\Users\Buero\AppData\Roaming\vlc
[2013.06.13 09:17:42 | 000,000,000 | ---D | C] -- G:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2013.06.12 11:26:14 | 002,706,432 | ---- | C] (Microsoft Corporation) -- G:\Windows\System32\mshtml.tlb
[2013.06.12 11:26:13 | 000,391,168 | ---- | C] (Microsoft Corporation) -- G:\Windows\System32\ieui.dll
[2013.06.12 11:23:58 | 002,877,440 | ---- | C] (Microsoft Corporation) -- G:\Windows\System32\jscript9.dll
[2013.06.12 11:23:58 | 000,061,440 | ---- | C] (Microsoft Corporation) -- G:\Windows\System32\iesetup.dll
[2013.06.12 11:23:58 | 000,039,424 | ---- | C] (Microsoft Corporation) -- G:\Windows\System32\jsproxy.dll
[2013.06.12 11:23:57 | 000,493,056 | ---- | C] (Microsoft Corporation) -- G:\Windows\System32\msfeeds.dll
[2013.06.12 11:23:57 | 000,109,056 | ---- | C] (Microsoft Corporation) -- G:\Windows\System32\iesysprep.dll
[2013.06.12 11:23:57 | 000,071,680 | ---- | C] (Microsoft Corporation) -- G:\Windows\System32\RegisterIEPKEYs.exe
[2013.06.12 11:23:57 | 000,042,496 | ---- | C] (Microsoft Corporation) -- G:\Windows\System32\ie4uinit.exe
[2013.06.12 11:23:57 | 000,033,280 | ---- | C] (Microsoft Corporation) -- G:\Windows\System32\iernonce.dll
[2013.06.12 11:21:33 | 000,000,000 | ---D | C] -- G:\Program Files\Common Files\xing shared
[2013.06.12 11:21:30 | 000,201,872 | ---- | C] (RealNetworks, Inc.) -- G:\Windows\System32\rmoc3260.dll
[2013.06.12 11:21:22 | 000,006,656 | ---- | C] (RealNetworks, Inc.) -- G:\Windows\System32\pndx5016.dll
[2013.06.12 11:21:22 | 000,005,632 | ---- | C] (RealNetworks, Inc.) -- G:\Windows\System32\pndx5032.dll
[2013.06.12 08:52:38 | 001,505,280 | ---- | C] (Microsoft Corporation) -- G:\Windows\System32\d3d11.dll
[2013.06.12 08:52:32 | 000,024,576 | ---- | C] (Microsoft Corporation) -- G:\Windows\System32\cryptdlg.dll
[2013.06.12 08:52:23 | 000,903,168 | ---- | C] (Microsoft Corporation) -- G:\Windows\System32\certutil.exe
[2013.06.12 08:52:22 | 000,043,008 | ---- | C] (Microsoft Corporation) -- G:\Windows\System32\certenc.dll
[2013.06.12 08:52:02 | 003,968,872 | ---- | C] (Microsoft Corporation) -- G:\Windows\System32\ntkrnlpa.exe
[2013.06.12 08:52:02 | 003,913,576 | ---- | C] (Microsoft Corporation) -- G:\Windows\System32\ntoskrnl.exe
[2013.06.10 14:18:23 | 000,044,544 | ---- | C] (Microsoft Corporation) -- G:\ProgramData\rundll32.exe
 
========== Files - Modified Within 30 Days ==========
 
[2013.07.06 09:01:00 | 000,000,884 | ---- | M] () -- G:\Windows\tasks\Adobe Flash Player Updater.job
[2013.07.06 08:49:39 | 000,013,216 | -H-- | M] () -- G:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.07.06 08:49:39 | 000,013,216 | -H-- | M] () -- G:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.07.06 08:42:31 | 000,067,584 | --S- | M] () -- G:\Windows\bootstat.dat
[2013.07.06 08:42:19 | 2739,916,800 | -HS- | M] () -- G:\hiberfil.sys
[2013.07.05 11:02:16 | 000,000,053 | ---- | M] () -- G:\stdout.out
[2013.07.05 11:00:27 | 000,000,000 | ---- | M] () -- G:\stderr.out
[2013.07.05 08:46:12 | 000,000,000 | ---- | M] () -- G:\ProgramData\09qdo.dat
[2013.07.02 09:36:30 | 000,000,000 | ---- | M] () -- G:\Users\Buero\defogger_reenable
[2013.07.01 17:41:47 | 095,023,320 | ---- | M] () -- G:\ProgramData\odq90.pad
[2013.06.29 18:10:00 | 000,001,422 | ---- | M] () -- G:\Windows\tasks\hpwebreg_CN1CO4564X05JZ.job
[2013.06.28 10:18:52 | 000,000,000 | ---- | M] () -- G:\ProgramData\jmlorqe.dat
[2013.06.27 09:45:25 | 095,023,320 | ---- | M] () -- G:\ProgramData\eqrolmj.pad
[2013.06.26 17:11:28 | 000,001,945 | ---- | M] () -- G:\Users\Public\Desktop\G Data InternetSecurity 2014.lnk
[2013.06.26 17:11:20 | 000,054,104 | ---- | M] (G Data Software AG) -- G:\Windows\System32\drivers\gdwfpcd32.sys
[2013.06.25 14:36:36 | 000,696,848 | ---- | M] () -- G:\Windows\System32\perfh007.dat
[2013.06.25 14:36:36 | 000,652,166 | ---- | M] () -- G:\Windows\System32\perfh009.dat
[2013.06.25 14:36:36 | 000,148,144 | ---- | M] () -- G:\Windows\System32\perfc007.dat
[2013.06.25 14:36:36 | 000,121,098 | ---- | M] () -- G:\Windows\System32\perfc009.dat
[2013.06.17 10:56:23 | 000,000,000 | ---- | M] () -- G:\ProgramData\zdfrt.dat
[2013.06.17 09:12:13 | 000,051,032 | ---- | M] (G Data Software AG) -- G:\Windows\System32\drivers\HookCentre.sys
[2013.06.17 09:11:44 | 000,096,344 | ---- | M] (G Data Software AG) -- G:\Windows\System32\drivers\MiniIcpt.sys
[2013.06.17 09:11:44 | 000,045,912 | ---- | M] (G Data Software AG) -- G:\Windows\System32\drivers\GDBehave.sys
[2013.06.13 09:17:42 | 000,001,033 | ---- | M] () -- G:\Users\Public\Desktop\VLC media player.lnk
[2013.06.12 14:01:09 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- G:\Windows\System32\FlashPlayerApp.exe
[2013.06.12 14:01:09 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- G:\Windows\System32\FlashPlayerCPLApp.cpl
[2013.06.12 11:21:45 | 000,001,102 | ---- | M] () -- G:\Users\Public\Desktop\RealPlayer.lnk
[2013.06.12 11:21:30 | 000,201,872 | ---- | M] (RealNetworks, Inc.) -- G:\Windows\System32\rmoc3260.dll
[2013.06.12 11:21:22 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- G:\Windows\System32\pndx5016.dll
[2013.06.12 11:21:22 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- G:\Windows\System32\pndx5032.dll
[2013.06.12 11:21:21 | 000,272,896 | ---- | M] (Progressive Networks) -- G:\Windows\System32\pncrt.dll
[2013.06.10 16:57:42 | 095,023,320 | ---- | M] () -- G:\ProgramData\ij4i.pad
[2013.06.10 14:18:23 | 000,044,544 | ---- | M] (Microsoft Corporation) -- G:\ProgramData\rundll32.exe
[2013.06.08 13:40:02 | 000,391,168 | ---- | M] (Microsoft Corporation) -- G:\Windows\System32\ieui.dll
[2013.06.08 13:13:19 | 002,706,432 | ---- | M] (Microsoft Corporation) -- G:\Windows\System32\mshtml.tlb
 
========== Files Created - No Company Name ==========
 
[2013.07.02 09:36:30 | 000,000,000 | ---- | C] () -- G:\Users\Buero\defogger_reenable
[2013.06.28 14:00:17 | 095,023,320 | ---- | C] () -- G:\ProgramData\odq90.pad
[2013.06.28 14:00:16 | 000,000,000 | ---- | C] () -- G:\ProgramData\09qdo.dat
[2013.06.24 11:04:51 | 095,023,320 | ---- | C] () -- G:\ProgramData\eqrolmj.pad
[2013.06.24 11:04:50 | 000,000,000 | ---- | C] () -- G:\ProgramData\jmlorqe.dat
[2013.06.17 09:12:20 | 000,001,945 | ---- | C] () -- G:\Users\Public\Desktop\G Data InternetSecurity 2014.lnk
[2013.06.14 16:34:00 | 000,000,000 | ---- | C] () -- G:\ProgramData\zdfrt.dat
[2013.06.13 09:17:42 | 000,001,033 | ---- | C] () -- G:\Users\Public\Desktop\VLC media player.lnk
[2013.06.12 11:21:45 | 000,001,102 | ---- | C] () -- G:\Users\Public\Desktop\RealPlayer.lnk
[2013.06.10 14:18:24 | 095,023,320 | ---- | C] () -- G:\ProgramData\ij4i.pad
[2013.04.24 10:12:17 | 000,001,500 | ---- | C] () -- G:\Users\Buero\.recently-used.xbel
[2013.04.17 09:36:32 | 000,293,889 | ---- | C] () -- G:\Windows\System32\drivers\RTAIODAT.DAT
[2013.04.17 09:35:03 | 000,598,780 | ---- | C] () -- G:\Windows\System32\igvpkrng700.bin
[2013.04.17 09:35:03 | 000,094,208 | ---- | C] () -- G:\Windows\System32\IccLibDll.dll
[2013.04.17 09:35:03 | 000,064,512 | ---- | C] () -- G:\Windows\System32\igdde32.dll
[2013.04.17 09:35:03 | 000,009,728 | ---- | C] ( ) -- G:\Windows\System32\IGFXDEVLib.dll
[2013.04.17 09:35:02 | 000,755,048 | ---- | C] () -- G:\Windows\System32\igcodeckrng700.bin
[2013.04.17 09:35:02 | 000,000,255 | ---- | C] () -- G:\Windows\System32\GfxUI.exe.config
[2013.04.16 22:53:37 | 000,000,010 | ---- | C] () -- G:\Windows\GSetup.ini
[2012.12.03 17:13:07 | 000,003,273 | ---- | C] () -- G:\Windows\SceneLib24.ini
[2012.12.03 15:20:16 | 000,001,239 | ---- | C] () -- G:\Windows\Track.INI
[2012.11.23 10:10:03 | 000,171,008 | ---- | C] () -- G:\Windows\System32\RPTlprUi.dll
[2012.11.23 10:10:03 | 000,042,496 | ---- | C] () -- G:\Windows\System32\RPTlpr.dll
[2012.11.19 10:50:50 | 002,953,448 | ---- | C] () -- G:\Windows\System32\nvcoproc.bin
[2012.06.22 17:07:41 | 000,017,408 | ---- | C] () -- G:\Users\Buero\AppData\Local\WebpageIcons.db
[2011.03.22 12:18:44 | 000,000,017 | ---- | C] () -- G:\Users\Buero\AppData\Local\resmon.resmoncfg
[2009.11.12 15:51:17 | 000,000,227 | ---- | C] () -- G:\Program Files\PanaHDS.ini
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- G:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >
         
--- --- ---


Hallo t´john,

jetzt habe ich ein andres Problem

Die Log-Datei ist nach dem Neustart weg?????

G:\Users\Trommi\Pictures\mbam-log-2013-07-06.jpg

Es gibt nur eine Verknüpfung.
__________________

Alt 07.07.2013, 12:00   #4
t'john
/// Helfer-Team
 
Polizei Trojaner GVU - Standard

Polizei Trojaner GVU



Warum befolgst du die Anleitungen nicht?
Bitte poste die Logs, wie in den Anleitungen beschrieben!
__________________
Mfg, t'john
Das TB unterstützen

Alt 08.07.2013, 08:54   #5
Roger2013
 
Polizei Trojaner GVU - Standard

Polizei Trojaner GVU



Das sind die ich habe!!!

2013/07/06 09:16:19 +0200 BUERO-PC Trommi MESSAGE Starting protection
2013/07/06 09:16:19 +0200 BUERO-PC Trommi MESSAGE Protection started successfully
2013/07/06 09:16:19 +0200 BUERO-PC Trommi MESSAGE Starting IP protection
2013/07/06 09:16:27 +0200 BUERO-PC Trommi MESSAGE IP Protection started successfully
2013/07/06 09:16:36 +0200 BUERO-PC Trommi MESSAGE Starting database refresh
2013/07/06 09:16:36 +0200 BUERO-PC Trommi MESSAGE Stopping IP protection
2013/07/06 09:16:37 +0200 BUERO-PC Trommi MESSAGE IP Protection stopped successfully
2013/07/06 09:16:39 +0200 BUERO-PC Trommi MESSAGE Database refreshed successfully
2013/07/06 09:16:39 +0200 BUERO-PC Trommi MESSAGE Starting IP protection
2013/07/06 09:16:41 +0200 BUERO-PC Trommi MESSAGE IP Protection started successfully
2013/07/06 09:19:43 +0200 BUERO-PC Trommi MESSAGE Executing scheduled update: Daily
2013/07/06 09:19:46 +0200 BUERO-PC Trommi MESSAGE Database already up-to-date
2013/07/06 11:46:32 +0200 BUERO-PC (null) MESSAGE Starting protection
2013/07/06 11:46:32 +0200 BUERO-PC (null) MESSAGE Protection started successfully
2013/07/06 11:46:32 +0200 BUERO-PC (null) MESSAGE Starting IP protection
2013/07/06 11:46:33 +0200 BUERO-PC (null) MESSAGE IP Protection started successfully
2013/07/06 11:50:34 +0200 BUERO-PC (null) MESSAGE Starting protection
2013/07/06 11:50:34 +0200 BUERO-PC (null) MESSAGE Protection started successfully
2013/07/06 11:50:34 +0200 BUERO-PC (null) MESSAGE Starting IP protection
2013/07/06 11:50:36 +0200 BUERO-PC (null) MESSAGE IP Protection started successfully
2013/07/06 13:46:15 +0200 BUERO-PC (null) MESSAGE Starting protection
2013/07/06 13:46:15 +0200 BUERO-PC (null) MESSAGE Protection started successfully
2013/07/06 13:46:15 +0200 BUERO-PC (null) MESSAGE Starting IP protection
2013/07/06 13:46:16 +0200 BUERO-PC (null) MESSAGE IP Protection started successfully


2013/07/08 08:42:42 +0200 BUERO-PC (null) MESSAGE Executing scheduled update: Daily
2013/07/08 08:42:46 +0200 BUERO-PC (null) MESSAGE Starting protection
2013/07/08 08:42:46 +0200 BUERO-PC (null) MESSAGE Protection started successfully
2013/07/08 08:42:46 +0200 BUERO-PC (null) MESSAGE Starting IP protection
2013/07/08 08:42:47 +0200 BUERO-PC (null) MESSAGE IP Protection started successfully
2013/07/08 08:42:51 +0200 BUERO-PC (null) MESSAGE Starting database refresh
2013/07/08 08:42:51 +0200 BUERO-PC (null) MESSAGE Stopping IP protection
2013/07/08 08:42:51 +0200 BUERO-PC (null) MESSAGE IP Protection stopped successfully
2013/07/08 08:42:51 +0200 BUERO-PC (null) MESSAGE Scheduled update executed successfully: database updated from version v2013.07.06.02 to version v2013.07.08.02
2013/07/08 08:42:53 +0200 BUERO-PC (null) MESSAGE Database refreshed successfully
2013/07/08 08:42:53 +0200 BUERO-PC (null) MESSAGE Starting IP protection
2013/07/08 08:42:54 +0200 BUERO-PC (null) MESSAGE IP Protection started successfully

AdwCleaner Logfile:
AdwCleaner Logfile:
AdwCleaner Logfile:
Code:
ATTFilter
# AdwCleaner v2.304 - Datei am 08/07/2013 um 08:56:23 erstellt
# Aktualisiert am 03/07/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (32 bits)
# Benutzer : Buero - BUERO-PC
# Bootmodus : Normal
# Ausgeführt unter : G:\Users\Trommi\Desktop\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Ordner Gefunden : G:\Program Files\Conduit
Ordner Gefunden : G:\Users\Buero\AppData\Local\Temp\AskSearch
Ordner Gefunden : G:\Users\Buero\AppData\LocalLow\Conduit
Ordner Gefunden : G:\Users\Buero\AppData\LocalLow\PriceGong
Ordner Gefunden : G:\Users\Cheffe\AppData\Local\Conduit
Ordner Gefunden : G:\Users\Cheffe\AppData\LocalLow\Conduit
Ordner Gefunden : G:\Users\Cheffe\AppData\LocalLow\PriceGong
Ordner Gefunden : G:\Users\Cheffe\AppData\Roaming\PriceGong
Ordner Gefunden : G:\Users\Werzl\AppData\LocalLow\Conduit
Ordner Gefunden : G:\Users\Werzl\AppData\LocalLow\PriceGong

***** [Registrierungsdatenbank] *****

Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\PriceGong
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gefunden : HKCU\Software\YahooPartnerToolbar
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{20E1481B-E285-4ABC-ADC7-AE24842B81CD}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{0194532A-A99C-4337-937E-2A452C8957BE}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Toolbar.CT3242337
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{92E5039E-FF1E-4AFB-8F24-87592D20C383}
Schlüssel Gefunden : HKLM\Software\Conduit
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASMANCS

***** [Internet Browser] *****

-\\ Internet Explorer v10.0.9200.16611

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v22.0 (de)

Datei : G:\Users\Buero\AppData\Roaming\Mozilla\Firefox\Profiles\938svwi9.default\prefs.js

Gefunden : user_pref("browser.search.order.1", "Ask.com");
Gefunden : user_pref("browser.search.selectedEngine", "Ask.com");
Gefunden : user_pref("browser.startup.homepage", "hxxp://www.ask.com?o=10148&l=dis&tb=AVR-3");

Datei : G:\Users\Cheffe\AppData\Roaming\Mozilla\Firefox\Profiles\jsugl9ky.default\prefs.js

[OK] Die Datei ist sauber.

Datei : G:\Users\Trommi\AppData\Roaming\Mozilla\Firefox\Profiles\aji8m7y0.default\prefs.js

[OK] Die Datei ist sauber.

Datei : G:\Users\Zaworski\AppData\Roaming\Mozilla\Firefox\Profiles\9o32dax9.default\prefs.js

[OK] Die Datei ist sauber.

-\\ Google Chrome v [Version kann nicht ermittelt werden]

Datei : G:\Users\Buero\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

Datei : G:\Users\Trommi\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [3659 octets] - [08/07/2013 08:56:23]

########## EOF - \AdwCleaner[R1].txt - [3719 octets] ##########
         
--- --- ---

--- --- ---

--- --- ---AdwCleaner Logfile:
AdwCleaner Logfile:
Code:
ATTFilter
# AdwCleaner v2.304 - Datei am 08/07/2013 um 08:59:30 erstellt
# Aktualisiert am 03/07/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (32 bits)
# Benutzer : Buero - BUERO-PC
# Bootmodus : Normal
# Ausgeführt unter : G:\Users\Trommi\Desktop\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Ordner Gefunden : G:\Program Files\Conduit
Ordner Gefunden : G:\Users\Buero\AppData\Local\Temp\AskSearch
Ordner Gefunden : G:\Users\Buero\AppData\LocalLow\Conduit
Ordner Gefunden : G:\Users\Buero\AppData\LocalLow\PriceGong
Ordner Gefunden : G:\Users\Cheffe\AppData\Local\Conduit
Ordner Gefunden : G:\Users\Cheffe\AppData\LocalLow\Conduit
Ordner Gefunden : G:\Users\Cheffe\AppData\LocalLow\PriceGong
Ordner Gefunden : G:\Users\Cheffe\AppData\Roaming\PriceGong
Ordner Gefunden : G:\Users\Werzl\AppData\LocalLow\Conduit
Ordner Gefunden : G:\Users\Werzl\AppData\LocalLow\PriceGong

***** [Registrierungsdatenbank] *****

Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\PriceGong
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gefunden : HKCU\Software\YahooPartnerToolbar
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{20E1481B-E285-4ABC-ADC7-AE24842B81CD}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{0194532A-A99C-4337-937E-2A452C8957BE}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Toolbar.CT3242337
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{92E5039E-FF1E-4AFB-8F24-87592D20C383}
Schlüssel Gefunden : HKLM\Software\Conduit
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASMANCS

***** [Internet Browser] *****

-\\ Internet Explorer v10.0.9200.16611

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v22.0 (de)

Datei : G:\Users\Buero\AppData\Roaming\Mozilla\Firefox\Profiles\938svwi9.default\prefs.js

Gefunden : user_pref("browser.search.order.1", "Ask.com");
Gefunden : user_pref("browser.search.selectedEngine", "Ask.com");
Gefunden : user_pref("browser.startup.homepage", "hxxp://www.ask.com?o=10148&l=dis&tb=AVR-3");

Datei : G:\Users\Cheffe\AppData\Roaming\Mozilla\Firefox\Profiles\jsugl9ky.default\prefs.js

[OK] Die Datei ist sauber.

Datei : G:\Users\Trommi\AppData\Roaming\Mozilla\Firefox\Profiles\aji8m7y0.default\prefs.js

[OK] Die Datei ist sauber.

Datei : G:\Users\Zaworski\AppData\Roaming\Mozilla\Firefox\Profiles\9o32dax9.default\prefs.js

[OK] Die Datei ist sauber.

-\\ Google Chrome v [Version kann nicht ermittelt werden]

Datei : G:\Users\Buero\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

Datei : G:\Users\Trommi\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [3786 octets] - [08/07/2013 08:56:23]
AdwCleaner[R2].txt - [3719 octets] - [08/07/2013 08:59:30]
AdwCleaner[S1].txt - [334 octets] - [08/07/2013 08:58:58]

########## EOF - \AdwCleaner[R2].txt - [3838 octets] ##########
         
--- --- ---

--- --- ---AdwCleaner Logfile:
Code:
ATTFilter
# AdwCleaner v2.304 - Datei am 08/07/2013 um 08:58:58 erstellt
# Aktualisiert am 03/07/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (32 bits)
# Benutzer : Buero - BUERO-PC
# Bootmodus : Normal
# Ausgeführt unter : G:\Users\Trommi\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****

# AdwCleaner v2.304 - Datei am 08/07/2013 um 08:59:52 erstellt
# Aktualisiert am 03/07/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (32 bits)
# Benutzer : Buero - BUERO-PC
# Bootmodus : Normal
# Ausgeführt unter : G:\Users\Trommi\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Ordner Gelöscht : G:\Program Files\Conduit
Ordner Gelöscht : G:\Users\Buero\AppData\Local\Temp\AskSearch
Ordner Gelöscht : G:\Users\Buero\AppData\LocalLow\Conduit
Ordner Gelöscht : G:\Users\Buero\AppData\LocalLow\PriceGong
Ordner Gelöscht : G:\Users\Cheffe\AppData\Local\Conduit
Ordner Gelöscht : G:\Users\Cheffe\AppData\LocalLow\Conduit
Ordner Gelöscht : G:\Users\Cheffe\AppData\LocalLow\PriceGong
Ordner Gelöscht : G:\Users\Cheffe\AppData\Roaming\PriceGong
Ordner Gelöscht : G:\Users\Werzl\AppData\LocalLow\Conduit
Ordner Gelöscht : G:\Users\Werzl\AppData\LocalLow\PriceGong

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\PriceGong
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{20E1481B-E285-4ABC-ADC7-AE24842B81CD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0194532A-A99C-4337-937E-2A452C8957BE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT3242337
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{92E5039E-FF1E-4AFB-8F24-87592D20C383}
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASMANCS

***** [Internet Browser] *****

-\\ Internet Explorer v10.0.9200.16611

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v22.0 (de)

Datei : G:\Users\Buero\AppData\Roaming\Mozilla\Firefox\Profiles\938svwi9.default\prefs.js

G:\Users\Buero\AppData\Roaming\Mozilla\Firefox\Profiles\938svwi9.default\user.js ... Gelöscht !

Gelöscht : user_pref("browser.search.order.1", "Ask.com");
Gelöscht : user_pref("browser.search.selectedEngine", "Ask.com");
Gelöscht : user_pref("browser.startup.homepage", "hxxp://www.ask.com?o=10148&l=dis&tb=AVR-3");

Datei : G:\Users\Cheffe\AppData\Roaming\Mozilla\Firefox\Profiles\jsugl9ky.default\prefs.js

[OK] Die Datei ist sauber.

Datei : G:\Users\Trommi\AppData\Roaming\Mozilla\Firefox\Profiles\aji8m7y0.default\prefs.js

[OK] Die Datei ist sauber.

Datei : G:\Users\Zaworski\AppData\Roaming\Mozilla\Firefox\Profiles\9o32dax9.default\prefs.js

[OK] Die Datei ist sauber.

-\\ Google Chrome v [Version kann nicht ermittelt werden]

Datei : G:\Users\Buero\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

Datei : G:\Users\Trommi\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [3786 octets] - [08/07/2013 08:56:23]
AdwCleaner[R2].txt - [3905 octets] - [08/07/2013 08:59:30]
AdwCleaner[S1].txt - [334 octets] - [08/07/2013 08:58:58]
AdwCleaner[S2].txt - [3939 octets] - [08/07/2013 08:59:52]

########## EOF - \AdwCleaner[S2].txt - [3999 octets] ##########
         
--- --- ---


-\\ Internet Explorer v10.0.9200.16611

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v22.0 (de)

Datei : G:\Users\Buero\AppData\Roaming\Mozilla\Firefox\Profiles\938svwi9.default\prefs.js

[OK] Die Datei ist sauber.

Datei : G:\Users\Cheffe\AppData\Roaming\Mozilla\Firefox\Profiles\jsugl9ky.default\prefs.js

[OK] Die Datei ist sauber.

Datei : G:\Users\Trommi\AppData\Roaming\Mozilla\Firefox\Profiles\aji8m7y0.default\prefs.js

[OK] Die Datei ist sauber.

Datei : G:\Users\Zaworski\AppData\Roaming\Mozilla\Firefox\Profiles\9o32dax9.default\prefs.js

[OK] Die Datei ist sauber.

-\\ Google Chrome v [Version kann nicht ermittelt werden]

Datei : G:\Users\Buero\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

Datei : G:\Users\Trommi\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [3786 octets] - [08/07/2013 08:56:23]
AdwCleaner[R2].txt - [3905 octets] - [08/07/2013 08:59:30]
AdwCleaner[S1].txt - [334 octets] - [08/07/2013 08:58:58]
AdwCleaner[S2].txt - [4066 octets] - [08/07/2013 08:59:52]
AdwCleaner[S3].txt - [1628 octets] - [08/07/2013 09:03:23]

########## EOF - \AdwCleaner[S3].txt - [1688 octets] ##########

das ist alles was ich habe.

Alles Roger.


Geändert von Roger2013 (08.07.2013 um 09:17 Uhr)

Alt 08.07.2013, 18:24   #6
t'john
/// Helfer-Team
 
Polizei Trojaner GVU - Standard

Polizei Trojaner GVU



Von 3 Schritten, hast du den letzten 3 mal ausgefuehrt.

Warum hälst du dich nicht an die Anleitung und Reihenfolge?
http://www.trojaner-board.de/137561-...ml#post1102307
__________________
--> Polizei Trojaner GVU

Alt 30.09.2013, 20:05   #7
t'john
/// Helfer-Team
 
Polizei Trojaner GVU - Standard

Polizei Trojaner GVU



Fehlende Rückmeldung

Gibt es Probleme beim Abarbeiten obiger Anleitung?

Um Kapazitäten für andere Hilfesuchende freizumachen, lösche ich dieses Thema aus meinen Benachrichtigungen.

Solltest Du weitermachen wollen, schreibe mir eine PN oder eröffne ein neues Thema.
http://www.trojaner-board.de/69886-a...-beachten.html


Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner sauber ist.
__________________
Mfg, t'john
Das TB unterstützen

Antwort

Themen zu Polizei Trojaner GVU
7-zip, adobe reader xi, bundes, bundestrojaner, bundestrojaner gvu, desktop, gesperrt, install.exe, kollege, ntdll.dll, officejet, polizei, polizei trojaner, troja, trojaner, trojaner gvu



Ähnliche Themen: Polizei Trojaner GVU


  1. GVU Polizei Trojaner
    Plagegeister aller Art und deren Bekämpfung - 17.06.2013 (26)
  2. Viren eingefangen (JAVA/dldr.lamar.TP), auch Trojaner (Polizei.Trojaner) gefunden
    Log-Analyse und Auswertung - 07.05.2013 (15)
  3. Polizei-Trojaner
    Plagegeister aller Art und deren Bekämpfung - 22.04.2013 (17)
  4. Polizei-Trojaner, ist er weg?
    Plagegeister aller Art und deren Bekämpfung - 04.02.2013 (1)
  5. Polizei Trojaner
    Plagegeister aller Art und deren Bekämpfung - 23.11.2012 (13)
  6. Polizei Trojaner
    Log-Analyse und Auswertung - 24.10.2012 (8)
  7. Polizei Trojaner
    Plagegeister aller Art und deren Bekämpfung - 10.10.2012 (6)
  8. Polizei Trojaner
    Plagegeister aller Art und deren Bekämpfung - 07.10.2012 (9)
  9. Polizei-Trojaner
    Plagegeister aller Art und deren Bekämpfung - 07.10.2012 (10)
  10. Polizei Trojaner
    Log-Analyse und Auswertung - 29.09.2012 (2)
  11. Polizei Trojaner
    Plagegeister aller Art und deren Bekämpfung - 04.09.2012 (5)
  12. Polizei Trojaner
    Log-Analyse und Auswertung - 03.09.2012 (3)
  13. Polizei Trojaner
    Plagegeister aller Art und deren Bekämpfung - 23.08.2012 (13)
  14. Polizei Trojaner
    Plagegeister aller Art und deren Bekämpfung - 20.08.2012 (12)
  15. Polizei Trojaner
    Log-Analyse und Auswertung - 14.08.2012 (4)
  16. GVU/ Polizei Trojaner
    Plagegeister aller Art und deren Bekämpfung - 28.06.2012 (1)
  17. Polizei Trojaner
    Diskussionsforum - 21.11.2007 (64)

Zum Thema Polizei Trojaner GVU - Hallo Trojaner-Board, leider hat´s uns auch erwischt. Ein Polizei Bundestrojaner GVU, der Desktop vom Kollegen wurde gesperrt. An bei die ersten Logdaten Sorry, bin in Foren sehr unbeholfen. defogger_disable by - Polizei Trojaner GVU...
Archiv
Du betrachtest: Polizei Trojaner GVU auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.