Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: GVU Trojaner komplett entfernen?

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 13.07.2013, 18:21   #1
Jawa
 
GVU Trojaner komplett entfernen? - Standard

GVU Trojaner komplett entfernen?



Hallo!

Mein Betriebssystem ist: Windows 7 Home Premium Service Pack 1 (64 bits).

Ich habe mir gestern scheinbar den GVU Trojaner eingefangen, da es momentan Probleme mit dem Support von G Data gibt. Ich ließ dort Malwarebytes laufen, doch beim Neustart aktivierte sich dieser Virus. Die automatische Systemwiederherstellung von Windows konnte diesen jedoch nach einigen Anläufen entfernen. Da hier im Forum scheinbar einige identische Probleme hatten befolgte ich die Maßnahmen ohne mir vorher im Klaren gewesen zu sein, dass ich das besser lassen sollte. Ich füge die Logs an.

Mein großes Problem ist dabei, dass sobald ich ein Bild öffnen möchte immer dieselbe Botschaft dort steht. Ich habe einen Screenshot gemacht. Es gibt ebenfalls Probleme mit den Videos, den der Windows Media Player der bis dato einwandfrei funktionierte kann nun angeblich wegen einem falschen Dateiformt noch nicht einmal mehr die eigenen Beispielvideos abspielen.

Ich hoffe es gibt einen Weg meinen PC zu bereinigen ohne großen Datenverlust.
Vielen Dank.

AdwCleaner
Code:
ATTFilter
# AdwCleaner v2.305 - Datei am 13/07/2013 um 18:45:09 erstellt
# Aktualisiert am 11/07/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : GEPC - FLORIAN
# Bootmodus : Normal
# Ausgefuhrt unter : C:\Users\GEPC\Downloads\adwcleaner.exe
# Option [Loschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Geloscht : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml
Datei Geloscht : C:\Users\GEPC\AppData\Roaming\Mozilla\Firefox\Profiles\tdeajqej.default\foxydeal.sqlite
Datei Geloscht : C:\Users\GEPC\AppData\Roaming\Mozilla\Firefox\Profiles\tdeajqej.default\searchplugins\11-suche.xml
Datei Geloscht : C:\Users\GEPC\AppData\Roaming\Mozilla\Firefox\Profiles\tdeajqej.default\searchplugins\Askcom.xml
Datei Geloscht : C:\Users\GEPC\AppData\Roaming\Mozilla\Firefox\Profiles\tdeajqej.default\searchplugins\Babylon.xml
Datei Geloscht : C:\Users\GEPC\AppData\Roaming\Mozilla\Firefox\Profiles\tdeajqej.default\searchplugins\claro.xml
Datei Geloscht : C:\Users\GEPC\AppData\Roaming\Mozilla\Firefox\Profiles\tdeajqej.default\searchplugins\delta.xml
Datei Geloscht : C:\Users\GEPC\AppData\Roaming\Mozilla\Firefox\Profiles\tdeajqej.default\searchplugins\icqplugin.xml
Datei Geloscht : C:\Users\GEPC\AppData\Roaming\Mozilla\Firefox\Profiles\tdeajqej.default\searchplugins\icqplugin-1.xml
Datei Geloscht : C:\Users\GEPC\AppData\Roaming\Mozilla\Firefox\Profiles\tdeajqej.default\searchplugins\SweetIm.xml
Ordner Geloscht : C:\Program Files (x86)\ICQ6Toolbar
Ordner Geloscht : C:\Program Files (x86)\Red Sky
Ordner Geloscht : C:\Program Files (x86)\SoftwareUpdater
Ordner Geloscht : C:\Program Files (x86)\WinZip Registry Optimizer
Ordner Geloscht : C:\ProgramData\APN
Ordner Geloscht : C:\ProgramData\Ask
Ordner Geloscht : C:\ProgramData\Babylon
Ordner Geloscht : C:\ProgramData\ICQ\ICQToolbar
Ordner Geloscht : C:\ProgramData\InstallMate
Ordner Geloscht : C:\ProgramData\SoftSafe
Ordner Geloscht : C:\ProgramData\Tarma Installer
Ordner Geloscht : C:\Users\GEPC\AppData\Local\DownloadGuide
Ordner Geloscht : C:\Users\GEPC\AppData\Local\DownTango
Ordner Geloscht : C:\Users\GEPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl
Ordner Geloscht : C:\Users\GEPC\AppData\Local\PutLockerDownloader
Ordner Geloscht : C:\Users\GEPC\AppData\Local\Temp\APN
Ordner Geloscht : C:\Users\GEPC\AppData\Local\Temp\OCS
Ordner Geloscht : C:\Users\GEPC\AppData\Local\Temp\Smartbar
Ordner Geloscht : C:\Users\GEPC\AppData\Local\Wajam
Ordner Geloscht : C:\Users\GEPC\AppData\LocalLow\PriceGong
Ordner Geloscht : C:\Users\GEPC\AppData\Roaming\Babylon
Ordner Geloscht : C:\Users\GEPC\AppData\Roaming\Mozilla\Firefox\Profiles\tdeajqej.default\jetpack
Ordner Geloscht : C:\Users\GEPC\AppData\Roaming\OCS
Ordner Geloscht : C:\Users\GEPC\AppData\Roaming\SendSpace

***** [Registrierungsdatenbank] *****

Schlussel Geloscht : HKCU\Software\1ClickDownload
Schlussel Geloscht : HKCU\Software\APN PIP
Schlussel Geloscht : HKCU\Software\AppDataLow\Software\PriceGong
Schlussel Geloscht : HKCU\Software\AppDataLow\SProtector
Schlussel Geloscht : HKCU\Software\BabylonToolbar
Schlussel Geloscht : HKCU\Software\DataMngr
Schlussel Geloscht : HKCU\Software\DataMngr_Toolbar
Schlussel Geloscht : HKCU\Software\Iminent
Schlussel Geloscht : HKCU\Software\InstallCore
Schlussel Geloscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlussel Geloscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35B-6118-11DC-9C72-001320C79847}
Schlussel Geloscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35C-6118-11DC-9C72-001320C79847}
Schlussel Geloscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}
Schlussel Geloscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}
Schlussel Geloscht : HKCU\Software\OCS
Schlussel Geloscht : HKCU\Software\Softonic
Schlussel Geloscht : HKCU\Software\systweak
Schlussel Geloscht : HKCU\Software\YahooPartnerToolbar
Schlussel Geloscht : HKCU\Software\5d68a8de56db914
Schlussel Geloscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlussel Geloscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlussel Geloscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Schlussel Geloscht : HKLM\Software\Babylon
Schlussel Geloscht : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Schlussel Geloscht : HKLM\SOFTWARE\Classes\AppID\{C3110516-8EFC-49D6-8B72-69354F332062}
Schlussel Geloscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlussel Geloscht : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar
Schlussel Geloscht : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar.1
Schlussel Geloscht : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook
Schlussel Geloscht : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook.1
Schlussel Geloscht : HKLM\SOFTWARE\Classes\Toolbar3.sweetie
Schlussel Geloscht : HKLM\SOFTWARE\Classes\Toolbar3.sweetie.1
Schlussel Geloscht : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Schlussel Geloscht : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Schlussel Geloscht : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Schlussel Geloscht : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}
Schlussel Geloscht : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}
Schlussel Geloscht : HKLM\Software\DataMngr
Schlussel Geloscht : HKLM\Software\ICQ\ICQToolbar
Schlussel Geloscht : HKLM\Software\Iminent
Schlussel Geloscht : HKLM\SOFTWARE\Microsoft\Tracing\BundleSweetIMSetup_RASAPI32
Schlussel Geloscht : HKLM\SOFTWARE\Microsoft\Tracing\BundleSweetIMSetup_RASMANCS
Schlussel Geloscht : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32
Schlussel Geloscht : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS
Schlussel Geloscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Schlussel Geloscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Schlussel Geloscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASAPI32
Schlussel Geloscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASMANCS
Schlussel Geloscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASAPI32
Schlussel Geloscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASMANCS
Schlussel Geloscht : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_RASAPI32
Schlussel Geloscht : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_RASMANCS
Schlussel Geloscht : HKLM\Software\PIP
Schlussel Geloscht : HKLM\Software\SP Global
Schlussel Geloscht : HKLM\Software\SProtector
Schlussel Geloscht : HKLM\SOFTWARE\Wow6432Node\5d68a8de56db914
Schlussel Geloscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Schlussel Geloscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Schlussel Geloscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}
Schlussel Geloscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847}
Schlussel Geloscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}
Schlussel Geloscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Schlussel Geloscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Schlussel Geloscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Schlussel Geloscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Schlussel Geloscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Schlussel Geloscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Schlussel Geloscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Schlussel Geloscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Schlussel Geloscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Schlussel Geloscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Schlussel Geloscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Schlussel Geloscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Schlussel Geloscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Schlussel Geloscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Schlussel Geloscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Schlussel Geloscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Schlussel Geloscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Schlussel Geloscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Schlussel Geloscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Schlussel Geloscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Schlussel Geloscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Schlussel Geloscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Schlussel Geloscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Schlussel Geloscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Schlussel Geloscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Schlussel Geloscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Schlussel Geloscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Schlussel Geloscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Schlussel Geloscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Schlussel Geloscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Schlussel Geloscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Schlussel Geloscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Schlussel Geloscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Schlussel Geloscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Schlussel Geloscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Schlussel Geloscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Schlussel Geloscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Schlussel Geloscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Schlussel Geloscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Schlussel Geloscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Schlussel Geloscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Schlussel Geloscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Schlussel Geloscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Schlussel Geloscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Schlussel Geloscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Schlussel Geloscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Schlussel Geloscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Schlussel Geloscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Schlussel Geloscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Schlussel Geloscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\aaaaojmikegpiepcfdkkjaplodkpfmlo
Schlussel Geloscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\bbffdhejhaoiflnpooogkckfdcmmjppn
Schlussel Geloscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp
Schlussel Geloscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Schlussel Geloscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Schlussel Geloscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}
Schlussel Geloscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}
Schlussel Geloscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Freemake Video Converter_is1
Schlussel Geloscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Schlussel Geloscht : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Schlussel Geloscht : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Schlussel Geloscht : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Schlussel Geloscht : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Schlussel Geloscht : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Schlussel Geloscht : HKLM\SOFTWARE\Classes\Interface\{1231839B-064E-4788-B865-465A1B5266FD}
Schlussel Geloscht : HKLM\SOFTWARE\Classes\Interface\{16466D47-74A8-4928-B8B2-07CD79ABFC9F}
Schlussel Geloscht : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Schlussel Geloscht : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Schlussel Geloscht : HKLM\SOFTWARE\Classes\Interface\{26D5CC0A-7A46-4D86-AF45-2EFA320B0C54}
Schlussel Geloscht : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Schlussel Geloscht : HKLM\SOFTWARE\Classes\Interface\{2D13AC8F-037E-40C5-ADA6-231BA74EA2F4}
Schlussel Geloscht : HKLM\SOFTWARE\Classes\Interface\{2DAC2231-CC35-482B-97C5-CED1D4185080}
Schlussel Geloscht : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Schlussel Geloscht : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Schlussel Geloscht : HKLM\SOFTWARE\Classes\Interface\{322EDCF5-9E7D-4021-8C67-F3FFE4961A38}
Schlussel Geloscht : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Schlussel Geloscht : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Schlussel Geloscht : HKLM\SOFTWARE\Classes\Interface\{3E254398-828F-4D51-A39E-3F6B6D96A12C}
Schlussel Geloscht : HKLM\SOFTWARE\Classes\Interface\{3F1CD84C-04A3-4EA0-9EA1-7D134FD66C82}
Schlussel Geloscht : HKLM\SOFTWARE\Classes\Interface\{3F83A9CA-B5F0-44EC-9357-35BB3E84B07F}
Schlussel Geloscht : HKLM\SOFTWARE\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
Schlussel Geloscht : HKLM\SOFTWARE\Classes\Interface\{442DAF0C-7EAD-48D9-ABEA-E0036470D6D5}
Schlussel Geloscht : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Schlussel Geloscht : HKLM\SOFTWARE\Classes\Interface\{47E520EA-CAD2-4F51-8F30-613B3A1C33EB}
Schlussel Geloscht : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Schlussel Geloscht : HKLM\SOFTWARE\Classes\Interface\{57C91446-8D81-4156-A70E-624551442DE9}
Schlussel Geloscht : HKLM\SOFTWARE\Classes\Interface\{58EB187D-24F8-4423-BD6C-655CE4C416BD}
Schlussel Geloscht : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Schlussel Geloscht : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Schlussel Geloscht : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Schlussel Geloscht : HKLM\SOFTWARE\Classes\Interface\{6BEB066C-A791-4A21-B934-7783533FE888}
Schlussel Geloscht : HKLM\SOFTWARE\Classes\Interface\{70AFB7B2-9FB5-4A70-905B-0E9576142E1D}
Schlussel Geloscht : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Schlussel Geloscht : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Schlussel Geloscht : HKLM\SOFTWARE\Classes\Interface\{7AD65FD1-79E0-406D-B03C-DD7C14726D69}
Schlussel Geloscht : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Schlussel Geloscht : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Schlussel Geloscht : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Schlussel Geloscht : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Schlussel Geloscht : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Schlussel Geloscht : HKLM\SOFTWARE\Classes\Interface\{97DD820D-2E20-40AD-B01E-6730B2FCE630}
Schlussel Geloscht : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Schlussel Geloscht : HKLM\SOFTWARE\Classes\Interface\{A07612DF-B1DD-484F-A1C3-36CA4CE919D2}
Schlussel Geloscht : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Schlussel Geloscht : HKLM\SOFTWARE\Classes\Interface\{A76F97B2-2C56-456A-A29E-72741595C2E8}
Schlussel Geloscht : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Schlussel Geloscht : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Schlussel Geloscht : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Schlussel Geloscht : HKLM\SOFTWARE\Classes\Interface\{B177446D-54A4-4869-BABC-8566110B4BE0}
Schlussel Geloscht : HKLM\SOFTWARE\Classes\Interface\{B19D9D96-E59C-4936-B283-8A831CDB3A53}
Schlussel Geloscht : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Schlussel Geloscht : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Schlussel Geloscht : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Schlussel Geloscht : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Schlussel Geloscht : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Schlussel Geloscht : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Schlussel Geloscht : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Schlussel Geloscht : HKLM\SOFTWARE\Classes\Interface\{D9D1DFC5-502D-43E4-B1BB-4D0B7841489A}
Schlussel Geloscht : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Schlussel Geloscht : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Schlussel Geloscht : HKLM\SOFTWARE\Classes\Interface\{DC8AAABA-3F8B-4866-8B3A-D9368133A478}
Schlussel Geloscht : HKLM\SOFTWARE\Classes\Interface\{E0B07188-A528-4F9E-B2F7-C7FDE8680AE4}
Schlussel Geloscht : HKLM\SOFTWARE\Classes\Interface\{E15519AE-99BE-42DD-BE60-FFC3C183F443}
Schlussel Geloscht : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Schlussel Geloscht : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Schlussel Geloscht : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Schlussel Geloscht : HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Schlussel Geloscht : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Schlussel Geloscht : HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Schlussel Geloscht : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Schlussel Geloscht : HKLM\SOFTWARE\Classes\Interface\{F05B12E1-ADE8-4485-B45B-898748B53C37}
Schlussel Geloscht : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Schlussel Geloscht : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Schlussel Geloscht : HKLM\SOFTWARE\Tarma Installer
Wert Geloscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{EEE6C35B-6118-11DC-9C72-001320C79847}]

***** [Internet Browser] *****

-\\ Internet Explorer v10.0.9200.16635

Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Search Page] = hxxp://feed.snap.do/?publisher=TubeBoxYB&dpid=TubeBoxYB&co=DE&userid=85874185-a15e-4f13-a91c-7ab48e065e9e&searchtype=ds&q={searchTerms}&installDate={installDate} --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www1.delta-search.com/?affID=119776&tt=220413_d9116&babsrc=HP_ss&mntrId=60DDC86000EE6D6D --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - ICQ Search] = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Search - Default_Search_URL] = hxxp://feed.snap.do/?publisher=TubeBoxYB&dpid=TubeBoxYB&co=DE&userid=85874185-a15e-4f13-a91c-7ab48e065e9e&searchtype=ds&q={searchTerms}&installDate={installDate} --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://feed.snap.do/?publisher=TubeBoxYB&dpid=TubeBoxYB&co=DE&userid=85874185-a15e-4f13-a91c-7ab48e065e9e&searchtype=ds&q={searchTerms}&installDate={installDate} --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\SearchUrl - Default] = hxxp://feed.snap.do/?publisher=TubeBoxYB&dpid=TubeBoxYB&co=DE&userid=85874185-a15e-4f13-a91c-7ab48e065e9e&searchtype=ds&q={searchTerms}&installDate={installDate} --> hxxp://www.google.com

-\\ Mozilla Firefox v22.0 (de)

Datei : C:\Users\GEPC\AppData\Roaming\Mozilla\Firefox\Profiles\tdeajqej.default\prefs.js

C:\Users\GEPC\AppData\Roaming\Mozilla\Firefox\Profiles\tdeajqej.default\user.js ... Geloscht !

Geloscht : user_pref("aol_toolbar.default.homepage.check", false);
Geloscht : user_pref("aol_toolbar.default.search.check", false);
Geloscht : user_pref("avg.install.userHPSettings", "hxxp://www.claro-search.com/?affID=117423&tt=5212_7&babsrc=[...]
Geloscht : user_pref("avg.install.userSPSettings", "Claro Search");
Geloscht : user_pref("browser.search.order.1", "Ask.com");
Geloscht : user_pref("extensions.5173fdb565d71.scode", "(function(){try{if('aol.com,mail.google.com,premiumrepo[...]
Geloscht : user_pref("extensions.BabylonToolbar.prtkDS", 0);
Geloscht : user_pref("extensions.BabylonToolbar.prtkHmpg", 0);
Geloscht : user_pref("extensions.BabylonToolbar_i.newTab", true);
Geloscht : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://www.claro-search.com/?affID=117423&tt=521[...]
Geloscht : user_pref("extensions.claro.admin", false);
Geloscht : user_pref("extensions.claro.aflt", "babsst");
Geloscht : user_pref("extensions.claro.appId", "{C3110516-8EFC-49D6-8B72-69354F332062}");
Geloscht : user_pref("extensions.claro.autoRvrt", "false");
Geloscht : user_pref("extensions.claro.dfltLng", "en");
Geloscht : user_pref("extensions.claro.excTlbr", false);
Geloscht : user_pref("extensions.claro.id", "60ddaaee000000000000c86000ee6d6d");
Geloscht : user_pref("extensions.claro.instlDay", "15705");
Geloscht : user_pref("extensions.claro.instlRef", "sst");
Geloscht : user_pref("extensions.claro.prdct", "claro");
Geloscht : user_pref("extensions.claro.prtnrId", "claro");
Geloscht : user_pref("extensions.claro.rvrt", "false");
Geloscht : user_pref("extensions.claro.tlbrId", "base");
Geloscht : user_pref("extensions.claro.tlbrSrchUrl", "");
Geloscht : user_pref("extensions.claro.vrsn", "1.8.8.5");
Geloscht : user_pref("extensions.claro.vrsni", "1.8.8.5");
Geloscht : user_pref("extensions.claro_i.excTlbr", false);
Geloscht : user_pref("extensions.claro_i.newTab", false);
Geloscht : user_pref("extensions.claro_i.smplGrp", "none");
Geloscht : user_pref("extensions.claro_i.vrsnTs", "1.8.8.51:46:32");
Geloscht : user_pref("extensions.delta.admin", false);
Geloscht : user_pref("extensions.delta.aflt", "babsst");
Geloscht : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
Geloscht : user_pref("extensions.delta.autoRvrt", "false");
Geloscht : user_pref("extensions.delta.dfltLng", "en");
Geloscht : user_pref("extensions.delta.excTlbr", false);
Geloscht : user_pref("extensions.delta.ffxUnstlRst", true);
Geloscht : user_pref("extensions.delta.id", "60ddaaee000000000000c86000ee6d6d");
Geloscht : user_pref("extensions.delta.instlDay", "15817");
Geloscht : user_pref("extensions.delta.instlRef", "sst");
Geloscht : user_pref("extensions.delta.newTab", false);
Geloscht : user_pref("extensions.delta.prdct", "delta");
Geloscht : user_pref("extensions.delta.prtnrId", "delta");
Geloscht : user_pref("extensions.delta.rvrt", "false");
Geloscht : user_pref("extensions.delta.smplGrp", "none");
Geloscht : user_pref("extensions.delta.tlbrId", "base");
Geloscht : user_pref("extensions.delta.tlbrSrchUrl", "");
Geloscht : user_pref("extensions.delta.vrsn", "1.8.16.16");
Geloscht : user_pref("extensions.delta.vrsnTs", "1.8.16.1621:17:29");
Geloscht : user_pref("extensions.delta.vrsni", "1.8.16.16");
Geloscht : user_pref("icqtoolbar.allowSendURL", false);
Geloscht : user_pref("icqtoolbar.engineVerified", false);
Geloscht : user_pref("icqtoolbar.facebookSmilesAddonShowedPopup", true);
Geloscht : user_pref("icqtoolbar.firstTbRun", false);
Geloscht : user_pref("icqtoolbar.geolastmodified", 1344531876);
Geloscht : user_pref("icqtoolbar.hiddenElements", "itb_options itb_people itb_zoom_in itb_zoom_out itb_zoom_def[...]
Geloscht : user_pref("icqtoolbar.history", "google-d");
Geloscht : user_pref("icqtoolbar.icqgeo", 49);
Geloscht : user_pref("icqtoolbar.installTime", "1344531876");
Geloscht : user_pref("icqtoolbar.newtab_most_visited_state", "1");
Geloscht : user_pref("icqtoolbar.newtab_recently_closed_state", "1");
Geloscht : user_pref("icqtoolbar.numberOfSearches", 0);
Geloscht : user_pref("icqtoolbar.previousFFVersion", "14.0.1");
Geloscht : user_pref("icqtoolbar.showPc", false);
Geloscht : user_pref("icqtoolbar.skip_default_search", "no");
Geloscht : user_pref("icqtoolbar.suggestions", false);
Geloscht : user_pref("icqtoolbar.uninstStatSent", true);
Geloscht : user_pref("icqtoolbar.uniqueID", "134451518913445154291344531876772");
Geloscht : user_pref("icqtoolbar.usageStatstTimestamp", 1344531878);
Geloscht : user_pref("icqtoolbar.xmlEnableSuggestions", false);
Geloscht : user_pref("icqtoolbar.xmlLanguage", "de");
Geloscht : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "");
Geloscht : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");
Geloscht : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "");
Geloscht : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "");
Geloscht : user_pref("sweetim.toolbar.searchguard.enable", "");

-\\ Google Chrome v [Version kann nicht ermittelt werden]

Datei : C:\Users\GEPC\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[S1].txt - [27957 octets] - [13/07/2013 18:45:09]

########## EOF - C:\AdwCleaner[S1].txt - [28018 octets] ##########
         
Eset:
Code:
ATTFilter
C:\Documents and Settings\All Users\Application Data\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setupx.dll	a variant of Win32/Adware.Yontoo.B application	
C:\Documents and Settings\All Users\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setupx.dll	a variant of Win32/Adware.Yontoo.B application	
C:\Documents and Settings\GEPC\AppData\Local\Anwendungsdaten\Temporary Internet Files\Content.IE5\JRM4JVR4\yontoosetup[1].exe	multiple threats	
C:\Documents and Settings\GEPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\plnjboioidallfpohbmpbjhipjnlginf\1\5173fdb565c156.63885085.js	Win32/Adware.MultiPlug.H application	
C:\Documents and Settings\GEPC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JRM4JVR4\yontoosetup[1].exe	multiple threats	
C:\Documents and Settings\GEPC\AppData\Local\Temp\NyQp+g6T.exe.part	a variant of Win32/Adware.iBryte.H application	
C:\Documents and Settings\GEPC\AppData\Local\Temporary Internet Files\Content.IE5\JRM4JVR4\yontoosetup[1].exe	multiple threats	
C:\Documents and Settings\GEPC\Lokale Einstellungen\Google\Chrome\User Data\Default\Extensions\plnjboioidallfpohbmpbjhipjnlginf\1\5173fdb565c156.63885085.js	Win32/Adware.MultiPlug.H application	
C:\Documents and Settings\GEPC\Lokale Einstellungen\Microsoft\Windows\Temporary Internet Files\Content.IE5\JRM4JVR4\yontoosetup[1].exe	multiple threats	
C:\Documents and Settings\GEPC\Lokale Einstellungen\Temp\NyQp+g6T.exe.part	a variant of Win32/Adware.iBryte.H application	
C:\Documents and Settings\GEPC\Lokale Einstellungen\Temporary Internet Files\Content.IE5\JRM4JVR4\yontoosetup[1].exe	multiple threats	
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setupx.dll	a variant of Win32/Adware.Yontoo.B application	
C:\Dokumente und Einstellungen\All Users\Application Data\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setupx.dll	a variant of Win32/Adware.Yontoo.B application	
C:\Dokumente und Einstellungen\All Users\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setupx.dll	a variant of Win32/Adware.Yontoo.B application	
C:\Dokumente und Einstellungen\GEPC\AppData\Local\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\plnjboioidallfpohbmpbjhipjnlginf\1\5173fdb565c156.63885085.js	Win32/Adware.MultiPlug.H application	
C:\Dokumente und Einstellungen\GEPC\AppData\Local\Anwendungsdaten\Microsoft\Windows\Temporary Internet Files\Content.IE5\JRM4JVR4\yontoosetup[1].exe	multiple threats	
C:\Dokumente und Einstellungen\GEPC\AppData\Local\Anwendungsdaten\Temp\NyQp+g6T.exe.part	a variant of Win32/Adware.iBryte.H application	
C:\Dokumente und Einstellungen\GEPC\AppData\Local\Anwendungsdaten\Temporary Internet Files\Content.IE5\JRM4JVR4\yontoosetup[1].exe	multiple threats	
C:\Dokumente und Einstellungen\GEPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\plnjboioidallfpohbmpbjhipjnlginf\1\5173fdb565c156.63885085.js	Win32/Adware.MultiPlug.H application	
C:\Dokumente und Einstellungen\GEPC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JRM4JVR4\yontoosetup[1].exe	multiple threats	
C:\Dokumente und Einstellungen\GEPC\AppData\Local\Temp\NyQp+g6T.exe.part	a variant of Win32/Adware.iBryte.H application	
C:\Dokumente und Einstellungen\GEPC\AppData\Local\Temporary Internet Files\Content.IE5\JRM4JVR4\yontoosetup[1].exe	multiple threats	
C:\Dokumente und Einstellungen\GEPC\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18\42074392-6310633e	Java/Exploit.Agent.OSM trojan	
C:\Dokumente und Einstellungen\GEPC\Desktop\Minecraft Zeugs\Player API universal\MC 1.5.1 - Player API universal 1.5.zip	Win32/Filecoder.BH.Gen trojan	
C:\Dokumente und Einstellungen\GEPC\Desktop\Minecraft Zeugs\Render Player API\MC 1.5.1 - Render Player API 1.0.zip	Win32/Filecoder.BH.Gen trojan	
C:\Dokumente und Einstellungen\GEPC\Desktop\MultiMC\instances\Aether\instMods\MC 1.5.1 - Player API universal 1.5.zip	Win32/Filecoder.BH.Gen trojan	
C:\Dokumente und Einstellungen\GEPC\Desktop\MultiMC\instances\Aether\instMods\MC 1.5.1 - Render Player API 1.0.zip	Win32/Filecoder.BH.Gen trojan	
C:\Dokumente und Einstellungen\GEPC\Desktop\MultiMC\instances\Aether\instMods\minecraftforge-universal-1.5.1-7.7.2.682.zip	Win32/Filecoder.BH.Gen trojan	
C:\Dokumente und Einstellungen\GEPC\Desktop\MultiMC\instances\Aether\minecraft\lib\deobfuscation_data_1.5.1.zip	Win32/Filecoder.BH.Gen trojan	
C:\Dokumente und Einstellungen\GEPC\Lokale Einstellungen\Google\Chrome\User Data\Default\Extensions\plnjboioidallfpohbmpbjhipjnlginf\1\5173fdb565c156.63885085.js	Win32/Adware.MultiPlug.H application	
C:\Dokumente und Einstellungen\GEPC\Lokale Einstellungen\Microsoft\Windows\Temporary Internet Files\Content.IE5\JRM4JVR4\yontoosetup[1].exe	multiple threats	
C:\Dokumente und Einstellungen\GEPC\Lokale Einstellungen\Temp\NyQp+g6T.exe.part	a variant of Win32/Adware.iBryte.H application	
C:\Dokumente und Einstellungen\GEPC\Lokale Einstellungen\Temporary Internet Files\Content.IE5\JRM4JVR4\yontoosetup[1].exe	multiple threats	
C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setupx.dll	a variant of Win32/Adware.Yontoo.B application	
C:\Users\All Users\Anwendungsdaten\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setupx.dll	a variant of Win32/Adware.Yontoo.B application	
C:\Users\All Users\Application Data\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setupx.dll	a variant of Win32/Adware.Yontoo.B application	
C:\Users\All Users\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setupx.dll	a variant of Win32/Adware.Yontoo.B application	
C:\Users\GEPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\plnjboioidallfpohbmpbjhipjnlginf\1\5173fdb565c156.63885085.js	Win32/Adware.MultiPlug.H application	
C:\Users\GEPC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JRM4JVR4\yontoosetup[1].exe	multiple threats	
C:\Users\GEPC\AppData\Local\Temp\NyQp+g6T.exe.part	a variant of Win32/Adware.iBryte.H application	
C:\Users\GEPC\AppData\Local\Temporary Internet Files\Content.IE5\JRM4JVR4\yontoosetup[1].exe	multiple threats	
C:\Users\GEPC\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18\42074392-6310633e	Java/Exploit.Agent.OSM trojan	
C:\Users\GEPC\Desktop\Minecraft Zeugs\Player API universal\MC 1.5.1 - Player API universal 1.5.zip	Win32/Filecoder.BH.Gen trojan	
C:\Users\GEPC\Desktop\Minecraft Zeugs\Render Player API\MC 1.5.1 - Render Player API 1.0.zip	Win32/Filecoder.BH.Gen trojan	
C:\Users\GEPC\Desktop\MultiMC\instances\Aether\instMods\MC 1.5.1 - Player API universal 1.5.zip	Win32/Filecoder.BH.Gen trojan	
C:\Users\GEPC\Desktop\MultiMC\instances\Aether\instMods\MC 1.5.1 - Render Player API 1.0.zip	Win32/Filecoder.BH.Gen trojan	
C:\Users\GEPC\Desktop\MultiMC\instances\Aether\instMods\minecraftforge-universal-1.5.1-7.7.2.682.zip	Win32/Filecoder.BH.Gen trojan	
C:\Users\GEPC\Desktop\MultiMC\instances\Aether\minecraft\lib\deobfuscation_data_1.5.1.zip	Win32/Filecoder.BH.Gen trojan	
C:\Users\GEPC\Lokale Einstellungen\Google\Chrome\User Data\Default\Extensions\plnjboioidallfpohbmpbjhipjnlginf\1\5173fdb565c156.63885085.js	Win32/Adware.MultiPlug.H application	
C:\Users\GEPC\Lokale Einstellungen\Microsoft\Windows\Temporary Internet Files\Content.IE5\JRM4JVR4\yontoosetup[1].exe	multiple threats	
C:\Users\GEPC\Lokale Einstellungen\Temp\NyQp+g6T.exe.part	a variant of Win32/Adware.iBryte.H application	
C:\Users\GEPC\Lokale Einstellungen\Temporary Internet Files\Content.IE5\JRM4JVR4\yontoosetup[1].exe	multiple threats	
D:\ICQ 7.7\ICQ7M\packages\zlango7\content\data\sv-se.zip	Win32/Filecoder.BH.Gen trojan	
D:\ICQ 7.7\ICQ7M\packages\zlango7\content\data\tr-tr.zip	Win32/Filecoder.BH.Gen trojan	
D:\ICQ 7.7\ICQ7M\packages\zlango7\content\data\ua-ua.zip	Win32/Filecoder.BH.Gen trojan	
D:\ICQ 7.7\ICQ7M\packages\zlango7\theme\images_max.zip	Win32/Filecoder.BH.Gen trojan	
D:\ICQ 7.7\ICQ7M\packages\zlango7\theme\zlango_xtra_img\categories.zip	Win32/Filecoder.BH.Gen trojan	
D:\ICQ 7.7\ICQ7M\packages\zlango7\theme\zlango_xtra_img\day.zip	Win32/Filecoder.BH.Gen trojan	
D:\ICQ 7.7\ICQ7M\packages\zlango7\theme\zlango_xtra_img\describe.zip	Win32/Filecoder.BH.Gen trojan	
D:\ICQ 7.7\ICQ7M\packages\zlango7\theme\zlango_xtra_img\do.zip	Win32/Filecoder.BH.Gen trojan	
D:\ICQ 7.7\ICQ7M\packages\zlango7\theme\zlango_xtra_img\do2.zip	Win32/Filecoder.BH.Gen trojan	
D:\ICQ 7.7\ICQ7M\packages\zlango7\theme\zlango_xtra_img\etc.zip	Win32/Filecoder.BH.Gen trojan	
D:\ICQ 7.7\ICQ7M\packages\zlango7\theme\zlango_xtra_img\etc2.zip	Win32/Filecoder.BH.Gen trojan	
D:\ICQ 7.7\ICQ7M\packages\zlango7\theme\zlango_xtra_img\feel.zip	Win32/Filecoder.BH.Gen trojan	
D:\ICQ 7.7\ICQ7M\packages\zlango7\theme\zlango_xtra_img\feel2.zip	Win32/Filecoder.BH.Gen trojan	
D:\ICQ 7.7\ICQ7M\packages\zlango7\theme\zlango_xtra_img\if+buts.zip	Win32/Filecoder.BH.Gen trojan	
D:\ICQ 7.7\ICQ7M\packages\zlango7\theme\zlango_xtra_img\if+buts2.zip	Win32/Filecoder.BH.Gen trojan	
D:\ICQ 7.7\ICQ7M\packages\zlango7\theme\zlango_xtra_img\nature.zip	Win32/Filecoder.BH.Gen trojan	
D:\ICQ 7.7\ICQ7M\packages\zlango7\theme\zlango_xtra_img\new_.zip	Win32/Filecoder.BH.Gen trojan	
D:\ICQ 7.7\ICQ7M\packages\zlango7\theme\zlango_xtra_img\where.zip	Win32/Filecoder.BH.Gen trojan	
D:\ICQ 7.7\ICQ7M\packages\zlango7\theme\zlango_xtra_img\who.zip	Win32/Filecoder.BH.Gen trojan	
D:\ICQ 7.7\ICQ7M\Xtraz\icq\content\phone_login\content.zip	Win32/Filecoder.BH.Gen trojan	
D:\ICQ 7.7\ICQ7M\Xtraz\icq\content\profile_lightboxs\lightbox_data_1.zip	Win32/Filecoder.BH.Gen trojan	
D:\ICQ 7.7\ICQ7M\Xtraz\icq\content\random_service\random_service5_max.zip	Win32/Filecoder.BH.Gen trojan	
D:\ICQ 7.7\ICQ7M\Xtraz\icq\theme\announcement\mobile.zip	Win32/Filecoder.BH.Gen trojan	
D:\ICQ 7.7\ICQ7M\Xtraz\icq\theme\avatar\avatar1.zip	Win32/Filecoder.BH.Gen trojan	
D:\ICQ 7.7\ICQ7M\Xtraz\icq\theme\babylon_feed\flower.zip	Win32/Filecoder.BH.Gen trojan	
D:\ICQ 7.7\ICQ7M\Xtraz\icq\theme\coreg\flower.zip	Win32/Filecoder.BH.Gen trojan	
D:\ICQ 7.7\ICQ7M\Xtraz\icq\theme\email_notifier_login\notifier_icons.zip	Win32/Filecoder.BH.Gen trojan	
D:\ICQ 7.7\ICQ7M\Xtraz\icq\theme\email_notifier_service\images.zip	Win32/Filecoder.BH.Gen trojan	
D:\ICQ 7.7\ICQ7M\Xtraz\icq\theme\facebook_connect\facebook.zip	Win32/Filecoder.BH.Gen trojan	
D:\ICQ 7.7\ICQ7M\Xtraz\icq\theme\fb_login\fb_login.zip	Win32/Filecoder.BH.Gen trojan	
D:\ICQ 7.7\ICQ7M\Xtraz\icq\theme\ftue\ftue.zip	Win32/Filecoder.BH.Gen trojan	
D:\ICQ 7.7\ICQ7M\Xtraz\icq\theme\ftue\images.zip	Win32/Filecoder.BH.Gen trojan	
D:\ICQ 7.7\ICQ7M\Xtraz\icq\theme\game_center\games_center.zip	Win32/Filecoder.BH.Gen trojan	
D:\ICQ 7.7\ICQ7M\Xtraz\icq\theme\icq5_notification\flower.zip	Win32/Filecoder.BH.Gen trojan	
D:\ICQ 7.7\ICQ7M\Xtraz\icq\theme\icq_email_notifier_ex\flower.zip	Win32/Filecoder.BH.Gen trojan	
D:\ICQ 7.7\ICQ7M\Xtraz\icq\theme\icq_email_notifier_ex\images.zip	Win32/Filecoder.BH.Gen trojan	
D:\ICQ 7.7\ICQ7M\Xtraz\icq\theme\icq_ls_me\avatars.zip	Win32/Filecoder.BH.Gen trojan	
D:\ICQ 7.7\ICQ7M\Xtraz\icq\theme\icq_ls_me\flower.zip	Win32/Filecoder.BH.Gen trojan	
D:\ICQ 7.7\ICQ7M\Xtraz\icq\theme\icq_ls_me\theme.zip	Win32/Filecoder.BH.Gen trojan	
D:\ICQ 7.7\ICQ7M\Xtraz\icq\theme\icq_profile\icq7_flower.zip	Win32/Filecoder.BH.Gen trojan	
D:\ICQ 7.7\ICQ7M\Xtraz\icq\theme\icq_profile\theme.zip	Win32/Filecoder.BH.Gen trojan	
D:\ICQ 7.7\ICQ7M\Xtraz\icq\theme\icq_sounds\sounds.zip	Win32/Filecoder.BH.Gen trojan	
D:\ICQ 7.7\ICQ7M\Xtraz\icq\theme\icq_welcome\zones.zip	Win32/Filecoder.BH.Gen trojan	
D:\ICQ 7.7\ICQ7M\Xtraz\icq\theme\import_contacts\icq7_flower.zip	Win32/Filecoder.BH.Gen trojan	
D:\ICQ 7.7\ICQ7M\Xtraz\icq\theme\ls_tab\avatars.zip	Win32/Filecoder.BH.Gen trojan	
D:\ICQ 7.7\ICQ7M\Xtraz\icq\theme\ls_tab\flower.zip	Win32/Filecoder.BH.Gen trojan	
D:\ICQ 7.7\ICQ7M\Xtraz\icq\theme\ls_tab\theme.zip	Win32/Filecoder.BH.Gen trojan	
D:\ICQ 7.7\ICQ7M\Xtraz\icq\theme\mini_game_center\images.zip	Win32/Filecoder.BH.Gen trojan	
D:\ICQ 7.7\ICQ7M\Xtraz\icq\theme\mini_game_center\mini_game_center.zip	Win32/Filecoder.BH.Gen trojan	
D:\ICQ 7.7\ICQ7M\Xtraz\icq\theme\odd_cast_vhost\oddcast1.zip	Win32/Filecoder.BH.Gen trojan	
D:\ICQ 7.7\ICQ7M\Xtraz\icq\theme\p7_billing\p7_billing.zip	Win32/Filecoder.BH.Gen trojan	
D:\ICQ 7.7\ICQ7M\Xtraz\icq\theme\phone_login\phone_login_icon.zip	Win32/Filecoder.BH.Gen trojan	
D:\ICQ 7.7\ICQ7M\Xtraz\icq\theme\phone_login\phone_login_images.zip	Win32/Filecoder.BH.Gen trojan	
D:\ICQ 7.7\ICQ7M\Xtraz\icq\theme\profile_forms\icq7_flower.zip	Win32/Filecoder.BH.Gen trojan	
D:\ICQ 7.7\ICQ7M\Xtraz\icq\theme\profile_forms\theme.zip	Win32/Filecoder.BH.Gen trojan	
D:\ICQ 7.7\ICQ7M\Xtraz\icq\theme\profile_lightboxs\icq_profile_lightbox.zip	Win32/Filecoder.BH.Gen trojan	
D:\ICQ 7.7\ICQ7M\Xtraz\icq\theme\profile_lightboxs\theme.zip	Win32/Filecoder.BH.Gen trojan	
D:\ICQ 7.7\ICQ7M\Xtraz\icq\theme\pumk\images.zip	Win32/Filecoder.BH.Gen trojan	
D:\ICQ 7.7\ICQ7M\Xtraz\icq\theme\pumk\pumk.zip	Win32/Filecoder.BH.Gen trojan	
D:\ICQ 7.7\ICQ7M\Xtraz\icq\theme\rps\rps.zip	Win32/Filecoder.BH.Gen trojan	
D:\ICQ 7.7\ICQ7M\Xtraz\icq\theme\slide-a-lama\slide-a-lama.zip	Win32/Filecoder.BH.Gen trojan	
D:\ICQ 7.7\ICQ7M\Xtraz\icq\theme\sparkbee\PartyLands.zip	Win32/Filecoder.BH.Gen trojan	
D:\ICQ 7.7\ICQ7M\Xtraz\icq\theme\url_opener\icq7_flower.zip	Win32/Filecoder.BH.Gen trojan	
D:\ICQ 7.7\ICQ7M\Xtraz\icq\theme\warsheep\warsheep.zip	Win32/Filecoder.BH.Gen trojan	
D:\ICQ 7.7\ICQ7M\Xtraz\icq\theme\xmpp_login\xmpp_login.zip	Win32/Filecoder.BH.Gen trojan	
D:\ICQ 7.7\ICQ7M\Xtraz\icq\theme\xmpp_login_odk\xmpp_login.zip	Win32/Filecoder.BH.Gen trojan	
D:\ICQ 7.7\ICQ7M\Xtraz\icq\theme\xmpp_login_vk\xmpp_login.zip	Win32/Filecoder.BH.Gen trojan	
D:\ICQ 7.7\ICQ7M\Xtraz\icq\theme\zoopaloola\zoopaloola.zip	Win32/Filecoder.BH.Gen trojan	
D:\ICQ 7.7\ICQ7M\Xtraz\zlango7\content\zlango_popup_xtra\bg-bg.zip	Win32/Filecoder.BH.Gen trojan	
D:\ICQ 7.7\ICQ7M\Xtraz\zlango7\content\zlango_popup_xtra\content_max.zip	Win32/Filecoder.BH.Gen trojan	
D:\ICQ 7.7\ICQ7M\Xtraz\zlango7\content\zlango_popup_xtra\cs-cz.zip	Win32/Filecoder.BH.Gen trojan	
D:\ICQ 7.7\ICQ7M\Xtraz\zlango7\content\zlango_popup_xtra\de-at.zip	Win32/Filecoder.BH.Gen trojan	
D:\ICQ 7.7\ICQ7M\Xtraz\zlango7\content\zlango_popup_xtra\de-de.zip	Win32/Filecoder.BH.Gen trojan	
D:\ICQ 7.7\ICQ7M\Xtraz\zlango7\content\zlango_popup_xtra\en-us.zip	Win32/Filecoder.BH.Gen trojan	
D:\ICQ 7.7\ICQ7M\Xtraz\zlango7\content\zlango_popup_xtra\es-es.zip	Win32/Filecoder.BH.Gen trojan	
D:\ICQ 7.7\ICQ7M\Xtraz\zlango7\content\zlango_popup_xtra\fr-fr.zip	Win32/Filecoder.BH.Gen trojan	
D:\ICQ 7.7\ICQ7M\Xtraz\zlango7\content\zlango_popup_xtra\he-il.zip	Win32/Filecoder.BH.Gen trojan	
D:\ICQ 7.7\ICQ7M\Xtraz\zlango7\content\zlango_popup_xtra\it-it.zip	Win32/Filecoder.BH.Gen trojan	
D:\ICQ 7.7\ICQ7M\Xtraz\zlango7\content\zlango_popup_xtra\pt-br.zip	Win32/Filecoder.BH.Gen trojan	
D:\ICQ 7.7\ICQ7M\Xtraz\zlango7\content\zlango_popup_xtra\ru-ru.zip	Win32/Filecoder.BH.Gen trojan	
D:\ICQ 7.7\ICQ7M\Xtraz\zlango7\content\zlango_popup_xtra\ru-ua.zip	Win32/Filecoder.BH.Gen trojan	
D:\ICQ 7.7\ICQ7M\Xtraz\zlango7\content\zlango_popup_xtra\sk-sk.zip	Win32/Filecoder.BH.Gen trojan	
D:\ICQ 7.7\ICQ7M\Xtraz\zlango7\content\zlango_popup_xtra\sv-se.zip	Win32/Filecoder.BH.Gen trojan	
D:\ICQ 7.7\ICQ7M\Xtraz\zlango7\content\zlango_popup_xtra\tr-tr.zip	Win32/Filecoder.BH.Gen trojan	
D:\ICQ 7.7\ICQ7M\Xtraz\zlango7\content\zlango_popup_xtra\ua-ua.zip	Win32/Filecoder.BH.Gen trojan	
D:\ICQ 7.7\ICQ7M\Xtraz\zlango7\theme\zlango_popup_xtra\categories.zip	Win32/Filecoder.BH.Gen trojan	
D:\ICQ 7.7\ICQ7M\Xtraz\zlango7\theme\zlango_popup_xtra\day.zip	Win32/Filecoder.BH.Gen trojan	
D:\ICQ 7.7\ICQ7M\Xtraz\zlango7\theme\zlango_popup_xtra\describe.zip	Win32/Filecoder.BH.Gen trojan	
D:\ICQ 7.7\ICQ7M\Xtraz\zlango7\theme\zlango_popup_xtra\do.zip	Win32/Filecoder.BH.Gen trojan	
D:\ICQ 7.7\ICQ7M\Xtraz\zlango7\theme\zlango_popup_xtra\do2.zip	Win32/Filecoder.BH.Gen trojan	
D:\ICQ 7.7\ICQ7M\Xtraz\zlango7\theme\zlango_popup_xtra\etc.zip	Win32/Filecoder.BH.Gen trojan	
D:\ICQ 7.7\ICQ7M\Xtraz\zlango7\theme\zlango_popup_xtra\etc2.zip	Win32/Filecoder.BH.Gen trojan	
D:\ICQ 7.7\ICQ7M\Xtraz\zlango7\theme\zlango_popup_xtra\feel.zip	Win32/Filecoder.BH.Gen trojan	
D:\ICQ 7.7\ICQ7M\Xtraz\zlango7\theme\zlango_popup_xtra\feel2.zip	Win32/Filecoder.BH.Gen trojan	
D:\ICQ 7.7\ICQ7M\Xtraz\zlango7\theme\zlango_popup_xtra\if_buts.zip	Win32/Filecoder.BH.Gen trojan	
D:\ICQ 7.7\ICQ7M\Xtraz\zlango7\theme\zlango_popup_xtra\if_buts2.zip	Win32/Filecoder.BH.Gen trojan	
D:\ICQ 7.7\ICQ7M\Xtraz\zlango7\theme\zlango_popup_xtra\images.zip	Win32/Filecoder.BH.Gen trojan	
D:\ICQ 7.7\ICQ7M\Xtraz\zlango7\theme\zlango_popup_xtra\nature.zip	Win32/Filecoder.BH.Gen trojan	
D:\ICQ 7.7\ICQ7M\Xtraz\zlango7\theme\zlango_popup_xtra\where.zip	Win32/Filecoder.BH.Gen trojan	
D:\ICQ 7.7\ICQ7M\Xtraz\zlango7\theme\zlango_popup_xtra\who.zip	Win32/Filecoder.BH.Gen trojan	
D:\ICQ 7.7\ICQ7M\Xtraz\zlango7\theme\zlango_popup_xtra\zlango1.zip	Win32/Filecoder.BH.Gen trojan	
D:\JadMod Pokemon\gba_bios.zip	Win32/Filecoder.BH.Gen trojan	
D:\JadMod Pokemon\vba_deu_1.7.zip	Win32/Filecoder.BH.Gen trojan	
D:\JadMod Pokemon\VisualBoyAdvance-1.7.2.zip	Win32/Filecoder.BH.Gen trojan	
D:\JadMod Pokemon\neuer Ordner thehe\vbalink173.zip	Win32/Filecoder.BH.Gen trojan	
D:\Pokemon Smaragd\Pokemon - Smaragd-Edition.zip	Win32/Filecoder.BH.Gen trojan	
D:\Pokemon Smaragd\Pokemon Smaragd (D).zip	Win32/Filecoder.BH.Gen trojan	
D:\SlM 3.3\Morrigan\source\Slave-Morrigan\source.zip	Win32/Filecoder.BH.Gen trojan	
C:\Documents and Settings\All Users\Anwendungsdaten\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setupx.dll	a variant of Win32/Adware.Yontoo.B application	cleaned by deleting - quarantined
C:\Documents and Settings\GEPC\AppData\Local\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\plnjboioidallfpohbmpbjhipjnlginf\1\5173fdb565c156.63885085.js	Win32/Adware.MultiPlug.H application	cleaned by deleting - quarantined
C:\Documents and Settings\GEPC\AppData\Local\Anwendungsdaten\Microsoft\Windows\Temporary Internet Files\Content.IE5\JRM4JVR4\yontoosetup[1].exe	multiple threats	cleaned by deleting - quarantined
C:\Documents and Settings\GEPC\AppData\Local\Anwendungsdaten\Temp\NyQp+g6T.exe.part	a variant of Win32/Adware.iBryte.H application	cleaned by deleting - quarantined
C:\Documents and Settings\GEPC\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18\42074392-6310633e	Java/Exploit.Agent.OSM trojan	cleaned by deleting - quarantined
C:\Documents and Settings\GEPC\Desktop\MultiMC\instances\Aether\instMods\minecraftforge-universal-1.5.1-7.7.2.682.zip	Win32/Filecoder.BH.Gen trojan	cleaned by deleting - quarantined
C:\$Recycle.Bin\S-1-5-21-312593407-3926772087-1577777048-1000\$IMKESBC.zip	Win32/Filecoder.BH.Gen trojan	deleted - quarantined
C:\$Recycle.Bin\S-1-5-21-312593407-3926772087-1577777048-1000\$RB3MBRH.rar	Win32/Filecoder.BH.Gen trojan	deleted - quarantined
C:\$Recycle.Bin\S-1-5-21-312593407-3926772087-1577777048-1000\$ROYQPG2.rar	Win32/Filecoder.BH.Gen trojan	deleted - quarantined
C:\Documents and Settings\GEPC\Desktop\Minecraft Zeugs\Player API universal\MC 1.5.1 - Player API universal 1.5.zip	Win32/Filecoder.BH.Gen trojan	deleted - quarantined
C:\Documents and Settings\GEPC\Desktop\Minecraft Zeugs\Render Player API\MC 1.5.1 - Render Player API 1.0.zip	Win32/Filecoder.BH.Gen trojan	deleted - quarantined
C:\Documents and Settings\GEPC\Desktop\MultiMC\instances\Aether\instMods\MC 1.5.1 - Player API universal 1.5.zip	Win32/Filecoder.BH.Gen trojan	deleted - quarantined
C:\Documents and Settings\GEPC\Desktop\MultiMC\instances\Aether\instMods\MC 1.5.1 - Render Player API 1.0.zip	Win32/Filecoder.BH.Gen trojan	deleted - quarantined
C:\Documents and Settings\GEPC\Desktop\MultiMC\instances\Aether\minecraft\lib\deobfuscation_data_1.5.1.zip	Win32/Filecoder.BH.Gen trojan	deleted - quarantined
D:\ICQ 7.7\ICQ7M\packages\zlango7\content\content_max.zip	Win32/Filecoder.BH.Gen trojan	deleted - quarantined
D:\ICQ 7.7\ICQ7M\packages\zlango7\content\data\bg-bg.zip	Win32/Filecoder.BH.Gen trojan	deleted - quarantined
D:\ICQ 7.7\ICQ7M\packages\zlango7\content\data\cs-cz.zip	Win32/Filecoder.BH.Gen trojan	deleted - quarantined
D:\ICQ 7.7\ICQ7M\packages\zlango7\content\data\de-at.zip	Win32/Filecoder.BH.Gen trojan	deleted - quarantined
D:\ICQ 7.7\ICQ7M\packages\zlango7\content\data\de-de.zip	Win32/Filecoder.BH.Gen trojan	deleted - quarantined
D:\ICQ 7.7\ICQ7M\packages\zlango7\content\data\en-us.zip	Win32/Filecoder.BH.Gen trojan	deleted - quarantined
D:\ICQ 7.7\ICQ7M\packages\zlango7\content\data\es-es.zip	Win32/Filecoder.BH.Gen trojan	deleted - quarantined
D:\ICQ 7.7\ICQ7M\packages\zlango7\content\data\fr-fr.zip	Win32/Filecoder.BH.Gen trojan	deleted - quarantined
D:\ICQ 7.7\ICQ7M\packages\zlango7\content\data\he-il.zip	Win32/Filecoder.BH.Gen trojan	deleted - quarantined
D:\ICQ 7.7\ICQ7M\packages\zlango7\content\data\it-it.zip	Win32/Filecoder.BH.Gen trojan	deleted - quarantined
D:\ICQ 7.7\ICQ7M\packages\zlango7\content\data\pt-br.zip	Win32/Filecoder.BH.Gen trojan	deleted - quarantined
D:\ICQ 7.7\ICQ7M\packages\zlango7\content\data\ru-ru.zip	Win32/Filecoder.BH.Gen trojan	deleted - quarantined
D:\ICQ 7.7\ICQ7M\packages\zlango7\content\data\ru-ua.zip	Win32/Filecoder.BH.Gen trojan	deleted - quarantined
D:\ICQ 7.7\ICQ7M\packages\zlango7\content\data\sk-sk.zip	Win32/Filecoder.BH.Gen trojan	deleted - quarantined
         
Malwarebytes vor Ausbruch des Virus:
Code:
ATTFilter
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.07.12.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16635
GEPC :: FLORIAN [Administrator]

12.07.2013 19:21:50
mbam-log-2013-07-12 (19-21-50).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 241394
Laufzeit: 5 Minute(n), 14 Sekunde(n)

Infizierte Speicherprozesse: 2
C:\Users\GEPC\AppData\Local\Temp\bdkXZBHl.exe (Trojan.Ransom.RRE) -> 5108 -> Löschen bei Neustart.
C:\Users\GEPC\AppData\Roaming\Dirty\DirtyDecrypt.exe (Trojan.Ransom) -> 3272 -> Löschen bei Neustart.

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|NCuJyHrh (Trojan.Ransom.RRE) -> Daten: C:\Users\GEPC\AppData\Local\SKIDROW\lVTmARrq.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|DirtyDecrypt (Trojan.Ransom) -> Daten: "C:\Users\GEPC\AppData\Roaming\Dirty\DirtyDecrypt.exe" /hide -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 4
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System|DisableTaskMgr (PUM.Hijack.TaskManager) -> Bösartig: (1) Gut: (0) -> Erfolgreich ersetzt und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bösartig: (1) Gut: (0) -> Erfolgreich ersetzt und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bösartig: (1) Gut: (0) -> Erfolgreich ersetzt und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bösartig: (1) Gut: (0) -> Erfolgreich ersetzt und in Quarantäne gestellt.

Infizierte Verzeichnisse: 1
C:\Users\GEPC\AppData\Roaming\Dirty (Trojan.Ransom) -> Löschen bei Neustart.

Infizierte Dateien: 10
C:\Users\GEPC\AppData\Local\Temp\bdkXZBHl.exe (Trojan.Ransom.RRE) -> Löschen bei Neustart.
C:\Users\GEPC\AppData\Local\SKIDROW\lVTmARrq.exe (Trojan.Ransom.RRE) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\GEPC\AppData\Local\Temp\gyiEXI5k.zip.part (Trojan.Ransom) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\$Recycle.Bin\S-1-5-21-312593407-3926772087-1577777048-1000\$RMKESBC.zip (Trojan.Ransom.RRE) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\GEPC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FvxaQcTc.exe (Trojan.Ransom.RRE) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\GEPC\AppData\Local\Temp\is398349909\dp.exe (PUP.DealPly) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\GEPC\AppData\Roaming\Dirty\alertwall.jpg (Trojan.Ransom) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\GEPC\AppData\Roaming\Dirty\DirtyDecrypt.exe (Trojan.Ransom) -> Löschen bei Neustart.
C:\Program Files (x86)\Dirty\DirtyDecrypt.exe (Trojan.Ransom) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\GEPC\AppData\Local\Dirty\DirtyDecrypt.exe (Trojan.Ransom) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         
Malwarebytes nach Ausbruch des Virus:

Code:
ATTFilter
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.07.12.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16618
GEPC :: FLORIAN [Administrator]

12.07.2013 21:02:55
mbam-log-2013-07-12 (21-02-55).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 241298
Laufzeit: 3 Minute(n), 51 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 1
C:\Users\GEPC\AppData\Roaming\Dirty (Trojan.Ransom) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateien: 2
C:\Users\GEPC\AppData\Local\Temp\is398349909\dp.exe (PUP.DealPly) -> Keine Aktion durchgeführt.
C:\Users\GEPC\AppData\Roaming\Dirty\alertwall.jpg (Trojan.Ransom) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         
Junkware Removal Tool

Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.0.9 (07.12.2013:2)
OS: Windows 7 Home Premium x64
Ran by GEPC on 13.07.2013 at 18:50:18,83
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{80922ee0-8a76-46ae-95d5-bd3c3fe0708d}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\apnstub_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\apnstub_rasmancs
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{1EBFF3E3-3DE5-43B2-9150-601B3E2E5CD7}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\ytd video downloader"
Successfully deleted: [Folder] "C:\Users\GEPC\AppData\Roaming\systweak"
Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ytd video downloader"



~~~ FireFox

Successfully deleted: [File] C:\Users\GEPC\AppData\Roaming\mozilla\firefox\profiles\tdeajqej.default\invalidprefs.js
Emptied folder: C:\Users\GEPC\AppData\Roaming\mozilla\firefox\profiles\tdeajqej.default\minidumps [299 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 13.07.2013 at 18:53:44,25
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
Angehängte Grafiken
Dateityp: png Screenshot vom Bild.PNG (41,7 KB, 138x aufgerufen)

Geändert von Jawa (13.07.2013 um 19:10 Uhr)

Alt 13.07.2013, 18:25   #2
schrauber
/// the machine
/// TB-Ausbilder
 

GVU Trojaner komplett entfernen? - Standard

GVU Trojaner komplett entfernen?



hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)


So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________

__________________

Alt 13.07.2013, 19:06   #3
Jawa
 
GVU Trojaner komplett entfernen? - Standard

GVU Trojaner komplett entfernen?



Vielen Dank schonmal!


FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-07-2013 01
Ran by GEPC (administrator) on 13-07-2013 18:56:52
Running from C:\Users\GEPC\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(G Data Software AG) C:\Program Files (x86)\G Data\AntiVirus\AVK\AVKService.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Syntek America Inc.) C:\Windows\System32\StkCSrv.exe
(Ulead Systems, Inc.) C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Spotify Ltd) C:\Users\GEPC\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(G Data Software AG) C:\Program Files (x86)\G Data\AntiVirus\AVKTray\AVKTray.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G DATA\AVKProxy\GdBgInx64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s [7560296 2011-12-12] (Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [472992 2013-03-21] (Adobe Systems Incorporated)
HKCU\...\Run: [Skype] - "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [19875432 2013-06-21] (Skype Technologies S.A.)
HKCU\...\Run: [Spotify Web Helper] - "C:\Users\GEPC\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [1105408 2013-05-07] (Spotify Ltd)
HKCU\...\Run: [Steam] - "D:\Steam\Steam.exe" -silent [x]
HKCU\...\Run: [AdobeBridge] -  [x]
MountPoints2: {482db970-e23d-11e1-83da-c86000ee6d6d} - F:\autorun.exe
HKLM-x32\...\Run: [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] - "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [G Data AntiVirus Tray] - C:\Program Files (x86)\G Data\AntiVirus\AVKTray\AVKTray.exe [1444304 2013-03-22] (G Data Software AG)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] - "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start [2255184 2013-06-28] (LogMeIn Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Hosts: 127.0.0.1 activation.cloud.techsmith.com

FireFox:
========
FF ProfilePath: C:\Users\GEPC\AppData\Roaming\Mozilla\Firefox\Profiles\tdeajqej.default
FF Homepage: https://www.google.de/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @java.com/DTPlugin,version=10.17.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.17.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF SearchPlugin: C:\Users\GEPC\AppData\Roaming\Mozilla\Firefox\Profiles\tdeajqej.default\searchplugins\englische-ergebnisse.xml
FF SearchPlugin: C:\Users\GEPC\AppData\Roaming\Mozilla\Firefox\Profiles\tdeajqej.default\searchplugins\gmx-suche.xml
FF SearchPlugin: C:\Users\GEPC\AppData\Roaming\Mozilla\Firefox\Profiles\tdeajqej.default\searchplugins\lastminute.xml
FF SearchPlugin: C:\Users\GEPC\AppData\Roaming\Mozilla\Firefox\Profiles\tdeajqej.default\searchplugins\searchplugins-backup
FF SearchPlugin: C:\Users\GEPC\AppData\Roaming\Mozilla\Firefox\Profiles\tdeajqej.default\searchplugins\webde-suche.xml
FF Extension: ProxTube - Gesperrte YouTube Videos entsperren - C:\Users\GEPC\AppData\Roaming\Mozilla\Firefox\Profiles\tdeajqej.default\Extensions\ich@maltegoetz.de
FF Extension: No Name - C:\Users\GEPC\AppData\Roaming\Mozilla\Firefox\Profiles\tdeajqej.default\Extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}.xpi
FF Extension: No Name - C:\Users\GEPC\AppData\Roaming\Mozilla\Firefox\Profiles\tdeajqej.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

Chrome: 
=======
CHR Extension: (BRoawsoe2save) - C:\Users\GEPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\plnjboioidallfpohbmpbjhipjnlginf\1

==================== Services (Whitelisted) =================

S4 AVKProxy; C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe [1957840 2013-03-22] (G Data Software AG)
R2 AVKService; C:\Program Files (x86)\G Data\AntiVirus\AVK\AVKService.exe [635344 2013-02-25] (G Data Software AG)
S4 AVKWCtl; C:\Program Files (x86)\G Data\AntiVirus\AVK\AVKWCtlX64.exe [2556896 2013-04-24] (G Data Software AG)
S4 GDScan; C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe [696808 2013-02-25] (G Data Software AG)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-02-07] (Intel Corporation)
R2 StkSSrv; C:\Windows\System32\StkCSrv.exe [24576 2007-02-12] (Syntek America Inc.)

==================== Drivers (Whitelisted) ====================

R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-08-09] (DT Soft Ltd)
R0 GDBehave; C:\Windows\System32\drivers\GDBehave.sys [60248 2013-06-04] (G Data Software AG)
R1 GDMnIcpt; C:\Windows\system32\drivers\MiniIcpt.sys [130392 2013-06-04] (G Data Software AG)
S3 GDPkIcpt; C:\Windows\system32\drivers\PktIcpt.sys [62368 2013-01-08] (G Data Software AG)
R1 gdwfpcd; C:\Windows\System32\drivers\gdwfpcd64.sys [64856 2013-06-04] (G Data Software AG)
R1 GRD; C:\Windows\system32\drivers\GRD.sys [106648 2012-08-09] (G Data Software)
R1 GRD; C:\Windows\system32\drivers\GRD.sys [106648 2012-08-09] (G Data Software)
R1 HookCentre; C:\Windows\system32\drivers\HookCentre.sys [65368 2013-06-04] (G Data Software AG)
S3 StkCMini; C:\Windows\System32\Drivers\StkCMini.sys [632704 2007-06-28] (Syntek)
S3 usbbus; C:\Windows\System32\DRIVERS\lgx64bus.sys [17920 2008-11-11] (LG Electronics Inc.)
S3 UsbDiag; C:\Windows\System32\DRIVERS\lgx64diag.sys [27136 2008-11-11] (LG Electronics Inc.)
S3 USBModem; C:\Windows\System32\DRIVERS\lgx64modem.sys [33792 2008-11-11] (LG Electronics Inc.)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-13 18:56 - 2013-07-13 18:56 - 00000000 ____D C:\FRST
2013-07-13 18:55 - 2013-07-13 18:55 - 01777829 _____ (Farbar) C:\Users\GEPC\Downloads\FRST64.exe
2013-07-13 18:53 - 2013-07-13 18:53 - 00001724 _____ C:\Users\GEPC\Desktop\JRT.txt
2013-07-13 18:50 - 2013-07-13 18:50 - 00559441 _____ (Oleg N. Scherbakov) C:\Users\GEPC\Downloads\JRT.exe
2013-07-13 18:50 - 2013-07-13 18:50 - 00000000 ____D C:\Windows\ERUNT
2013-07-13 18:48 - 2013-07-13 18:48 - 00027930 _____ C:\Users\GEPC\Desktop\AdwCleaner[S1].txt
2013-07-13 18:45 - 2013-07-13 18:45 - 00027930 _____ C:\AdwCleaner[S1].txt
2013-07-13 18:44 - 2013-07-13 18:44 - 00662345 _____ C:\Users\GEPC\Downloads\adwcleaner.exe
2013-07-13 18:42 - 2013-07-13 18:42 - 00000869 _____ C:\Users\GEPC\Desktop\checkup.txt
2013-07-13 18:31 - 2013-07-13 18:31 - 00890988 _____ C:\Users\GEPC\Downloads\SecurityCheck.exe
2013-07-13 18:26 - 2013-07-13 18:26 - 00021557 _____ C:\Users\GEPC\Desktop\eset.txt
2013-07-13 03:22 - 2013-07-13 03:22 - 00000000 ____D C:\Program Files (x86)\ESET
2013-07-13 03:21 - 2013-07-13 03:21 - 02347384 _____ (ESET) C:\Users\GEPC\Downloads\esetsmartinstaller_enu.exe
2013-07-13 03:07 - 2013-06-12 01:42 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-13 03:07 - 2013-06-12 01:25 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-13 03:07 - 2013-06-07 05:22 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-13 03:07 - 2013-06-07 04:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-13 03:06 - 2013-06-12 01:43 - 14329856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-13 03:06 - 2013-06-12 01:43 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-13 03:06 - 2013-06-12 01:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-13 03:06 - 2013-06-12 01:43 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-13 03:06 - 2013-06-12 01:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-13 03:06 - 2013-06-12 01:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-13 03:06 - 2013-06-12 01:43 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-13 03:06 - 2013-06-12 01:42 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-13 03:06 - 2013-06-12 01:42 - 02046976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-13 03:06 - 2013-06-12 01:42 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-07-13 03:06 - 2013-06-12 01:42 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-07-13 03:06 - 2013-06-12 01:42 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-07-13 03:06 - 2013-06-12 01:26 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-13 03:06 - 2013-06-12 01:26 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-13 03:06 - 2013-06-12 01:26 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-07-13 03:06 - 2013-06-12 01:25 - 19238912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-13 03:06 - 2013-06-12 01:25 - 15404032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-13 03:06 - 2013-06-12 01:25 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-13 03:06 - 2013-06-12 01:25 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-13 03:06 - 2013-06-12 01:25 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-13 03:06 - 2013-06-12 01:25 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-13 03:06 - 2013-06-12 01:25 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-07-13 03:06 - 2013-06-12 01:25 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-07-13 03:06 - 2013-06-12 01:25 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-13 03:06 - 2013-06-12 01:25 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-07-13 03:06 - 2013-06-12 00:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-13 03:06 - 2013-06-12 00:50 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-07-13 00:02 - 2013-07-13 00:02 - 00000201 _____ C:\Users\GEPC\Desktop\Borderlands 2.url
2013-07-12 20:26 - 2013-06-04 08:00 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-07-12 20:26 - 2013-06-04 06:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2013-07-12 20:26 - 2013-05-06 08:03 - 01887744 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-12 20:26 - 2013-05-06 06:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-07-12 20:25 - 2013-06-05 05:34 - 03153920 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-07-12 20:24 - 2013-04-10 01:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-07-12 20:24 - 2013-04-03 00:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-07-12 19:15 - 2013-07-12 19:15 - 00000000 ____D C:\Users\GEPC\AppData\Local\YwzTRfLA
2013-07-12 19:15 - 2013-07-12 19:15 - 00000000 ____D C:\Users\GEPC\AppData\Local\QMCNjAnv
2013-07-12 12:15 - 2013-07-12 12:15 - 00000202 _____ C:\Users\GEPC\Desktop\Bastion.url
2013-07-11 22:47 - 2013-07-11 22:47 - 00000200 _____ C:\Users\GEPC\Desktop\Thief Deadly Shadows.url
2013-07-11 22:43 - 2013-07-11 22:43 - 00000202 _____ C:\Users\GEPC\Desktop\Thief 2.url
2013-07-11 22:24 - 2013-07-11 22:24 - 00000202 _____ C:\Users\GEPC\Desktop\Thief Gold.url
2013-07-11 01:42 - 2013-07-11 01:46 - 01933440 _____ C:\Users\GEPC\Desktop\Portal endgültige ende.sfk
2013-07-11 01:40 - 2013-07-11 01:41 - 00003776 _____ C:\Users\GEPC\Desktop\Outro.mp4.sfk
2013-07-11 01:39 - 2013-07-11 01:41 - 01230496 _____ C:\Users\GEPC\Desktop\Borderlands - All DLC Cutscene Bosses in Order.mp4.sfk
2013-07-11 01:39 - 2013-07-11 01:39 - 247472172 _____ C:\Users\GEPC\Desktop\Portal endgültige ende.wav
2013-07-10 03:36 - 2013-07-10 03:36 - 00303148 _____ C:\Users\GEPC\Desktop\Moofey singt.wav
2013-07-09 22:30 - 2013-07-09 22:32 - 29911045 _____ C:\Users\GEPC\Desktop\Borderlands_ Claptrap's New Revolution DLC - Mr. Blake & Marcus Cutscene Intros HD Gameplay PS3.mp4
2013-07-09 21:38 - 2013-07-09 21:39 - 04805561 _____ C:\Users\GEPC\Desktop\Borderlands Mr Blake Intro.mp4
2013-07-09 21:36 - 2013-07-09 21:40 - 44659881 _____ C:\Users\GEPC\Desktop\Borderlands Cluck-Trap (HD).mp4
2013-07-09 02:32 - 2013-07-09 02:32 - 00000664 _____ C:\Users\GEPC\Documents\Jawamann Deckliste.txt
2013-07-08 19:55 - 2013-07-08 19:55 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_ssadadb_01005.Wdf
2013-07-07 12:26 - 2013-07-07 12:26 - 00000199 _____ C:\Users\GEPC\Desktop\Left 4 Dead 2.url
2013-07-04 17:29 - 2013-07-04 19:32 - 00000000 ____D C:\Users\GEPC\AppData\Roaming\Nico Mak Computing
2013-07-04 17:29 - 2013-07-04 17:32 - 44141605 _____ C:\Users\GEPC\Desktop\Der Weg neu).mp4
2013-07-04 16:39 - 2013-07-04 16:39 - 00000202 _____ C:\Users\GEPC\Desktop\Unepic.url
2013-07-04 15:51 - 2013-07-13 00:55 - 00000000 ____D C:\Users\GEPC\AppData\Roaming\vlc
2013-07-04 15:50 - 2013-07-04 15:50 - 00001066 _____ C:\Users\Public\Desktop\VLC media player.lnk
2013-07-04 15:50 - 2013-07-04 15:50 - 00001066 _____ C:\ProgramData\Desktop\VLC media player.lnk
2013-07-03 22:54 - 2013-07-03 22:54 - 00000192 _____ C:\Users\GEPC\Desktop\Baldur's Gate Enhanced Edition.url
2013-07-03 19:13 - 2013-07-03 22:12 - 00013495 _____ C:\Users\GEPC\Desktop\Intrp Skript.odt
2013-07-02 20:29 - 2013-07-02 20:29 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi
2013-07-01 13:00 - 2013-07-01 13:00 - 00000199 _____ C:\Users\GEPC\Desktop\Portal.url
2013-06-29 15:05 - 2013-07-03 20:33 - 00000000 ____D C:\Users\GEPC\Desktop\JaDMod Bilder
2013-06-29 12:33 - 2013-07-03 15:44 - 00000000 ____D C:\Users\GEPC\Desktop\Bilder
2013-06-27 21:17 - 2013-06-27 22:09 - 599795156 _____ C:\Users\GEPC\Desktop\Borderlands - All DLC Cutscene Bosses in Order.mp4
2013-06-26 12:49 - 2013-06-27 00:33 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-06-25 12:42 - 2013-06-25 12:42 - 00020020 _____ C:\Users\GEPC\Desktop\Magicka Komplett.odt
2013-06-25 12:19 - 2013-07-09 02:25 - 00000000 ____D C:\Program Files (x86)\DevPro
2013-06-24 21:43 - 2013-06-24 21:43 - 00172032 _____ (Europress Software) C:\Windows\SysWOW64\cncs32.dll
2013-06-24 21:43 - 2013-06-24 21:43 - 00000018 _____ C:\Windows\gfact.ini
2013-06-24 21:43 - 2013-06-24 21:43 - 00000000 ____D C:\Windows\technician
2013-06-24 21:43 - 2013-06-24 21:43 - 00000000 ____D C:\Users\GEPC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Jeux
2013-06-24 01:17 - 2013-06-24 01:17 - 00263592 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-06-24 01:17 - 2013-06-24 01:17 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-06-24 01:17 - 2013-06-24 01:17 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-06-24 01:17 - 2013-06-24 01:17 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-06-24 01:17 - 2013-06-24 01:17 - 00000000 ____D C:\Program Files (x86)\Java
2013-06-22 23:50 - 2013-06-22 23:50 - 00000201 _____ C:\Users\GEPC\Desktop\Magicka.url
2013-06-22 01:30 - 2013-06-22 01:30 - 00000202 _____ C:\Users\GEPC\Desktop\Awesomenauts.url
2013-06-22 01:02 - 2013-06-22 01:02 - 00000202 _____ C:\Users\GEPC\Desktop\Ace of Spades.url
2013-06-15 01:06 - 2013-06-15 01:06 - 00000000 ____D C:\Users\GEPC\AppData\Roaming\collection
2013-06-14 16:29 - 2013-06-14 16:29 - 00000202 _____ C:\Users\GEPC\Desktop\The Basement Collection.url
2013-06-13 01:42 - 2013-06-13 01:43 - 00023901 _____ C:\Users\GEPC\Desktop\Vorgeschichte Mest.odt

==================== One Month Modified Files and Folders =======

2013-07-13 18:56 - 2013-07-13 18:56 - 00000000 ____D C:\FRST
2013-07-13 18:55 - 2013-07-13 18:55 - 01777829 _____ (Farbar) C:\Users\GEPC\Downloads\FRST64.exe
2013-07-13 18:53 - 2013-07-13 18:53 - 00001724 _____ C:\Users\GEPC\Desktop\JRT.txt
2013-07-13 18:53 - 2009-07-14 06:45 - 00021840 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-13 18:53 - 2009-07-14 06:45 - 00021840 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-13 18:51 - 2012-12-13 12:46 - 00000000 ____D C:\Users\GEPC\AppData\Roaming\Skype
2013-07-13 18:50 - 2013-07-13 18:50 - 00559441 _____ (Oleg N. Scherbakov) C:\Users\GEPC\Downloads\JRT.exe
2013-07-13 18:50 - 2013-07-13 18:50 - 00000000 ____D C:\Windows\ERUNT
2013-07-13 18:49 - 2012-08-08 01:16 - 01770926 _____ C:\Windows\WindowsUpdate.log
2013-07-13 18:48 - 2013-07-13 18:48 - 00027930 _____ C:\Users\GEPC\Desktop\AdwCleaner[S1].txt
2013-07-13 18:46 - 2013-03-10 23:14 - 00000000 ____D C:\Users\GEPC\AppData\Local\LogMeIn Hamachi
2013-07-13 18:46 - 2012-08-08 08:41 - 00000000 ____D C:\ProgramData\NVIDIA
2013-07-13 18:46 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-07-13 18:46 - 2009-07-14 06:51 - 00129449 _____ C:\Windows\setupact.log
2013-07-13 18:45 - 2013-07-13 18:45 - 00027930 _____ C:\AdwCleaner[S1].txt
2013-07-13 18:44 - 2013-07-13 18:44 - 00662345 _____ C:\Users\GEPC\Downloads\adwcleaner.exe
2013-07-13 18:42 - 2013-07-13 18:42 - 00000869 _____ C:\Users\GEPC\Desktop\checkup.txt
2013-07-13 18:42 - 2012-11-12 11:27 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-13 18:31 - 2013-07-13 18:31 - 00890988 _____ C:\Users\GEPC\Downloads\SecurityCheck.exe
2013-07-13 18:26 - 2013-07-13 18:26 - 00021557 _____ C:\Users\GEPC\Desktop\eset.txt
2013-07-13 08:23 - 2012-12-13 19:44 - 00004070 _____ C:\Windows\System32\Tasks\Software Updater Ui
2013-07-13 08:23 - 2012-12-10 19:43 - 00004130 _____ C:\Windows\System32\Tasks\Software Updater
2013-07-13 04:33 - 2009-07-14 06:45 - 04944432 _____ C:\Windows\system32\FNTCACHE.DAT
2013-07-13 04:32 - 2012-11-15 19:02 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-13 04:32 - 2012-11-15 19:02 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-07-13 04:31 - 2010-11-21 09:00 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-13 04:31 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-13 04:31 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-07-13 03:22 - 2013-07-13 03:22 - 00000000 ____D C:\Program Files (x86)\ESET
2013-07-13 03:21 - 2013-07-13 03:21 - 02347384 _____ (ESET) C:\Users\GEPC\Downloads\esetsmartinstaller_enu.exe
2013-07-13 03:11 - 2012-08-07 19:46 - 78185248 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-07-13 02:00 - 2012-08-20 14:05 - 00000000 ____D C:\Users\GEPC\AppData\Local\Adobe
2013-07-13 01:59 - 2010-11-21 05:47 - 00517400 _____ C:\Windows\PFRO.log
2013-07-13 01:20 - 2013-04-06 02:02 - 00000000 ____D C:\Users\GEPC\AppData\Local\Deployment
2013-07-13 00:55 - 2013-07-04 15:51 - 00000000 ____D C:\Users\GEPC\AppData\Roaming\vlc
2013-07-13 00:02 - 2013-07-13 00:02 - 00000201 _____ C:\Users\GEPC\Desktop\Borderlands 2.url
2013-07-13 00:02 - 2013-03-27 23:55 - 00000000 ____D C:\Users\GEPC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2013-07-12 21:09 - 2013-04-06 02:03 - 00000000 ____D C:\Users\GEPC\AppData\Roaming\MetroTwit
2013-07-12 21:09 - 2012-11-29 22:21 - 00000000 ____D C:\Users\GEPC\AppData\Local\TubeBox
2013-07-12 21:09 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\registration
2013-07-12 21:09 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\AppCompat
2013-07-12 21:09 - 2009-07-14 05:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2013-07-12 20:19 - 2012-08-08 01:19 - 00000000 ____D C:\Users\GEPC
2013-07-12 19:15 - 2013-07-12 19:15 - 00000000 ____D C:\Users\GEPC\AppData\Local\YwzTRfLA
2013-07-12 19:15 - 2013-07-12 19:15 - 00000000 ____D C:\Users\GEPC\AppData\Local\QMCNjAnv
2013-07-12 12:15 - 2013-07-12 12:15 - 00000202 _____ C:\Users\GEPC\Desktop\Bastion.url
2013-07-11 22:47 - 2013-07-11 22:47 - 00000200 _____ C:\Users\GEPC\Desktop\Thief Deadly Shadows.url
2013-07-11 22:43 - 2013-07-11 22:43 - 00000202 _____ C:\Users\GEPC\Desktop\Thief 2.url
2013-07-11 22:24 - 2013-07-11 22:24 - 00000202 _____ C:\Users\GEPC\Desktop\Thief Gold.url
2013-07-11 02:20 - 2012-09-01 08:31 - 00000000 ____D C:\Users\GEPC\Desktop\Sony Vegas Dateien (geschnitten)
2013-07-11 01:46 - 2013-07-11 01:42 - 01933440 _____ C:\Users\GEPC\Desktop\Portal endgültige ende.sfk
2013-07-11 01:41 - 2013-07-11 01:40 - 00003776 _____ C:\Users\GEPC\Desktop\Outro.mp4.sfk
2013-07-11 01:41 - 2013-07-11 01:39 - 01230496 _____ C:\Users\GEPC\Desktop\Borderlands - All DLC Cutscene Bosses in Order.mp4.sfk
2013-07-11 01:39 - 2013-07-11 01:39 - 247472172 _____ C:\Users\GEPC\Desktop\Portal endgültige ende.wav
2013-07-11 01:39 - 2012-08-12 22:28 - 00000000 ____D C:\Users\GEPC\AppData\Roaming\Audacity
2013-07-10 21:34 - 2012-12-13 12:46 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-07-10 21:34 - 2012-12-13 12:27 - 00000000 ____D C:\ProgramData\Skype
2013-07-10 03:36 - 2013-07-10 03:36 - 00303148 _____ C:\Users\GEPC\Desktop\Moofey singt.wav
2013-07-09 23:30 - 2012-12-03 21:38 - 00000000 ____D C:\Users\GEPC\AppData\Local\CrashDumps
2013-07-09 22:32 - 2013-07-09 22:30 - 29911045 _____ C:\Users\GEPC\Desktop\Borderlands_ Claptrap's New Revolution DLC - Mr. Blake & Marcus Cutscene Intros HD Gameplay PS3.mp4
2013-07-09 21:40 - 2013-07-09 21:36 - 44659881 _____ C:\Users\GEPC\Desktop\Borderlands Cluck-Trap (HD).mp4
2013-07-09 21:39 - 2013-07-09 21:38 - 04805561 _____ C:\Users\GEPC\Desktop\Borderlands Mr Blake Intro.mp4
2013-07-09 13:19 - 2010-11-21 08:50 - 00689126 _____ C:\Windows\system32\perfh007.dat
2013-07-09 13:19 - 2010-11-21 08:50 - 00149098 _____ C:\Windows\system32\perfc007.dat
2013-07-09 13:19 - 2009-07-14 07:13 - 01620612 _____ C:\Windows\system32\PerfStringBackup.INI
2013-07-09 02:32 - 2013-07-09 02:32 - 00000664 _____ C:\Users\GEPC\Documents\Jawamann Deckliste.txt
2013-07-09 02:25 - 2013-06-25 12:19 - 00000000 ____D C:\Program Files (x86)\DevPro
2013-07-08 19:55 - 2013-07-08 19:55 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_ssadadb_01005.Wdf
2013-07-07 12:26 - 2013-07-07 12:26 - 00000199 _____ C:\Users\GEPC\Desktop\Left 4 Dead 2.url
2013-07-07 12:20 - 2013-02-08 23:20 - 00000000 ____D C:\Users\GEPC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Left 4 Dead
2013-07-06 21:57 - 2012-11-26 19:29 - 00000000 ____D C:\Users\GEPC\AppData\Local\Paint.NET
2013-07-05 22:04 - 2012-08-07 19:39 - 00080912 _____ C:\Users\GEPC\AppData\Local\GDIPFONTCACHEV1.DAT
2013-07-04 19:32 - 2013-07-04 17:29 - 00000000 ____D C:\Users\GEPC\AppData\Roaming\Nico Mak Computing
2013-07-04 17:32 - 2013-07-04 17:29 - 44141605 _____ C:\Users\GEPC\Desktop\Der Weg neu).mp4
2013-07-04 17:29 - 2013-01-03 03:21 - 00001289 _____ C:\Users\Public\Desktop\YTD Video Downloader.lnk
2013-07-04 17:29 - 2013-01-03 03:21 - 00001289 _____ C:\ProgramData\Desktop\YTD Video Downloader.lnk
2013-07-04 16:39 - 2013-07-04 16:39 - 00000202 _____ C:\Users\GEPC\Desktop\Unepic.url
2013-07-04 15:50 - 2013-07-04 15:50 - 00001066 _____ C:\Users\Public\Desktop\VLC media player.lnk
2013-07-04 15:50 - 2013-07-04 15:50 - 00001066 _____ C:\ProgramData\Desktop\VLC media player.lnk
2013-07-04 15:12 - 2012-09-03 16:00 - 00018419 _____ C:\Users\GEPC\Desktop\LP.odt
2013-07-03 22:54 - 2013-07-03 22:54 - 00000192 _____ C:\Users\GEPC\Desktop\Baldur's Gate Enhanced Edition.url
2013-07-03 22:12 - 2013-07-03 19:13 - 00013495 _____ C:\Users\GEPC\Desktop\Intrp Skript.odt
2013-07-03 20:33 - 2013-06-29 15:05 - 00000000 ____D C:\Users\GEPC\Desktop\JaDMod Bilder
2013-07-03 15:44 - 2013-06-29 12:33 - 00000000 ____D C:\Users\GEPC\Desktop\Bilder
2013-07-02 20:29 - 2013-07-02 20:29 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi
2013-07-02 15:13 - 2012-09-17 18:21 - 00000000 ____D C:\Users\GEPC\Desktop\Youtube
2013-07-01 13:00 - 2013-07-01 13:00 - 00000199 _____ C:\Users\GEPC\Desktop\Portal.url
2013-06-27 22:09 - 2013-06-27 21:17 - 599795156 _____ C:\Users\GEPC\Desktop\Borderlands - All DLC Cutscene Bosses in Order.mp4
2013-06-27 09:26 - 2012-08-30 07:08 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-06-27 00:33 - 2013-06-26 12:49 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-06-26 13:50 - 2012-08-09 21:16 - 00000000 ____D C:\Users\GEPC\AppData\Roaming\.minecraft
2013-06-25 12:45 - 2012-08-09 14:19 - 00000000 ____D C:\Users\GEPC\AppData\Roaming\Adobe
2013-06-25 12:42 - 2013-06-25 12:42 - 00020020 _____ C:\Users\GEPC\Desktop\Magicka Komplett.odt
2013-06-24 21:43 - 2013-06-24 21:43 - 00172032 _____ (Europress Software) C:\Windows\SysWOW64\cncs32.dll
2013-06-24 21:43 - 2013-06-24 21:43 - 00000018 _____ C:\Windows\gfact.ini
2013-06-24 21:43 - 2013-06-24 21:43 - 00000000 ____D C:\Windows\technician
2013-06-24 21:43 - 2013-06-24 21:43 - 00000000 ____D C:\Users\GEPC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Jeux
2013-06-24 01:17 - 2013-06-24 01:17 - 00263592 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-06-24 01:17 - 2013-06-24 01:17 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-06-24 01:17 - 2013-06-24 01:17 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-06-24 01:17 - 2013-06-24 01:17 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-06-24 01:17 - 2013-06-24 01:17 - 00000000 ____D C:\Program Files (x86)\Java
2013-06-24 01:17 - 2013-03-23 21:47 - 00867240 _____ (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2013-06-24 01:17 - 2013-03-23 21:47 - 00789416 _____ (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2013-06-23 10:46 - 2012-08-21 02:16 - 00096193 _____ C:\Windows\DirectX.log
2013-06-22 23:50 - 2013-06-22 23:50 - 00000201 _____ C:\Users\GEPC\Desktop\Magicka.url
2013-06-22 01:30 - 2013-06-22 01:30 - 00000202 _____ C:\Users\GEPC\Desktop\Awesomenauts.url
2013-06-22 01:02 - 2013-06-22 01:02 - 00000202 _____ C:\Users\GEPC\Desktop\Ace of Spades.url
2013-06-18 13:01 - 2012-12-16 00:42 - 00001078 _____ C:\Users\GEPC\Desktop\League of Legends.lnk
2013-06-15 01:06 - 2013-06-15 01:06 - 00000000 ____D C:\Users\GEPC\AppData\Roaming\collection
2013-06-14 16:29 - 2013-06-14 16:29 - 00000202 _____ C:\Users\GEPC\Desktop\The Basement Collection.url
2013-06-14 03:17 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-06-13 01:43 - 2013-06-13 01:42 - 00023901 _____ C:\Users\GEPC\Desktop\Vorgeschichte Mest.odt

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-07-13 05:02

==================== End Of Log ============================
         
--- --- ---


Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-07-2013 01
Ran by GEPC at 2013-07-13 18:57:44
Running from C:\Users\GEPC\Downloads
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

   
«Sleeping Dogs - Limited Edition» (x32)
µTorrent (x32 Version: 3.2.0)
Ace of Spades (x32)
Adobe AIR (x32 Version: 3.5.0.600)
Adobe Flash Player 11 ActiveX (x32 Version: 11.7.700.224)
Adobe Flash Player 11 Plugin (x32 Version: 11.7.700.224)
Adobe FlashPlayer Update Installer 11.5.502.112 (x32 Version: 11.5.502.112)
Adobe Help Manager (x32 Version: 4.0.244)
Adobe Photoshop CS6 (x32 Version: 13.0)
Adobe Reader XI (11.0.03) - Deutsch (x32 Version: 11.0.03)
Alan Wake (x32)
Alan Wake's American Nightmare (x32)
Audacity 2.0 (x32)
AudibleManager (x32 Version: 2004040942.48.56.38474994)
Awesomenauts (x32)
Baldur's Gate: Enhanced Edition (x32)
bl (x32 Version: 1.0.0)
Borderlands 2 (x32)
Camtasia Studio 8 (x32 Version: 8.0.1.903)
Command & Conquer 3 (x32 Version: 1.00.0000)
D3DX10 (x32 Version: 15.4.2368.0902)
DAEMON Tools Lite (x32 Version: 4.45.4.0314)
DebugMode FrameServer (x32)
Don't Starve (x32)
Dxtory version 2.0.120 (x32 Version: 2.0.120)
ESET Online Scanner v3 (x32)
Fotogalerie (x32 Version: 16.4.3505.0912)
Fraps (remove only) (x32)
G Data AntiVirus 2013 (x32 Version: 23.0.0.0)
G DATA Logox4 Demo (x32)
G DATA Logox4 Speechengine (x32)
GameRanger (HKCU)
Gothic II (x32)
Heroes of Might and Magic® III (x32)
ICQ7M (x32 Version: 7.8)
Intel(R) Management Engine Components (x32 Version: 8.0.2.1410)
Intel® Trusted Connect Service Client (Version: 1.23.605.1)
Java 7 Update 17 (64-bit) (Version: 7.0.170)
Java 7 Update 25 (x32 Version: 7.0.250)
Java Auto Updater (x32 Version: 2.1.9.0)
Kingdoms of Amalur Reckoning (x32)
King's Quest I: Quest for the Crown (4.1c) (x32 Version: 4.1)
Lagarith Lossless Codec (1.3.27) (x32)
Left 4 Dead (x32)
Left 4 Dead 2 (x32)
LG USB Modem driver (x32)
Lionheart: Legacy of the Crusader (TM) (x32)
LogMeIn Hamachi (x32 Version: 2.1.0.374)
Magicka (x32)
Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300)
MetroTwit (HKCU Version: 1.1.0.3076)
Microsoft .NET Framework 4.5 (Version: 4.5.50709)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft SQL Server Compact 3.5 SP2 ENU (x32 Version: 3.5.8080.0)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (Version: 3.5.8080.0)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (x32 Version: 9.0.30411)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft XNA Framework Redistributable 3.1 (x32 Version: 3.1.10527.0)
Microsoft XNA Framework Redistributable 4.0 (x32 Version: 4.0.20823.0)
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000)
Movie Maker (x32 Version: 16.4.3505.0912)
Mozilla Firefox 22.0 (x86 de) (x32 Version: 22.0)
Mozilla Maintenance Service (x32 Version: 22.0)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT Redists (Version: 1.0)
MSVCRT110 (x32 Version: 16.4.1108.0727)
MSVCRT110_amd64 (Version: 16.4.1109.0912)
Neverwinter (x32)
NVIDIA 3D Vision Controller-Treiber 301.42 (Version: 301.42)
NVIDIA 3D Vision Treiber 311.06 (Version: 311.06)
NVIDIA Grafiktreiber 311.06 (Version: 311.06)
NVIDIA HD-Audiotreiber 1.3.18.0 (Version: 1.3.18.0)
NVIDIA Install Application (Version: 2.1002.109.718)
NVIDIA PhysX (x32 Version: 9.12.0213)
NVIDIA PhysX-Systemsoftware 9.12.0213 (Version: 9.12.0213)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.1106)
NVIDIA Systemsteuerung 311.06 (Version: 311.06)
NVIDIA Update 1.11.3 (Version: 1.11.3)
NVIDIA Update Components (Version: 1.11.3)
Open Broadcaster Software (x32)
OpenOffice.org 3.4 (x32 Version: 3.4.9590)
Paint.NET v3.5.10 (Version: 3.60.0)
Pando Media Booster (x32 Version: 2.6.0.8)
PDF Settings CS6 (x32 Version: 11.0)
ph (x32 Version: 1.0.0)
Photo Gallery (x32 Version: 16.4.3505.0912)
Portal (x32)
Portal 2 (x32)
Realtek Ethernet Controller Driver (x32 Version: 7.52.203.2012)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6526)
RGSS-RTP Standard (x32 Version: 1.04)
rosoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
RPG Maker 2003 (x32)
RPG Maker VX RTP (x32 Version: 1.02)
RTP 2003 (x32)
Skype™ 5.10 (x32 Version: 5.10.116)
Skype™ 6.6 (x32 Version: 6.6.106)
Spotify (HKCU Version: 0.9.0.133.gd18ed589)
Steam (x32 Version: 1.0.0.0)
Super Meat Boy (x32)
Team Fortress 2 (x32)
TeamSpeak 3 Client (Version: 3.0.9.2)
The Basement Collection (x32)
The Binding of Isaac (x32)
They Bleed Pixels (x32)
TubeBox (x32 Version: 4.2.0)
Ulead VideoStudio SE DVD (x32 Version: 10.0)
Unepic (x32)
Update for Microsoft .NET Framework 4.5 (KB2750147) (x32 Version: 1)
Update for Microsoft .NET Framework 4.5 (KB2805221) (x32 Version: 1)
Update for Microsoft .NET Framework 4.5 (KB2805226) (x32 Version: 1)
USB2.0 ATV (x32)
Vegas Pro 10.0 (64-bit) (Version: 10.0.470)
VLC media player 2.0.2 (Version: 2.0.2)
VLC media player 2.0.7 (x32 Version: 2.0.7)
Warframe (x32)
Windows Live Communications Platform (x32 Version: 16.4.3505.0912)
Windows Live Essentials (x32 Version: 16.4.3505.0912)
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0)
Windows Live Installer (x32 Version: 16.4.3505.0912)
Windows Live Messenger (x32 Version: 16.4.3505.0912)
Windows Live Photo Common (x32 Version: 16.4.3505.0912)
Windows Live PIMT Platform (x32 Version: 16.4.3505.0912)
Windows Live SOXE (x32 Version: 16.4.3505.0912)
Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912)
Windows Live UX Platform (x32 Version: 16.4.3505.0912)
Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912)
WinRAR 4.20 (64-Bit) (Version: 4.20.0)
XSplit (x32 Version: 1.1.1210.3101)
Yahoo! Detect (x32)
YGOPro DevPro version 1.8.6 (x32 Version: 1.8.6)
YTD Video Downloader 4.3 (x32 Version: 4.3)

==================== Restore Points  =========================

11-07-2013 01:00:18 Windows Update
12-07-2013 18:24:45 Windows Update
12-07-2013 23:57:18 Wiederherstellungsvorgang
13-07-2013 01:00:16 Windows Update

==================== Hosts content: ==========================

2009-07-14 04:34 - 2012-10-19 02:02 - 00000864 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 activation.cloud.techsmith.com

==================== Scheduled Tasks (whitelisted) =============

Task: {08B14CA5-4209-42E6-B7FB-8E10B924B837} - System32\Tasks\{3858CB0A-0109-48C9-91F0-1BC02878EE16} => C:\program files (x86)\mozilla firefox\firefox.exe [2013-06-26] (Mozilla Corporation)
Task: {1C0E8790-8B5E-48A1-8885-7F99C6D7FDF3} - System32\Tasks\{4A2D0F34-07C6-407D-AF20-CD65DCE8D657} => C:\ASSAULT.EXE No File
Task: {25B2FA2A-945B-4B9C-9DD0-0CC783FE43FB} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe [2010-02-23] (Microsoft Corporation)
Task: {2873CED1-0C9C-443B-BAE6-FC2145162FED} - System32\Tasks\{68C82AF0-50B4-4099-B5ED-44EB3C91AC8B} => C:\REBEL2.EXE No File
Task: {2FC992C0-DDCD-4313-B2CA-50A9784D3C2A} - System32\Tasks\{25192C90-2004-4DFB-A70F-A1AA23DAE82E} => C:\ASSAULT.EXE No File
Task: {333C2A10-B34B-416D-911F-BE23F431F92D} - System32\Tasks\{160CDECD-FEA4-4C05-AA48-992CA62AEE8D} => C:\program files (x86)\mozilla firefox\firefox.exe [2013-06-26] (Mozilla Corporation)
Task: {358A4D6C-B4DE-4B31-98BD-28833D27043E} - System32\Tasks\{026A41EB-6286-400E-B4F6-6893288D38E3} => C:\INSTALL.EXE No File
Task: {4230511B-7991-49BA-82A5-F21237507ED4} - System32\Tasks\{58A34A79-EBA8-422B-8D7D-B1900E082F56} => C:\program files (x86)\mozilla firefox\firefox.exe [2013-06-26] (Mozilla Corporation)
Task: {448D0346-13DC-44C2-B336-AE3D5E933686} - System32\Tasks\{04C4AC63-47A5-4325-BC58-FD0F727057CF} => C:\Heroes3.exe No File
Task: {4B031564-3B24-4EF1-887D-162E354F331E} - System32\Tasks\{2F762F3E-38C1-47C3-80B5-C36F032C8C8F} => C:\program files (x86)\mozilla firefox\firefox.exe [2013-06-26] (Mozilla Corporation)
Task: {4F749876-3598-4B93-A743-84754F79E6E6} - System32\Tasks\{D1D5586F-B309-4500-9538-8EA188234945} => C:\REBEL2.EXE No File
Task: {5DB22198-B1B6-4C84-BB62-603E53B45872} - System32\Tasks\{93342B00-BFCC-44AD-90AF-43CF3250B2DA} => C:\REBEL2.EXE No File
Task: {64286E54-B6D1-49C8-9540-4ADD82B1F246} - System32\Tasks\{0E785605-CA67-4728-BE1F-41A1A0E25BB8} => C:\program files (x86)\mozilla firefox\firefox.exe [2013-06-26] (Mozilla Corporation)
Task: {675101E1-FE47-4BD5-88C7-5D92C7F66813} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task
Task: {68C21718-F6CD-4C14-99ED-274D7B46A409} - System32\Tasks\{F987271F-C5D8-46CF-B48D-F962B3CA5AF4} => C:\MeGUI\MeGUI.exe No File
Task: {6BE8A728-8C95-4453-AA7C-487BFF79F353} - System32\Tasks\{5773440E-A93E-4A78-954A-CAE1EDCD4032} => C:\ASSAULT.EXE No File
Task: {6DBC3EDF-ABE3-4DB0-BC6C-97C15191EC6C} - System32\Tasks\{3098857C-5D98-493E-A24B-228A185DD01D} => C:\ASSAULT.EXE No File
Task: {8177DFED-2484-473E-B0B8-0575922F10BA} - System32\Tasks\{45AED7A6-E16E-4D02-BA4A-00E79D03FCD1} => C:\REBEL2.EXE No File
Task: {8D1E85D6-4A59-47B4-8F31-6CA05790E0EE} - System32\Tasks\{1D5D57CE-A7A8-4EBD-BA5B-554172D836F7} => C:\Heroes3.exe No File
Task: {9035D0B7-F6A5-4014-A717-6AB90E9480B8} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => C:\program files\windows defender\MpCmdRun.exe [2009-07-14] (Microsoft Corporation)
Task: {926FA5E9-88EA-4CB8-9DF5-5DA27C0760DD} - System32\Tasks\{BC6DDC96-441B-4EF9-B1AD-321B5C07B0BC} => C:\ASSAULT.EXE No File
Task: {956F2211-5595-4F19-B09B-3B0F4BE7C48C} - System32\Tasks\{F17A10A4-289A-4A22-B9AD-2F7924D2BBA5} => C:\Heroes3.exe No File
Task: {9841600C-F6E8-409C-926A-53E432C829C4} - System32\Tasks\{E70CC473-E8E3-428E-BB0F-7B1F24B0D3E3} => C:\program files (x86)\mozilla firefox\firefox.exe [2013-06-26] (Mozilla Corporation)
Task: {98997EFE-1FFA-4581-9CD0-42928BD916A3} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-11] (Adobe Systems Incorporated)
Task: {A207B8F9-20EC-4E47-AA3E-1D1719AAA77E} - System32\Tasks\{B461AFDA-6EE3-4333-903D-A81806354662} => C:\Heroes3.exe No File
Task: {A4543FEF-B4A0-4122-9C74-F48EA4B26227} - System32\Tasks\{8F84650A-371E-4A78-A9CD-55673BD89536} => C:\ASSAULT.EXE No File
Task: {A8D8E73A-24E2-4CA8-BAF4-DD388BB5EDA9} - System32\Tasks\AdobeAAMUpdater-1.0-FLORIAN-GEPC => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2013-03-21] (Adobe Systems Incorporated)
Task: {AABA51AD-4331-4115-9E58-35F30E3E00F0} - System32\Tasks\{5E8686AE-411F-4D2A-B770-DD442DB09B12} => C:\program files (x86)\mozilla firefox\firefox.exe [2013-06-26] (Mozilla Corporation)
Task: {AB5C1FC5-8C88-4D7F-8249-41A9546FB199} - System32\Tasks\{DFFE7977-3A26-4589-8460-F0E70D18DB18} => C:\INSTALL.EXE No File
Task: {B1D0984C-3517-4192-9A2C-255CB5022BA1} - System32\Tasks\{CBBA8BB6-FA91-41B8-95B8-9C0DBAB654E9} => C:\REBEL2.EXE No File
Task: {B9313CBB-03CF-4D8D-97B5-ADB7496059C3} - System32\Tasks\{59B089F4-6266-4B88-871B-AE9FCD3C10F3} => C:\program files (x86)\mozilla firefox\firefox.exe [2013-06-26] (Mozilla Corporation)
Task: {BB217CC5-9123-4EBB-AA7B-97466F35E601} - System32\Tasks\{3C8E9A30-26C4-4C0C-BBDF-0B8E6E0B8603} => C:\ASSAULT.EXE No File
Task: {CF281BD5-2D45-4AA8-A512-77871131FD28} - System32\Tasks\{EB81004B-7D84-44CB-BD62-0AC152CC27BD} => C:\REBEL2.EXE No File
Task: {D0BCFBCE-5632-4125-8416-E6BD0D0C9894} - System32\Tasks\Software Updater Ui => C:\Program Files (x86)\SoftwareUpdater\SoftwareUpdater.Ui.exe No File
Task: {D67A9D87-EFAC-4002-ABF0-0F2B55DBFB8C} - System32\Tasks\{C5B910D7-3787-4D3A-AF45-14DE732240E1} => C:\ASSAULT.EXE No File
Task: {E54296D0-099C-47B6-97CE-704FA68162D9} - System32\Tasks\{D27D8954-A9D2-4F48-A7F1-166378C9A07D} => C:\REBEL2.EXE No File
Task: {EB524187-DFDE-4D55-97D9-3AE7B50775CB} - System32\Tasks\{D56C4DD9-F484-44D7-8AE0-F717444461AE} => C:\REBEL2.EXE No File
Task: {F7E711F5-B53F-49D3-9709-35F74522A15B} - System32\Tasks\Software Updater => C:\Program Files (x86)\SoftwareUpdater\SoftwareUpdater.Bootstrapper.exe No File
Task: {FB3851C4-7256-4E5D-A422-9076D8D98987} - System32\Tasks\{E1F5EA80-FF7D-4AE4-BFC4-59F40E43B7C8} => C:\INSTALL.EXE No File
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============

Microsoft Office Sessions:
=========================

==================== Memory info =========================== 

Percentage of memory in use: 20%
Total physical RAM: 8156.88 MB
Available physical RAM: 6482.29 MB
Total Pagefile: 16311.95 MB
Available Pagefile: 14564.29 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:247.82 GB) (Free:83.31 GB) NTFS (Disk=0 Partition=2)
Drive d: () (Fixed) (Total:683.59 GB) (Free:174.95 GB) NTFS (Disk=0 Partition=3)

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 201B4F36)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=248 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=684 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         
__________________

Alt 13.07.2013, 19:19   #4
schrauber
/// the machine
/// TB-Ausbilder
 

GVU Trojaner komplett entfernen? - Standard

GVU Trojaner komplett entfernen?



Zitat:
127.0.0.1 activation.cloud.techsmith.com
was genau wurde denn hiermit gecrackt?

Deine Bilder und Videos kannste knicken, die sind verschlüsselt. Es gibt kein Entschlüsselungstool dafür.
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!
Downloade dir bitte Combofix vom folgenden Downloadspiegel

Link 1


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 13.07.2013, 20:02   #5
Jawa
 
GVU Trojaner komplett entfernen? - Standard

GVU Trojaner komplett entfernen?



Gute Frage, ich benutze den Pc leider nicht alleine.

Inwiefern denn verschlüsselt? Heißt das etwa ich komme da nun gar nicht mehr ran?

Beim Ausführen von Combo Fix kam beim Scannen die Meldung: pev.3XE funktioniert nicht mehr. Daraufhin blieb nur die Option das Programm zu schließen. Ausgeführt wurde Combofix trotzdem bis zum Ende, falls das irgendetwas bedeutet.

Code:
ATTFilter
ComboFix 13-07-13.01 - GEPC 13.07.2013  20:33:52.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.932.81.1031.18.8157.6584 [GMT 2:00]
Running from: c:\users\GEPC\Desktop\ComboFix.exe
AV: G Data AntiVirus 2013 *Disabled/Updated* {39B780B4-63C2-05B0-3B40-8F7A21E4F496}
SP: G Data AntiVirus 2013 *Disabled/Updated* {82D66150-45F8-0A3E-01F0-B4085A63BE2B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\BRoawsoe2save
c:\programdata\BRoawsoe2save\5173fdb565e4a.tlb
c:\programdata\BRoawsoe2save\settings.ini
c:\windows\IsUn0407.exe
c:\windows\SysWow64\frapsvid.dll
.
.
(((((((((((((((((((((((((   Files Created from 2013-06-13 to 2013-07-13  )))))))))))))))))))))))))))))))
.
.
2013-07-13 18:56 . 2013-07-13 18:56	--------	d-----w-	c:\users\UpdatusUser\AppData\Local\temp
2013-07-13 18:56 . 2013-07-13 18:56	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-07-13 16:58 . 2013-07-13 16:58	76232	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{D35EC8BE-E0D5-470C-AA7B-0FE935E27C6C}\offreg.dll
2013-07-13 16:56 . 2013-07-13 16:56	--------	d-----w-	C:\FRST
2013-07-13 16:50 . 2013-07-13 16:50	--------	d-----w-	c:\windows\ERUNT
2013-07-13 01:22 . 2013-07-13 01:22	--------	d-----w-	c:\program files (x86)\ESET
2013-07-13 01:07 . 2013-06-07 03:22	2706432	----a-w-	c:\windows\system32\mshtml.tlb
2013-07-13 01:07 . 2013-06-07 02:37	2706432	----a-w-	c:\windows\SysWow64\mshtml.tlb
2013-07-13 01:07 . 2013-06-11 23:42	257536	----a-w-	c:\program files (x86)\Internet Explorer\ieproxy.dll
2013-07-13 01:07 . 2013-06-11 23:25	701952	----a-w-	c:\program files\Internet Explorer\ieproxy.dll
2013-07-13 01:07 . 2013-06-11 23:25	526336	----a-w-	c:\windows\system32\ieui.dll
2013-07-13 01:07 . 2013-06-11 23:25	356864	----a-w-	c:\program files\Internet Explorer\IEShims.dll
2013-07-12 18:26 . 2013-05-27 05:50	1011712	----a-w-	c:\program files\Windows Defender\MpSvc.dll
2013-07-12 18:26 . 2013-05-27 05:50	571904	----a-w-	c:\program files\Windows Defender\MpClient.dll
2013-07-12 18:26 . 2013-05-27 05:50	314880	----a-w-	c:\program files\Windows Defender\MpCommu.dll
2013-07-12 18:26 . 2013-05-27 04:57	4608	----a-w-	c:\program files (x86)\Windows Defender\MsMpLics.dll
2013-07-12 18:26 . 2013-05-27 04:57	54784	----a-w-	c:\program files (x86)\Windows Defender\MpOAV.dll
2013-07-12 18:26 . 2013-05-27 04:57	392704	----a-w-	c:\program files (x86)\Windows Defender\MpClient.dll
2013-07-12 18:26 . 2013-05-27 03:15	9216	----a-w-	c:\program files (x86)\Windows Defender\MpAsDesc.dll
2013-07-12 18:26 . 2013-06-04 06:00	624128	----a-w-	c:\windows\system32\qedit.dll
2013-07-12 18:26 . 2013-06-04 04:53	509440	----a-w-	c:\windows\SysWow64\qedit.dll
2013-07-12 18:26 . 2013-05-06 06:03	1887744	----a-w-	c:\windows\system32\WMVDECOD.DLL
2013-07-12 18:26 . 2013-05-06 04:56	1620480	----a-w-	c:\windows\SysWow64\WMVDECOD.DLL
2013-07-12 18:25 . 2013-06-05 03:34	3153920	----a-w-	c:\windows\system32\win32k.sys
2013-07-12 18:25 . 2013-04-10 05:48	1732608	----a-w-	c:\program files\Windows Journal\NBDoc.DLL
2013-07-12 18:25 . 2013-04-10 05:46	1367040	----a-w-	c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2013-07-12 18:25 . 2013-04-10 05:46	1402880	----a-w-	c:\program files\Windows Journal\JNWDRV.dll
2013-07-12 18:25 . 2013-04-10 05:46	1393152	----a-w-	c:\program files\Windows Journal\JNTFiltr.dll
2013-07-12 18:25 . 2013-04-10 05:03	936448	----a-w-	c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2013-07-12 18:25 . 2013-06-12 03:08	9552976	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{D35EC8BE-E0D5-470C-AA7B-0FE935E27C6C}\mpengine.dll
2013-07-12 18:24 . 2013-04-09 23:34	1247744	----a-w-	c:\windows\SysWow64\DWrite.dll
2013-07-12 18:24 . 2013-04-02 22:51	1643520	----a-w-	c:\windows\system32\DWrite.dll
2013-07-12 17:15 . 2013-07-12 17:15	--------	d-----w-	c:\users\GEPC\AppData\Local\YwzTRfLA
2013-07-12 17:15 . 2013-07-12 17:15	--------	d-----w-	c:\users\GEPC\AppData\Local\QMCNjAnv
2013-07-04 15:29 . 2013-07-04 17:32	--------	d-----w-	c:\users\GEPC\AppData\Roaming\Nico Mak Computing
2013-07-04 13:51 . 2013-07-12 22:55	--------	d-----w-	c:\users\GEPC\AppData\Roaming\vlc
2013-07-02 18:29 . 2013-07-02 18:29	--------	d-----w-	c:\program files (x86)\LogMeIn Hamachi
2013-06-25 10:19 . 2013-07-09 00:25	--------	d-----w-	c:\program files (x86)\DevPro
2013-06-24 19:43 . 2013-06-24 19:43	172032	----a-w-	c:\windows\SysWow64\cncs32.dll
2013-06-24 19:43 . 2013-06-24 19:43	--------	d-----w-	c:\windows\technician
2013-06-23 23:17 . 2013-06-23 23:17	96168	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-06-23 23:17 . 2013-06-23 23:17	--------	d-----w-	c:\program files (x86)\Java
2013-06-14 23:06 . 2013-06-14 23:06	--------	d-----w-	c:\users\GEPC\AppData\Roaming\collection
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-13 01:11 . 2012-08-07 17:46	78185248	----a-w-	c:\windows\system32\MRT.exe
2013-06-23 23:17 . 2013-03-23 19:47	867240	----a-w-	c:\windows\SysWow64\npDeployJava1.dll
2013-06-23 23:17 . 2013-03-23 19:47	789416	----a-w-	c:\windows\SysWow64\deployJava1.dll
2013-06-11 21:42 . 2012-08-09 12:19	71048	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-11 21:42 . 2012-08-09 12:19	692104	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-06-04 21:27 . 2012-08-08 06:50	65368	----a-w-	c:\windows\system32\drivers\HookCentre.sys
2013-06-04 21:27 . 2012-08-08 06:50	64856	----a-w-	c:\windows\system32\drivers\gdwfpcd64.sys
2013-06-04 21:26 . 2012-08-08 06:50	60248	----a-w-	c:\windows\system32\drivers\GDBehave.sys
2013-06-04 21:26 . 2012-08-08 06:50	130392	----a-w-	c:\windows\system32\drivers\MiniIcpt.sys
2013-05-13 05:51 . 2013-06-12 09:54	184320	----a-w-	c:\windows\system32\cryptsvc.dll
2013-05-13 05:51 . 2013-06-12 09:54	1464320	----a-w-	c:\windows\system32\crypt32.dll
2013-05-13 05:51 . 2013-06-12 09:54	139776	----a-w-	c:\windows\system32\cryptnet.dll
2013-05-13 05:50 . 2013-06-12 09:54	52224	----a-w-	c:\windows\system32\certenc.dll
2013-05-13 04:45 . 2013-06-12 09:54	140288	----a-w-	c:\windows\SysWow64\cryptsvc.dll
2013-05-13 04:45 . 2013-06-12 09:54	1160192	----a-w-	c:\windows\SysWow64\crypt32.dll
2013-05-13 04:45 . 2013-06-12 09:54	103936	----a-w-	c:\windows\SysWow64\cryptnet.dll
2013-05-13 03:43 . 2013-06-12 09:54	1192448	----a-w-	c:\windows\system32\certutil.exe
2013-05-13 03:08 . 2013-06-12 09:54	903168	----a-w-	c:\windows\SysWow64\certutil.exe
2013-05-13 03:08 . 2013-06-12 09:54	43008	----a-w-	c:\windows\SysWow64\certenc.dll
2013-05-10 05:49 . 2013-06-12 09:54	30720	----a-w-	c:\windows\system32\cryptdlg.dll
2013-05-10 03:20 . 2013-06-12 09:54	24576	----a-w-	c:\windows\SysWow64\cryptdlg.dll
2013-05-08 06:39 . 2013-06-12 09:54	1910632	----a-w-	c:\windows\system32\drivers\tcpip.sys
2013-05-02 08:22 . 2012-07-17 12:37	22240	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-02 00:06 . 2010-11-21 03:27	278800	------w-	c:\windows\system32\MpSigStub.exe
2013-04-26 05:51 . 2013-06-12 09:54	751104	----a-w-	c:\windows\system32\win32spl.dll
2013-04-26 04:55 . 2013-06-12 09:54	492544	----a-w-	c:\windows\SysWow64\win32spl.dll
2013-04-25 23:30 . 2013-06-12 09:54	1505280	----a-w-	c:\windows\SysWow64\d3d11.dll
2013-04-17 07:02 . 2013-06-12 09:54	1230336	----a-w-	c:\windows\SysWow64\WindowsCodecs.dll
2013-04-17 06:24 . 2013-06-12 09:54	1424384	----a-w-	c:\windows\system32\WindowsCodecs.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-06-21 19875432]
"Spotify Web Helper"="c:\users\GEPC\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2013-05-07 1105408]
"Steam"="d:\steam\Steam.exe" [2013-07-10 1672616]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
"G Data AntiVirus Tray"="c:\program files (x86)\G Data\AntiVirus\AVKTray\AVKTray.exe" [2013-03-22 1444304]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2013-06-28 2255184]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys;c:\windows\SYSNATIVE\Drivers\ssadadb.sys [x]
R3 GDPkIcpt;GDPkIcpt;c:\windows\system32\drivers\PktIcpt.sys;c:\windows\SYSNATIVE\drivers\PktIcpt.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdm.sys [x]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys;c:\windows\SYSNATIVE\DRIVERS\ssadserd.sys [x]
R3 StkCMini;Syntek AVStream USB2.0 ATV;c:\windows\system32\Drivers\StkCMini.sys;c:\windows\SYSNATIVE\Drivers\StkCMini.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R4 AVKProxy;G Data AntiVirus Proxy;c:\program files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe;c:\program files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe [x]
R4 AVKWCtl;G Data Dateisystem Wachter;c:\program files (x86)\G Data\AntiVirus\AVK\AVKWCtlX64.exe;c:\program files (x86)\G Data\AntiVirus\AVK\AVKWCtlX64.exe [x]
R4 GDScan;G Data Scanner;c:\program files (x86)\Common Files\G Data\GDScan\GDScan.exe;c:\program files (x86)\Common Files\G Data\GDScan\GDScan.exe [x]
S0 GDBehave;GDBehave;c:\windows\system32\drivers\GDBehave.sys;c:\windows\SYSNATIVE\drivers\GDBehave.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 GDMnIcpt;GDMnIcpt;c:\windows\system32\drivers\MiniIcpt.sys;c:\windows\SYSNATIVE\drivers\MiniIcpt.sys [x]
S1 gdwfpcd;G Data WFP CD;c:\windows\system32\drivers\gdwfpcd64.sys;c:\windows\SYSNATIVE\drivers\gdwfpcd64.sys [x]
S1 GRD;G Data Rootkit Detector Driver;c:\windows\system32\drivers\GRD.sys;c:\windows\SYSNATIVE\drivers\GRD.sys [x]
S1 HookCentre;HookCentre;c:\windows\system32\drivers\HookCentre.sys;c:\windows\SYSNATIVE\drivers\HookCentre.sys [x]
S2 AVKService;G Data Scheduler;c:\program files (x86)\G Data\AntiVirus\AVK\AVKService.exe;c:\program files (x86)\G Data\AntiVirus\AVK\AVKService.exe [x]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 StkSSrv;Syntek AVStream USB2.0 ATV Service;c:\windows\System32\StkCSrv.exe;c:\windows\SYSNATIVE\StkCSrv.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-07-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-09 21:42]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-12-12 7560296]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2013-03-21 472992]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uSearchAssistant = hxxp://www.google.com
IE: {{781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - d:\icq 7.7\ICQ7M\ICQ.exe
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\GEPC\AppData\Roaming\Mozilla\Firefox\Profiles\tdeajqej.default\
FF - prefs.js: browser.search.defaulturl - 
FF - prefs.js: browser.startup.homepage - hxxps://www.google.de/
FF - ExtSQL: 2013-06-30 13:13; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\GEPC\AppData\Roaming\Mozilla\Firefox\Profiles\tdeajqej.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
AddRemove-Adobe FlashPlayer Update Installer 11.5.502.112 - c:\users\GEPC\AppData\Local\Temp\Uninstall.exe
AddRemove-Heroes of Might and MagicR III - c:\windows\IsUn0407.exe
AddRemove-{C2A64693-17AF-F72B-176C-235AE71E5FE5} - c:\progra~3\INSTAL~3\{C445E~1\Setup.exe
AddRemove-≪Sleeping Dogs - Limited Edition≫_is1 - d:\sleeping dogs - limited edition\unins000.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:f6,28,5d,c4,b4,1d,58,e6,ce,f0,78,3d,a2,31,e1,c3,ee,0f,9b,6f,35,
   f2,95,38,a5,0a,0e,b8,cf,3c,28,b9,fe,ce,f0,36,35,d7,16,e8,c8,45,20,29,df,05,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:f6,28,5d,c4,b4,1d,58,e6,ce,f0,78,3d,a2,31,e1,c3,ee,0f,9b,6f,35,
   f2,95,38,a5,0a,0e,b8,cf,3c,28,b9,fe,ce,f0,36,35,d7,16,e8,c8,45,20,29,df,05,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-07-13  20:58:16
ComboFix-quarantined-files.txt  2013-07-13 18:58
.
Pre-Run: 13 Verzeichnis(se), 89.344.167.936 Bytes frei
Post-Run: 18 Verzeichnis(se), 91.004.301.312 Bytes frei
.
- - End Of File - - FFC15E958CE36803CEB8651454DBCA7F
A36C5E4F47E84449FF07ED3517B43A31
         


Alt 13.07.2013, 21:03   #6
schrauber
/// the machine
/// TB-Ausbilder
 

GVU Trojaner komplett entfernen? - Standard

GVU Trojaner komplett entfernen?



Zitat:
Inwiefern denn verschlüsselt? Heißt das etwa ich komme da nun gar nicht mehr ran?
nicht verschlüsselt, gecracked. Wenn man eine Software nutzt die bezahlt werden muss, macht die Software "Telefonieren-nach-Hause", wie bei E.T, und schaut auf dem Server ob deine Lizenz legal und bezahlt ist.

Auf diesem Rechner ist diese Anfrage auf localhost umgeleitet, ergo landet immer bei deinem Rechner, also wird die Lizenzabfrage beim Hersteller blockiert.

Bei Dir ist es dieses Programm:

Camtasia Studio 8 (x32 Version: 8.0.1.903)

Das ist geklaut und nicht bezahlt, illegal. Normal muss ich den Support hier einstellen. Wenn Du das Programm komplett deinstallierst können wir aber weiter machen.
__________________
--> GVU Trojaner komplett entfernen?

Alt 13.07.2013, 21:09   #7
Jawa
 
GVU Trojaner komplett entfernen? - Standard

GVU Trojaner komplett entfernen?



Das habe ich nicht gewusst, ist gelöscht und wird direkt weiter gegeben auf das soetwas nicht mehr auf meinem Rechner erscheint. Wie kann ich denn hier zeigen das es weg ist?

Alt 13.07.2013, 21:17   #8
schrauber
/// the machine
/// TB-Ausbilder
 

GVU Trojaner komplett entfernen? - Standard

GVU Trojaner komplett entfernen?



Zitat:
Wie kann ich denn hier zeigen das es weg ist?
ich seh das in den Logs. Ausserdem vertrau ich jetztmal auf dein Wort

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).


Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 13.07.2013, 21:36   #9
Jawa
 
GVU Trojaner komplett entfernen? - Standard

GVU Trojaner komplett entfernen?



Also gut hier ist AdwCleaner:

Code:
ATTFilter
# AdwCleaner v2.305 - Datei am 13/07/2013 um 22:20:30 erstellt
# Aktualisiert am 11/07/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : GEPC - FLORIAN
# Bootmodus : Normal
# Ausgefuhrt unter : C:\Users\GEPC\Desktop\adwcleaner.exe
# Option [Loschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Geloscht : C:\Users\GEPC\AppData\Roaming\Mozilla\Firefox\Profiles\tdeajqej.default\foxydeal.sqlite
Ordner Geloscht : C:\Users\GEPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl

***** [Registrierungsdatenbank] *****


***** [Internet Browser] *****

-\\ Internet Explorer v10.0.9200.16635

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v22.0 (de)

Datei : C:\Users\GEPC\AppData\Roaming\Mozilla\Firefox\Profiles\tdeajqej.default\prefs.js

[OK] Die Datei ist sauber.

-\\ Google Chrome v [Version kann nicht ermittelt werden]

Datei : C:\Users\GEPC\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[S1].txt - [27930 octets] - [13/07/2013 18:45:09]
AdwCleaner[S2].txt - [1184 octets] - [13/07/2013 22:20:30]

########## EOF - C:\AdwCleaner[S2].txt - [1244 octets] ##########
         
Junkware Removal Tool:

Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.0.9 (07.12.2013:2)
OS: Windows 7 Home Premium x64
Ran by GEPC on 13.07.2013 at 22:25:55,92
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 13.07.2013 at 22:28:55,28
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
Die frische FRST:


FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-07-2013 01
Ran by GEPC (administrator) on 13-07-2013 22:32:00
Running from C:\Users\GEPC\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(G Data Software AG) C:\Program Files (x86)\G Data\AntiVirus\AVK\AVKService.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Syntek America Inc.) C:\Windows\System32\StkCSrv.exe
(Ulead Systems, Inc.) C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Spotify Ltd) C:\Users\GEPC\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(G Data Software AG) C:\Program Files (x86)\G Data\AntiVirus\AVKTray\AVKTray.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G DATA\AVKProxy\GdBgInx64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s [7560296 2011-12-12] (Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [472992 2013-03-21] (Adobe Systems Incorporated)
HKCU\...\Run: [Skype] - "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [19875432 2013-06-21] (Skype Technologies S.A.)
HKCU\...\Run: [Spotify Web Helper] - "C:\Users\GEPC\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [1105408 2013-05-07] (Spotify Ltd)
HKCU\...\Run: [Steam] - "D:\Steam\Steam.exe" -silent [x]
HKLM-x32\...\Run: [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] - "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [G Data AntiVirus Tray] - C:\Program Files (x86)\G Data\AntiVirus\AVKTray\AVKTray.exe [1444304 2013-03-22] (G Data Software AG)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] - "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start [2255184 2013-06-28] (LogMeIn Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - "C:\Program Files (x86)\Internet Explorer\iexplore.exe"
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)

FireFox:
========
FF ProfilePath: C:\Users\GEPC\AppData\Roaming\Mozilla\Firefox\Profiles\tdeajqej.default
FF Homepage: https://www.google.de/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @java.com/DTPlugin,version=10.17.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.17.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF SearchPlugin: C:\Users\GEPC\AppData\Roaming\Mozilla\Firefox\Profiles\tdeajqej.default\searchplugins\englische-ergebnisse.xml
FF SearchPlugin: C:\Users\GEPC\AppData\Roaming\Mozilla\Firefox\Profiles\tdeajqej.default\searchplugins\gmx-suche.xml
FF SearchPlugin: C:\Users\GEPC\AppData\Roaming\Mozilla\Firefox\Profiles\tdeajqej.default\searchplugins\lastminute.xml
FF SearchPlugin: C:\Users\GEPC\AppData\Roaming\Mozilla\Firefox\Profiles\tdeajqej.default\searchplugins\searchplugins-backup
FF SearchPlugin: C:\Users\GEPC\AppData\Roaming\Mozilla\Firefox\Profiles\tdeajqej.default\searchplugins\webde-suche.xml
FF Extension: ProxTube - Gesperrte YouTube Videos entsperren - C:\Users\GEPC\AppData\Roaming\Mozilla\Firefox\Profiles\tdeajqej.default\Extensions\ich@maltegoetz.de
FF Extension: No Name - C:\Users\GEPC\AppData\Roaming\Mozilla\Firefox\Profiles\tdeajqej.default\Extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}.xpi
FF Extension: No Name - C:\Users\GEPC\AppData\Roaming\Mozilla\Firefox\Profiles\tdeajqej.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

Chrome: 
=======
CHR Extension: (BRoawsoe2save) - C:\Users\GEPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\plnjboioidallfpohbmpbjhipjnlginf\1

==================== Services (Whitelisted) =================

S4 AVKProxy; C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe [1957840 2013-03-22] (G Data Software AG)
R2 AVKService; C:\Program Files (x86)\G Data\AntiVirus\AVK\AVKService.exe [635344 2013-02-25] (G Data Software AG)
S4 AVKWCtl; C:\Program Files (x86)\G Data\AntiVirus\AVK\AVKWCtlX64.exe [2556896 2013-04-24] (G Data Software AG)
S4 GDScan; C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe [696808 2013-02-25] (G Data Software AG)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-02-07] (Intel Corporation)
R2 StkSSrv; C:\Windows\System32\StkCSrv.exe [24576 2007-02-12] (Syntek America Inc.)

==================== Drivers (Whitelisted) ====================

R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-08-09] (DT Soft Ltd)
R0 GDBehave; C:\Windows\System32\drivers\GDBehave.sys [60248 2013-06-04] (G Data Software AG)
R1 GDMnIcpt; C:\Windows\system32\drivers\MiniIcpt.sys [130392 2013-06-04] (G Data Software AG)
S3 GDPkIcpt; C:\Windows\system32\drivers\PktIcpt.sys [62368 2013-01-08] (G Data Software AG)
R1 gdwfpcd; C:\Windows\System32\drivers\gdwfpcd64.sys [64856 2013-06-04] (G Data Software AG)
R1 GRD; C:\Windows\system32\drivers\GRD.sys [106648 2012-08-09] (G Data Software)
R1 GRD; C:\Windows\system32\drivers\GRD.sys [106648 2012-08-09] (G Data Software)
R1 HookCentre; C:\Windows\system32\drivers\HookCentre.sys [65368 2013-06-04] (G Data Software AG)
S3 StkCMini; C:\Windows\System32\Drivers\StkCMini.sys [632704 2007-06-28] (Syntek)
S3 usbbus; C:\Windows\System32\DRIVERS\lgx64bus.sys [17920 2008-11-11] (LG Electronics Inc.)
S3 UsbDiag; C:\Windows\System32\DRIVERS\lgx64diag.sys [27136 2008-11-11] (LG Electronics Inc.)
S3 USBModem; C:\Windows\System32\DRIVERS\lgx64modem.sys [33792 2008-11-11] (LG Electronics Inc.)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-13 22:28 - 2013-07-13 22:28 - 00000624 _____ C:\Users\GEPC\Desktop\JRT.txt
2013-07-13 22:22 - 2013-07-13 22:22 - 00001313 _____ C:\Users\GEPC\Desktop\AdwCleaner[S2].txt
2013-07-13 22:20 - 2013-07-13 22:20 - 00001313 _____ C:\AdwCleaner[S2].txt
2013-07-13 22:19 - 2013-07-13 22:19 - 00662345 _____ C:\Users\GEPC\Desktop\adwcleaner.exe
2013-07-13 20:58 - 2013-07-13 20:58 - 00021759 _____ C:\ComboFix.txt
2013-07-13 20:31 - 2013-07-13 20:58 - 00000000 ____D C:\Qoobox
2013-07-13 20:31 - 2013-07-13 20:57 - 00000000 ____D C:\Windows\erdnt
2013-07-13 20:31 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2013-07-13 20:31 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2013-07-13 20:31 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-07-13 20:31 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-07-13 20:31 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-07-13 20:31 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2013-07-13 20:31 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2013-07-13 20:31 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2013-07-13 20:28 - 2013-07-13 20:29 - 05088600 ____R (Swearware) C:\Users\GEPC\Desktop\ComboFix.exe
2013-07-13 19:19 - 2013-07-13 19:19 - 00006912 _____ C:\Users\GEPC\Desktop\Malwarebytes vor Ausbruch des Virus.txt
2013-07-13 19:19 - 2013-07-13 19:19 - 00002614 _____ C:\Users\GEPC\Desktop\Malwarebytes nach dem Virus.txt
2013-07-13 18:57 - 2013-07-13 18:57 - 00033389 _____ C:\Users\GEPC\Downloads\FRST.txt
2013-07-13 18:57 - 2013-07-13 18:57 - 00014757 _____ C:\Users\GEPC\Downloads\Addition.txt
2013-07-13 18:56 - 2013-07-13 18:56 - 00000000 ____D C:\FRST
2013-07-13 18:55 - 2013-07-13 18:55 - 01777829 _____ (Farbar) C:\Users\GEPC\Desktop\FRST64.exe
2013-07-13 18:50 - 2013-07-13 22:24 - 00559441 _____ (Oleg N. Scherbakov) C:\Users\GEPC\Desktop\JRT.exe
2013-07-13 18:50 - 2013-07-13 18:50 - 00000000 ____D C:\Windows\ERUNT
2013-07-13 18:45 - 2013-07-13 18:45 - 00027930 _____ C:\AdwCleaner[S1].txt
2013-07-13 18:42 - 2013-07-13 18:42 - 00000869 _____ C:\Users\GEPC\Desktop\checkup.txt
2013-07-13 18:31 - 2013-07-13 18:31 - 00890988 _____ C:\Users\GEPC\Downloads\SecurityCheck.exe
2013-07-13 18:26 - 2013-07-13 18:26 - 00021557 _____ C:\Users\GEPC\Desktop\eset.txt
2013-07-13 03:22 - 2013-07-13 03:22 - 00000000 ____D C:\Program Files (x86)\ESET
2013-07-13 03:21 - 2013-07-13 03:21 - 02347384 _____ (ESET) C:\Users\GEPC\Downloads\esetsmartinstaller_enu.exe
2013-07-13 03:07 - 2013-06-12 01:42 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-13 03:07 - 2013-06-12 01:25 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-13 03:07 - 2013-06-07 05:22 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-13 03:07 - 2013-06-07 04:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-13 03:06 - 2013-06-12 01:43 - 14329856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-13 03:06 - 2013-06-12 01:43 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-13 03:06 - 2013-06-12 01:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-13 03:06 - 2013-06-12 01:43 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-13 03:06 - 2013-06-12 01:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-13 03:06 - 2013-06-12 01:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-13 03:06 - 2013-06-12 01:43 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-13 03:06 - 2013-06-12 01:42 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-13 03:06 - 2013-06-12 01:42 - 02046976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-13 03:06 - 2013-06-12 01:42 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-07-13 03:06 - 2013-06-12 01:42 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-07-13 03:06 - 2013-06-12 01:42 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-07-13 03:06 - 2013-06-12 01:26 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-13 03:06 - 2013-06-12 01:26 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-13 03:06 - 2013-06-12 01:26 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-07-13 03:06 - 2013-06-12 01:25 - 19238912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-13 03:06 - 2013-06-12 01:25 - 15404032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-13 03:06 - 2013-06-12 01:25 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-13 03:06 - 2013-06-12 01:25 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-13 03:06 - 2013-06-12 01:25 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-13 03:06 - 2013-06-12 01:25 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-13 03:06 - 2013-06-12 01:25 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-07-13 03:06 - 2013-06-12 01:25 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-07-13 03:06 - 2013-06-12 01:25 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-13 03:06 - 2013-06-12 01:25 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-07-13 03:06 - 2013-06-12 00:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-13 03:06 - 2013-06-12 00:50 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-07-13 00:02 - 2013-07-13 00:02 - 00000201 _____ C:\Users\GEPC\Desktop\Borderlands 2.url
2013-07-12 20:26 - 2013-06-04 08:00 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-07-12 20:26 - 2013-06-04 06:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2013-07-12 20:26 - 2013-05-06 08:03 - 01887744 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-12 20:26 - 2013-05-06 06:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-07-12 20:25 - 2013-06-05 05:34 - 03153920 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-07-12 20:24 - 2013-04-10 01:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-07-12 20:24 - 2013-04-03 00:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-07-12 19:15 - 2013-07-12 19:15 - 00000000 ____D C:\Users\GEPC\AppData\Local\YwzTRfLA
2013-07-12 19:15 - 2013-07-12 19:15 - 00000000 ____D C:\Users\GEPC\AppData\Local\QMCNjAnv
2013-07-12 12:15 - 2013-07-12 12:15 - 00000202 _____ C:\Users\GEPC\Desktop\Bastion.url
2013-07-11 22:47 - 2013-07-11 22:47 - 00000200 _____ C:\Users\GEPC\Desktop\Thief Deadly Shadows.url
2013-07-11 22:43 - 2013-07-11 22:43 - 00000202 _____ C:\Users\GEPC\Desktop\Thief 2.url
2013-07-11 22:24 - 2013-07-11 22:24 - 00000202 _____ C:\Users\GEPC\Desktop\Thief Gold.url
2013-07-11 01:42 - 2013-07-11 01:46 - 01933440 _____ C:\Users\GEPC\Desktop\Portal endgültige ende.sfk
2013-07-11 01:40 - 2013-07-11 01:41 - 00003776 _____ C:\Users\GEPC\Desktop\Outro.mp4.sfk
2013-07-11 01:39 - 2013-07-11 01:41 - 01230496 _____ C:\Users\GEPC\Desktop\Borderlands - All DLC Cutscene Bosses in Order.mp4.sfk
2013-07-11 01:39 - 2013-07-11 01:39 - 247472172 _____ C:\Users\GEPC\Desktop\Portal endgültige ende.wav
2013-07-10 03:36 - 2013-07-10 03:36 - 00303148 _____ C:\Users\GEPC\Desktop\Moofey singt.wav
2013-07-09 22:30 - 2013-07-09 22:32 - 29911045 _____ C:\Users\GEPC\Desktop\Borderlands_ Claptrap's New Revolution DLC - Mr. Blake & Marcus Cutscene Intros HD Gameplay PS3.mp4
2013-07-09 21:38 - 2013-07-09 21:39 - 04805561 _____ C:\Users\GEPC\Desktop\Borderlands Mr Blake Intro.mp4
2013-07-09 21:36 - 2013-07-09 21:40 - 44659881 _____ C:\Users\GEPC\Desktop\Borderlands Cluck-Trap (HD).mp4
2013-07-09 02:32 - 2013-07-09 02:32 - 00000664 _____ C:\Users\GEPC\Documents\Jawamann Deckliste.txt
2013-07-08 19:55 - 2013-07-08 19:55 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_ssadadb_01005.Wdf
2013-07-07 12:26 - 2013-07-07 12:26 - 00000199 _____ C:\Users\GEPC\Desktop\Left 4 Dead 2.url
2013-07-04 17:29 - 2013-07-04 19:32 - 00000000 ____D C:\Users\GEPC\AppData\Roaming\Nico Mak Computing
2013-07-04 17:29 - 2013-07-04 17:32 - 44141605 _____ C:\Users\GEPC\Desktop\Der Weg neu).mp4
2013-07-04 16:39 - 2013-07-04 16:39 - 00000202 _____ C:\Users\GEPC\Desktop\Unepic.url
2013-07-04 15:51 - 2013-07-13 00:55 - 00000000 ____D C:\Users\GEPC\AppData\Roaming\vlc
2013-07-04 15:50 - 2013-07-04 15:50 - 00001066 _____ C:\Users\Public\Desktop\VLC media player.lnk
2013-07-04 15:50 - 2013-07-04 15:50 - 00001066 _____ C:\ProgramData\Desktop\VLC media player.lnk
2013-07-03 22:54 - 2013-07-03 22:54 - 00000192 _____ C:\Users\GEPC\Desktop\Baldur's Gate Enhanced Edition.url
2013-07-03 19:13 - 2013-07-03 22:12 - 00013495 _____ C:\Users\GEPC\Desktop\Intrp Skript.odt
2013-07-02 20:29 - 2013-07-02 20:29 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi
2013-07-01 13:00 - 2013-07-01 13:00 - 00000199 _____ C:\Users\GEPC\Desktop\Portal.url
2013-06-29 15:05 - 2013-07-03 20:33 - 00000000 ____D C:\Users\GEPC\Desktop\JaDMod Bilder
2013-06-29 12:33 - 2013-07-03 15:44 - 00000000 ____D C:\Users\GEPC\Desktop\Bilder
2013-06-27 21:17 - 2013-06-27 22:09 - 599795156 _____ C:\Users\GEPC\Desktop\Borderlands - All DLC Cutscene Bosses in Order.mp4
2013-06-26 12:49 - 2013-06-27 00:33 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-06-25 12:42 - 2013-06-25 12:42 - 00020020 _____ C:\Users\GEPC\Desktop\Magicka Komplett.odt
2013-06-25 12:19 - 2013-07-09 02:25 - 00000000 ____D C:\Program Files (x86)\DevPro
2013-06-24 21:43 - 2013-06-24 21:43 - 00172032 _____ (Europress Software) C:\Windows\SysWOW64\cncs32.dll
2013-06-24 21:43 - 2013-06-24 21:43 - 00000018 _____ C:\Windows\gfact.ini
2013-06-24 21:43 - 2013-06-24 21:43 - 00000000 ____D C:\Windows\technician
2013-06-24 21:43 - 2013-06-24 21:43 - 00000000 ____D C:\Users\GEPC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Jeux
2013-06-24 01:17 - 2013-06-24 01:17 - 00263592 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-06-24 01:17 - 2013-06-24 01:17 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-06-24 01:17 - 2013-06-24 01:17 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-06-24 01:17 - 2013-06-24 01:17 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-06-24 01:17 - 2013-06-24 01:17 - 00000000 ____D C:\Program Files (x86)\Java
2013-06-22 23:50 - 2013-06-22 23:50 - 00000201 _____ C:\Users\GEPC\Desktop\Magicka.url
2013-06-22 01:30 - 2013-06-22 01:30 - 00000202 _____ C:\Users\GEPC\Desktop\Awesomenauts.url
2013-06-22 01:02 - 2013-06-22 01:02 - 00000202 _____ C:\Users\GEPC\Desktop\Ace of Spades.url
2013-06-15 01:06 - 2013-06-15 01:06 - 00000000 ____D C:\Users\GEPC\AppData\Roaming\collection
2013-06-14 16:29 - 2013-06-14 16:29 - 00000202 _____ C:\Users\GEPC\Desktop\The Basement Collection.url
2013-06-13 01:42 - 2013-06-13 01:43 - 00023901 _____ C:\Users\GEPC\Desktop\Vorgeschichte Mest.odt

==================== One Month Modified Files and Folders =======

2013-07-13 22:29 - 2009-07-14 06:45 - 00021840 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-13 22:29 - 2009-07-14 06:45 - 00021840 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-13 22:28 - 2013-07-13 22:28 - 00000624 _____ C:\Users\GEPC\Desktop\JRT.txt
2013-07-13 22:24 - 2013-07-13 18:50 - 00559441 _____ (Oleg N. Scherbakov) C:\Users\GEPC\Desktop\JRT.exe
2013-07-13 22:23 - 2012-12-13 12:46 - 00000000 ____D C:\Users\GEPC\AppData\Roaming\Skype
2013-07-13 22:22 - 2013-07-13 22:22 - 00001313 _____ C:\Users\GEPC\Desktop\AdwCleaner[S2].txt
2013-07-13 22:22 - 2013-03-10 23:14 - 00000000 ____D C:\Users\GEPC\AppData\Local\LogMeIn Hamachi
2013-07-13 22:21 - 2012-08-08 08:41 - 00000000 ____D C:\ProgramData\NVIDIA
2013-07-13 22:21 - 2012-08-08 01:16 - 01791622 _____ C:\Windows\WindowsUpdate.log
2013-07-13 22:21 - 2010-11-21 05:47 - 00517952 _____ C:\Windows\PFRO.log
2013-07-13 22:21 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-07-13 22:21 - 2009-07-14 06:51 - 00129505 _____ C:\Windows\setupact.log
2013-07-13 22:20 - 2013-07-13 22:20 - 00001313 _____ C:\AdwCleaner[S2].txt
2013-07-13 22:19 - 2013-07-13 22:19 - 00662345 _____ C:\Users\GEPC\Desktop\adwcleaner.exe
2013-07-13 21:42 - 2012-11-12 11:27 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-13 20:59 - 2013-04-06 02:02 - 00000000 ____D C:\Users\GEPC\AppData\Local\Apps\2.0
2013-07-13 20:58 - 2013-07-13 20:58 - 00021759 _____ C:\ComboFix.txt
2013-07-13 20:58 - 2013-07-13 20:31 - 00000000 ____D C:\Qoobox
2013-07-13 20:58 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Default
2013-07-13 20:57 - 2013-07-13 20:31 - 00000000 ____D C:\Windows\erdnt
2013-07-13 20:57 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini
2013-07-13 20:36 - 2012-12-03 21:38 - 00000000 ____D C:\Users\GEPC\AppData\Local\CrashDumps
2013-07-13 20:29 - 2013-07-13 20:28 - 05088600 ____R (Swearware) C:\Users\GEPC\Desktop\ComboFix.exe
2013-07-13 19:22 - 2013-04-06 02:02 - 00000000 ____D C:\Users\GEPC\AppData\Local\Deployment
2013-07-13 19:19 - 2013-07-13 19:19 - 00006912 _____ C:\Users\GEPC\Desktop\Malwarebytes vor Ausbruch des Virus.txt
2013-07-13 19:19 - 2013-07-13 19:19 - 00002614 _____ C:\Users\GEPC\Desktop\Malwarebytes nach dem Virus.txt
2013-07-13 18:57 - 2013-07-13 18:57 - 00033389 _____ C:\Users\GEPC\Downloads\FRST.txt
2013-07-13 18:57 - 2013-07-13 18:57 - 00014757 _____ C:\Users\GEPC\Downloads\Addition.txt
2013-07-13 18:56 - 2013-07-13 18:56 - 00000000 ____D C:\FRST
2013-07-13 18:55 - 2013-07-13 18:55 - 01777829 _____ (Farbar) C:\Users\GEPC\Desktop\FRST64.exe
2013-07-13 18:50 - 2013-07-13 18:50 - 00000000 ____D C:\Windows\ERUNT
2013-07-13 18:45 - 2013-07-13 18:45 - 00027930 _____ C:\AdwCleaner[S1].txt
2013-07-13 18:42 - 2013-07-13 18:42 - 00000869 _____ C:\Users\GEPC\Desktop\checkup.txt
2013-07-13 18:31 - 2013-07-13 18:31 - 00890988 _____ C:\Users\GEPC\Downloads\SecurityCheck.exe
2013-07-13 18:26 - 2013-07-13 18:26 - 00021557 _____ C:\Users\GEPC\Desktop\eset.txt
2013-07-13 08:23 - 2012-12-13 19:44 - 00004070 _____ C:\Windows\System32\Tasks\Software Updater Ui
2013-07-13 08:23 - 2012-12-10 19:43 - 00004130 _____ C:\Windows\System32\Tasks\Software Updater
2013-07-13 04:33 - 2009-07-14 06:45 - 04944432 _____ C:\Windows\system32\FNTCACHE.DAT
2013-07-13 04:32 - 2012-11-15 19:02 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-13 04:32 - 2012-11-15 19:02 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-07-13 04:31 - 2010-11-21 09:00 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-13 04:31 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-13 04:31 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-07-13 03:22 - 2013-07-13 03:22 - 00000000 ____D C:\Program Files (x86)\ESET
2013-07-13 03:21 - 2013-07-13 03:21 - 02347384 _____ (ESET) C:\Users\GEPC\Downloads\esetsmartinstaller_enu.exe
2013-07-13 03:11 - 2012-08-07 19:46 - 78185248 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-07-13 02:00 - 2012-08-20 14:05 - 00000000 ____D C:\Users\GEPC\AppData\Local\Adobe
2013-07-13 00:55 - 2013-07-04 15:51 - 00000000 ____D C:\Users\GEPC\AppData\Roaming\vlc
2013-07-13 00:02 - 2013-07-13 00:02 - 00000201 _____ C:\Users\GEPC\Desktop\Borderlands 2.url
2013-07-13 00:02 - 2013-03-27 23:55 - 00000000 ____D C:\Users\GEPC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2013-07-12 21:09 - 2013-04-06 02:03 - 00000000 ____D C:\Users\GEPC\AppData\Roaming\MetroTwit
2013-07-12 21:09 - 2012-11-29 22:21 - 00000000 ____D C:\Users\GEPC\AppData\Local\TubeBox
2013-07-12 21:09 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\registration
2013-07-12 21:09 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\AppCompat
2013-07-12 21:09 - 2009-07-14 05:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2013-07-12 20:19 - 2012-08-08 01:19 - 00000000 ____D C:\Users\GEPC
2013-07-12 19:15 - 2013-07-12 19:15 - 00000000 ____D C:\Users\GEPC\AppData\Local\YwzTRfLA
2013-07-12 19:15 - 2013-07-12 19:15 - 00000000 ____D C:\Users\GEPC\AppData\Local\QMCNjAnv
2013-07-12 12:15 - 2013-07-12 12:15 - 00000202 _____ C:\Users\GEPC\Desktop\Bastion.url
2013-07-11 22:47 - 2013-07-11 22:47 - 00000200 _____ C:\Users\GEPC\Desktop\Thief Deadly Shadows.url
2013-07-11 22:43 - 2013-07-11 22:43 - 00000202 _____ C:\Users\GEPC\Desktop\Thief 2.url
2013-07-11 22:24 - 2013-07-11 22:24 - 00000202 _____ C:\Users\GEPC\Desktop\Thief Gold.url
2013-07-11 02:20 - 2012-09-01 08:31 - 00000000 ____D C:\Users\GEPC\Desktop\Sony Vegas Dateien (geschnitten)
2013-07-11 01:46 - 2013-07-11 01:42 - 01933440 _____ C:\Users\GEPC\Desktop\Portal endgültige ende.sfk
2013-07-11 01:41 - 2013-07-11 01:40 - 00003776 _____ C:\Users\GEPC\Desktop\Outro.mp4.sfk
2013-07-11 01:41 - 2013-07-11 01:39 - 01230496 _____ C:\Users\GEPC\Desktop\Borderlands - All DLC Cutscene Bosses in Order.mp4.sfk
2013-07-11 01:39 - 2013-07-11 01:39 - 247472172 _____ C:\Users\GEPC\Desktop\Portal endgültige ende.wav
2013-07-11 01:39 - 2012-08-12 22:28 - 00000000 ____D C:\Users\GEPC\AppData\Roaming\Audacity
2013-07-10 21:34 - 2012-12-13 12:46 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-07-10 21:34 - 2012-12-13 12:27 - 00000000 ____D C:\ProgramData\Skype
2013-07-10 03:36 - 2013-07-10 03:36 - 00303148 _____ C:\Users\GEPC\Desktop\Moofey singt.wav
2013-07-09 22:32 - 2013-07-09 22:30 - 29911045 _____ C:\Users\GEPC\Desktop\Borderlands_ Claptrap's New Revolution DLC - Mr. Blake & Marcus Cutscene Intros HD Gameplay PS3.mp4
2013-07-09 21:40 - 2013-07-09 21:36 - 44659881 _____ C:\Users\GEPC\Desktop\Borderlands Cluck-Trap (HD).mp4
2013-07-09 21:39 - 2013-07-09 21:38 - 04805561 _____ C:\Users\GEPC\Desktop\Borderlands Mr Blake Intro.mp4
2013-07-09 13:19 - 2010-11-21 08:50 - 00689126 _____ C:\Windows\system32\perfh007.dat
2013-07-09 13:19 - 2010-11-21 08:50 - 00149098 _____ C:\Windows\system32\perfc007.dat
2013-07-09 13:19 - 2009-07-14 07:13 - 01620612 _____ C:\Windows\system32\PerfStringBackup.INI
2013-07-09 02:32 - 2013-07-09 02:32 - 00000664 _____ C:\Users\GEPC\Documents\Jawamann Deckliste.txt
2013-07-09 02:25 - 2013-06-25 12:19 - 00000000 ____D C:\Program Files (x86)\DevPro
2013-07-08 19:55 - 2013-07-08 19:55 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_ssadadb_01005.Wdf
2013-07-07 12:26 - 2013-07-07 12:26 - 00000199 _____ C:\Users\GEPC\Desktop\Left 4 Dead 2.url
2013-07-07 12:20 - 2013-02-08 23:20 - 00000000 ____D C:\Users\GEPC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Left 4 Dead
2013-07-06 21:57 - 2012-11-26 19:29 - 00000000 ____D C:\Users\GEPC\AppData\Local\Paint.NET
2013-07-05 22:04 - 2012-08-07 19:39 - 00080912 _____ C:\Users\GEPC\AppData\Local\GDIPFONTCACHEV1.DAT
2013-07-04 19:32 - 2013-07-04 17:29 - 00000000 ____D C:\Users\GEPC\AppData\Roaming\Nico Mak Computing
2013-07-04 17:32 - 2013-07-04 17:29 - 44141605 _____ C:\Users\GEPC\Desktop\Der Weg neu).mp4
2013-07-04 17:29 - 2013-01-03 03:21 - 00001289 _____ C:\Users\Public\Desktop\YTD Video Downloader.lnk
2013-07-04 17:29 - 2013-01-03 03:21 - 00001289 _____ C:\ProgramData\Desktop\YTD Video Downloader.lnk
2013-07-04 16:39 - 2013-07-04 16:39 - 00000202 _____ C:\Users\GEPC\Desktop\Unepic.url
2013-07-04 15:50 - 2013-07-04 15:50 - 00001066 _____ C:\Users\Public\Desktop\VLC media player.lnk
2013-07-04 15:50 - 2013-07-04 15:50 - 00001066 _____ C:\ProgramData\Desktop\VLC media player.lnk
2013-07-04 15:12 - 2012-09-03 16:00 - 00018419 _____ C:\Users\GEPC\Desktop\LP.odt
2013-07-03 22:54 - 2013-07-03 22:54 - 00000192 _____ C:\Users\GEPC\Desktop\Baldur's Gate Enhanced Edition.url
2013-07-03 22:12 - 2013-07-03 19:13 - 00013495 _____ C:\Users\GEPC\Desktop\Intrp Skript.odt
2013-07-03 20:33 - 2013-06-29 15:05 - 00000000 ____D C:\Users\GEPC\Desktop\JaDMod Bilder
2013-07-03 15:44 - 2013-06-29 12:33 - 00000000 ____D C:\Users\GEPC\Desktop\Bilder
2013-07-02 20:29 - 2013-07-02 20:29 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi
2013-07-02 15:13 - 2012-09-17 18:21 - 00000000 ____D C:\Users\GEPC\Desktop\Youtube
2013-07-01 13:00 - 2013-07-01 13:00 - 00000199 _____ C:\Users\GEPC\Desktop\Portal.url
2013-06-27 22:09 - 2013-06-27 21:17 - 599795156 _____ C:\Users\GEPC\Desktop\Borderlands - All DLC Cutscene Bosses in Order.mp4
2013-06-27 09:26 - 2012-08-30 07:08 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-06-27 00:33 - 2013-06-26 12:49 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-06-26 13:50 - 2012-08-09 21:16 - 00000000 ____D C:\Users\GEPC\AppData\Roaming\.minecraft
2013-06-25 12:45 - 2012-08-09 14:19 - 00000000 ____D C:\Users\GEPC\AppData\Roaming\Adobe
2013-06-25 12:42 - 2013-06-25 12:42 - 00020020 _____ C:\Users\GEPC\Desktop\Magicka Komplett.odt
2013-06-24 21:43 - 2013-06-24 21:43 - 00172032 _____ (Europress Software) C:\Windows\SysWOW64\cncs32.dll
2013-06-24 21:43 - 2013-06-24 21:43 - 00000018 _____ C:\Windows\gfact.ini
2013-06-24 21:43 - 2013-06-24 21:43 - 00000000 ____D C:\Windows\technician
2013-06-24 21:43 - 2013-06-24 21:43 - 00000000 ____D C:\Users\GEPC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Jeux
2013-06-24 01:17 - 2013-06-24 01:17 - 00263592 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-06-24 01:17 - 2013-06-24 01:17 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-06-24 01:17 - 2013-06-24 01:17 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-06-24 01:17 - 2013-06-24 01:17 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-06-24 01:17 - 2013-06-24 01:17 - 00000000 ____D C:\Program Files (x86)\Java
2013-06-24 01:17 - 2013-03-23 21:47 - 00867240 _____ (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2013-06-24 01:17 - 2013-03-23 21:47 - 00789416 _____ (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2013-06-23 10:46 - 2012-08-21 02:16 - 00096193 _____ C:\Windows\DirectX.log
2013-06-22 23:50 - 2013-06-22 23:50 - 00000201 _____ C:\Users\GEPC\Desktop\Magicka.url
2013-06-22 01:30 - 2013-06-22 01:30 - 00000202 _____ C:\Users\GEPC\Desktop\Awesomenauts.url
2013-06-22 01:02 - 2013-06-22 01:02 - 00000202 _____ C:\Users\GEPC\Desktop\Ace of Spades.url
2013-06-18 13:01 - 2012-12-16 00:42 - 00001078 _____ C:\Users\GEPC\Desktop\League of Legends.lnk
2013-06-15 01:06 - 2013-06-15 01:06 - 00000000 ____D C:\Users\GEPC\AppData\Roaming\collection
2013-06-14 16:29 - 2013-06-14 16:29 - 00000202 _____ C:\Users\GEPC\Desktop\The Basement Collection.url
2013-06-14 03:17 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-06-13 01:43 - 2013-06-13 01:42 - 00023901 _____ C:\Users\GEPC\Desktop\Vorgeschichte Mest.odt

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-07-13 05:02

==================== End Of Log ============================
         
--- --- ---

Alt 14.07.2013, 12:31   #10
schrauber
/// the machine
/// TB-Ausbilder
 

GVU Trojaner komplett entfernen? - Standard

GVU Trojaner komplett entfernen?




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 14.07.2013, 16:09   #11
Jawa
 
GVU Trojaner komplett entfernen? - Standard

GVU Trojaner komplett entfernen?



Also hier erstmal die ganzen Logs:

Eset (soweit ich das durchschaue ist die vom letzten Mal auch noch dabei):

Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=3b3ccc38c606934a87b33c050fed8e69
# engine=14379
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-07-13 04:23:45
# local_time=2013-07-13 06:23:45 (+0100, Mitteleurop臺sche Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776573 100 94 10831 125362475 0 0
# scanned=860501
# found=188
# cleaned=28
# scan_time=10571
sh=410B32FD3FE4642644AD91AC60C69B86EC2762DD ft=1 fh=0e378a435beab91a vn="a variant of Win32/Adware.Yontoo.B application" ac=I fn="C:\Documents and Settings\All Users\Application Data\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setupx.dll"
sh=410B32FD3FE4642644AD91AC60C69B86EC2762DD ft=1 fh=0e378a435beab91a vn="a variant of Win32/Adware.Yontoo.B application" ac=I fn="C:\Documents and Settings\All Users\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setupx.dll"
sh=11445FCF304B2043FF37461C4F34F492EE5BB19C ft=1 fh=21ba350e23674168 vn="multiple threats" ac=I fn="C:\Documents and Settings\GEPC\AppData\Local\Anwendungsdaten\Temporary Internet Files\Content.IE5\JRM4JVR4\yontoosetup[1].exe"
sh=EF7B656FCA59643387C28782F378E22FA1E9E540 ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.H application" ac=I fn="C:\Documents and Settings\GEPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\plnjboioidallfpohbmpbjhipjnlginf\1\5173fdb565c156.63885085.js"
sh=11445FCF304B2043FF37461C4F34F492EE5BB19C ft=1 fh=21ba350e23674168 vn="multiple threats" ac=I fn="C:\Documents and Settings\GEPC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JRM4JVR4\yontoosetup[1].exe"
sh=1FD832CB6CCC3681772167AC982DF079B3EA184A ft=1 fh=51eb8b785eee4b7f vn="a variant of Win32/Adware.iBryte.H application" ac=I fn="C:\Documents and Settings\GEPC\AppData\Local\Temp\NyQp+g6T.exe.part"
sh=11445FCF304B2043FF37461C4F34F492EE5BB19C ft=1 fh=21ba350e23674168 vn="multiple threats" ac=I fn="C:\Documents and Settings\GEPC\AppData\Local\Temporary Internet Files\Content.IE5\JRM4JVR4\yontoosetup[1].exe"
sh=EF7B656FCA59643387C28782F378E22FA1E9E540 ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.H application" ac=I fn="C:\Documents and Settings\GEPC\Lokale Einstellungen\Google\Chrome\User Data\Default\Extensions\plnjboioidallfpohbmpbjhipjnlginf\1\5173fdb565c156.63885085.js"
sh=11445FCF304B2043FF37461C4F34F492EE5BB19C ft=1 fh=21ba350e23674168 vn="multiple threats" ac=I fn="C:\Documents and Settings\GEPC\Lokale Einstellungen\Microsoft\Windows\Temporary Internet Files\Content.IE5\JRM4JVR4\yontoosetup[1].exe"
sh=1FD832CB6CCC3681772167AC982DF079B3EA184A ft=1 fh=51eb8b785eee4b7f vn="a variant of Win32/Adware.iBryte.H application" ac=I fn="C:\Documents and Settings\GEPC\Lokale Einstellungen\Temp\NyQp+g6T.exe.part"
sh=11445FCF304B2043FF37461C4F34F492EE5BB19C ft=1 fh=21ba350e23674168 vn="multiple threats" ac=I fn="C:\Documents and Settings\GEPC\Lokale Einstellungen\Temporary Internet Files\Content.IE5\JRM4JVR4\yontoosetup[1].exe"
sh=410B32FD3FE4642644AD91AC60C69B86EC2762DD ft=1 fh=0e378a435beab91a vn="a variant of Win32/Adware.Yontoo.B application" ac=I fn="C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setupx.dll"
sh=410B32FD3FE4642644AD91AC60C69B86EC2762DD ft=1 fh=0e378a435beab91a vn="a variant of Win32/Adware.Yontoo.B application" ac=I fn="C:\Dokumente und Einstellungen\All Users\Application Data\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setupx.dll"
sh=410B32FD3FE4642644AD91AC60C69B86EC2762DD ft=1 fh=0e378a435beab91a vn="a variant of Win32/Adware.Yontoo.B application" ac=I fn="C:\Dokumente und Einstellungen\All Users\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setupx.dll"
sh=EF7B656FCA59643387C28782F378E22FA1E9E540 ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.H application" ac=I fn="C:\Dokumente und Einstellungen\GEPC\AppData\Local\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\plnjboioidallfpohbmpbjhipjnlginf\1\5173fdb565c156.63885085.js"
sh=11445FCF304B2043FF37461C4F34F492EE5BB19C ft=1 fh=21ba350e23674168 vn="multiple threats" ac=I fn="C:\Dokumente und Einstellungen\GEPC\AppData\Local\Anwendungsdaten\Microsoft\Windows\Temporary Internet Files\Content.IE5\JRM4JVR4\yontoosetup[1].exe"
sh=1FD832CB6CCC3681772167AC982DF079B3EA184A ft=1 fh=51eb8b785eee4b7f vn="a variant of Win32/Adware.iBryte.H application" ac=I fn="C:\Dokumente und Einstellungen\GEPC\AppData\Local\Anwendungsdaten\Temp\NyQp+g6T.exe.part"
sh=11445FCF304B2043FF37461C4F34F492EE5BB19C ft=1 fh=21ba350e23674168 vn="multiple threats" ac=I fn="C:\Dokumente und Einstellungen\GEPC\AppData\Local\Anwendungsdaten\Temporary Internet Files\Content.IE5\JRM4JVR4\yontoosetup[1].exe"
sh=EF7B656FCA59643387C28782F378E22FA1E9E540 ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.H application" ac=I fn="C:\Dokumente und Einstellungen\GEPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\plnjboioidallfpohbmpbjhipjnlginf\1\5173fdb565c156.63885085.js"
sh=11445FCF304B2043FF37461C4F34F492EE5BB19C ft=1 fh=21ba350e23674168 vn="multiple threats" ac=I fn="C:\Dokumente und Einstellungen\GEPC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JRM4JVR4\yontoosetup[1].exe"
sh=1FD832CB6CCC3681772167AC982DF079B3EA184A ft=1 fh=51eb8b785eee4b7f vn="a variant of Win32/Adware.iBryte.H application" ac=I fn="C:\Dokumente und Einstellungen\GEPC\AppData\Local\Temp\NyQp+g6T.exe.part"
sh=11445FCF304B2043FF37461C4F34F492EE5BB19C ft=1 fh=21ba350e23674168 vn="multiple threats" ac=I fn="C:\Dokumente und Einstellungen\GEPC\AppData\Local\Temporary Internet Files\Content.IE5\JRM4JVR4\yontoosetup[1].exe"
sh=C5B65183EA7991E96E9C13BC494C256A5299879A ft=0 fh=0000000000000000 vn="Java/Exploit.Agent.OSM trojan" ac=I fn="C:\Dokumente und Einstellungen\GEPC\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18\42074392-6310633e"
sh=A4273B848216A1E974F2E9E37C5B0CEA72FABDE7 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Dokumente und Einstellungen\GEPC\Desktop\Minecraft Zeugs\Player API universal\MC 1.5.1 - Player API universal 1.5.zip"
sh=9AE1BD4E87EB1E94F8D4B1EAC79CACB7664EF94A ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Dokumente und Einstellungen\GEPC\Desktop\Minecraft Zeugs\Render Player API\MC 1.5.1 - Render Player API 1.0.zip"
sh=9545338D515BF24EE1E7035FC01524D4250A4AC2 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Dokumente und Einstellungen\GEPC\Desktop\MultiMC\instances\Aether\instMods\MC 1.5.1 - Player API universal 1.5.zip"
sh=61E2D66DD62A92AC06E141786083F21D6413204D ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Dokumente und Einstellungen\GEPC\Desktop\MultiMC\instances\Aether\instMods\MC 1.5.1 - Render Player API 1.0.zip"
sh=F11251EDB0CC73D4E48677E6F8D1241FF4847921 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Dokumente und Einstellungen\GEPC\Desktop\MultiMC\instances\Aether\instMods\minecraftforge-universal-1.5.1-7.7.2.682.zip"
sh=A37ACCED239B7DB14D0278846BAA04032205F68A ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Dokumente und Einstellungen\GEPC\Desktop\MultiMC\instances\Aether\minecraft\lib\deobfuscation_data_1.5.1.zip"
sh=EF7B656FCA59643387C28782F378E22FA1E9E540 ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.H application" ac=I fn="C:\Dokumente und Einstellungen\GEPC\Lokale Einstellungen\Google\Chrome\User Data\Default\Extensions\plnjboioidallfpohbmpbjhipjnlginf\1\5173fdb565c156.63885085.js"
sh=11445FCF304B2043FF37461C4F34F492EE5BB19C ft=1 fh=21ba350e23674168 vn="multiple threats" ac=I fn="C:\Dokumente und Einstellungen\GEPC\Lokale Einstellungen\Microsoft\Windows\Temporary Internet Files\Content.IE5\JRM4JVR4\yontoosetup[1].exe"
sh=1FD832CB6CCC3681772167AC982DF079B3EA184A ft=1 fh=51eb8b785eee4b7f vn="a variant of Win32/Adware.iBryte.H application" ac=I fn="C:\Dokumente und Einstellungen\GEPC\Lokale Einstellungen\Temp\NyQp+g6T.exe.part"
sh=11445FCF304B2043FF37461C4F34F492EE5BB19C ft=1 fh=21ba350e23674168 vn="multiple threats" ac=I fn="C:\Dokumente und Einstellungen\GEPC\Lokale Einstellungen\Temporary Internet Files\Content.IE5\JRM4JVR4\yontoosetup[1].exe"
sh=410B32FD3FE4642644AD91AC60C69B86EC2762DD ft=1 fh=0e378a435beab91a vn="a variant of Win32/Adware.Yontoo.B application" ac=I fn="C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setupx.dll"
sh=410B32FD3FE4642644AD91AC60C69B86EC2762DD ft=1 fh=0e378a435beab91a vn="a variant of Win32/Adware.Yontoo.B application" ac=I fn="C:\Users\All Users\Anwendungsdaten\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setupx.dll"
sh=410B32FD3FE4642644AD91AC60C69B86EC2762DD ft=1 fh=0e378a435beab91a vn="a variant of Win32/Adware.Yontoo.B application" ac=I fn="C:\Users\All Users\Application Data\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setupx.dll"
sh=410B32FD3FE4642644AD91AC60C69B86EC2762DD ft=1 fh=0e378a435beab91a vn="a variant of Win32/Adware.Yontoo.B application" ac=I fn="C:\Users\All Users\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setupx.dll"
sh=EF7B656FCA59643387C28782F378E22FA1E9E540 ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.H application" ac=I fn="C:\Users\GEPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\plnjboioidallfpohbmpbjhipjnlginf\1\5173fdb565c156.63885085.js"
sh=11445FCF304B2043FF37461C4F34F492EE5BB19C ft=1 fh=21ba350e23674168 vn="multiple threats" ac=I fn="C:\Users\GEPC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JRM4JVR4\yontoosetup[1].exe"
sh=1FD832CB6CCC3681772167AC982DF079B3EA184A ft=1 fh=51eb8b785eee4b7f vn="a variant of Win32/Adware.iBryte.H application" ac=I fn="C:\Users\GEPC\AppData\Local\Temp\NyQp+g6T.exe.part"
sh=11445FCF304B2043FF37461C4F34F492EE5BB19C ft=1 fh=21ba350e23674168 vn="multiple threats" ac=I fn="C:\Users\GEPC\AppData\Local\Temporary Internet Files\Content.IE5\JRM4JVR4\yontoosetup[1].exe"
sh=C5B65183EA7991E96E9C13BC494C256A5299879A ft=0 fh=0000000000000000 vn="Java/Exploit.Agent.OSM trojan" ac=I fn="C:\Users\GEPC\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18\42074392-6310633e"
sh=A4273B848216A1E974F2E9E37C5B0CEA72FABDE7 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\GEPC\Desktop\Minecraft Zeugs\Player API universal\MC 1.5.1 - Player API universal 1.5.zip"
sh=9AE1BD4E87EB1E94F8D4B1EAC79CACB7664EF94A ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\GEPC\Desktop\Minecraft Zeugs\Render Player API\MC 1.5.1 - Render Player API 1.0.zip"
sh=9545338D515BF24EE1E7035FC01524D4250A4AC2 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\GEPC\Desktop\MultiMC\instances\Aether\instMods\MC 1.5.1 - Player API universal 1.5.zip"
sh=61E2D66DD62A92AC06E141786083F21D6413204D ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\GEPC\Desktop\MultiMC\instances\Aether\instMods\MC 1.5.1 - Render Player API 1.0.zip"
sh=F11251EDB0CC73D4E48677E6F8D1241FF4847921 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\GEPC\Desktop\MultiMC\instances\Aether\instMods\minecraftforge-universal-1.5.1-7.7.2.682.zip"
sh=A37ACCED239B7DB14D0278846BAA04032205F68A ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\GEPC\Desktop\MultiMC\instances\Aether\minecraft\lib\deobfuscation_data_1.5.1.zip"
sh=EF7B656FCA59643387C28782F378E22FA1E9E540 ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.H application" ac=I fn="C:\Users\GEPC\Lokale Einstellungen\Google\Chrome\User Data\Default\Extensions\plnjboioidallfpohbmpbjhipjnlginf\1\5173fdb565c156.63885085.js"
sh=11445FCF304B2043FF37461C4F34F492EE5BB19C ft=1 fh=21ba350e23674168 vn="multiple threats" ac=I fn="C:\Users\GEPC\Lokale Einstellungen\Microsoft\Windows\Temporary Internet Files\Content.IE5\JRM4JVR4\yontoosetup[1].exe"
sh=1FD832CB6CCC3681772167AC982DF079B3EA184A ft=1 fh=51eb8b785eee4b7f vn="a variant of Win32/Adware.iBryte.H application" ac=I fn="C:\Users\GEPC\Lokale Einstellungen\Temp\NyQp+g6T.exe.part"
sh=11445FCF304B2043FF37461C4F34F492EE5BB19C ft=1 fh=21ba350e23674168 vn="multiple threats" ac=I fn="C:\Users\GEPC\Lokale Einstellungen\Temporary Internet Files\Content.IE5\JRM4JVR4\yontoosetup[1].exe"
sh=BB2C2BD8F436B709BAC2C86466405F0416FFDB48 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="D:\ICQ 7.7\ICQ7M\packages\zlango7\content\data\sv-se.zip"
sh=72C6B32BD0752C7CA89A985867BEA449EAE207EF ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="D:\ICQ 7.7\ICQ7M\packages\zlango7\content\data\tr-tr.zip"
sh=519AC652C88E1B892BD785275F0D091F915C4EA6 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="D:\ICQ 7.7\ICQ7M\packages\zlango7\content\data\ua-ua.zip"
sh=CE4BD53477E9EF2F88008EE60B70FCF443916D37 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="D:\ICQ 7.7\ICQ7M\packages\zlango7\theme\images_max.zip"
sh=18955CA96C67FCF861637BBCD406BE27B9619F17 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="D:\ICQ 7.7\ICQ7M\packages\zlango7\theme\zlango_xtra_img\categories.zip"
sh=5218F472AA8482DE73902596E452653DA0C4ADCE ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="D:\ICQ 7.7\ICQ7M\packages\zlango7\theme\zlango_xtra_img\day.zip"
sh=82C271D9C1EC37E4F1A184C83AFF8631B14B2CE8 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="D:\ICQ 7.7\ICQ7M\packages\zlango7\theme\zlango_xtra_img\describe.zip"
sh=0AA8D5C34E376333631FC006155765029A4A06D3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="D:\ICQ 7.7\ICQ7M\packages\zlango7\theme\zlango_xtra_img\do.zip"
sh=CB004C5497174893FAF158ADBD780A52572DDD9C ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="D:\ICQ 7.7\ICQ7M\packages\zlango7\theme\zlango_xtra_img\do2.zip"
sh=5038947461121EC0045AC5D3918C07CC74BEDAEB ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="D:\ICQ 7.7\ICQ7M\packages\zlango7\theme\zlango_xtra_img\etc.zip"
sh=7A72E7C07CDD8F5F0AC014C0E855ACCFCF9505BD ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="D:\ICQ 7.7\ICQ7M\packages\zlango7\theme\zlango_xtra_img\etc2.zip"
sh=9CD882EAE418756D4424741651E02BDD8BC06C91 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="D:\ICQ 7.7\ICQ7M\packages\zlango7\theme\zlango_xtra_img\feel.zip"
sh=5C551DCFEDF07C57670E5FEBEB57D8438ED4FA3F ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="D:\ICQ 7.7\ICQ7M\packages\zlango7\theme\zlango_xtra_img\feel2.zip"
sh=3078EAF8B5A923B5D9A54ADA924E56271E1DAC82 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="D:\ICQ 7.7\ICQ7M\packages\zlango7\theme\zlango_xtra_img\if+buts.zip"
sh=2C8FC66D51D25270A10B459097C69AFB6D2AF3A8 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="D:\ICQ 7.7\ICQ7M\packages\zlango7\theme\zlango_xtra_img\if+buts2.zip"
sh=DB9A07DAC5BAC8D6A589983E2CBB567C8274776A ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="D:\ICQ 7.7\ICQ7M\packages\zlango7\theme\zlango_xtra_img\nature.zip"
sh=E18B1DF270838F58210C3B05414A42657B585B1C ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="D:\ICQ 7.7\ICQ7M\packages\zlango7\theme\zlango_xtra_img\new_.zip"
sh=80D64668AE5DE785F88F7D035FDDAE5DA841B8FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="D:\ICQ 7.7\ICQ7M\packages\zlango7\theme\zlango_xtra_img\where.zip"
sh=132180E0D95DCC172BE741B74D62028EBCEF7EC2 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="D:\ICQ 7.7\ICQ7M\packages\zlango7\theme\zlango_xtra_img\who.zip"
sh=054612E8BB87C9974764335C3CE721A57124E282 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="D:\ICQ 7.7\ICQ7M\Xtraz\icq\content\phone_login\content.zip"
sh=CC0DF73E8B9679A33D75E37CB77991A8FDEEC384 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="D:\ICQ 7.7\ICQ7M\Xtraz\icq\content\profile_lightboxs\lightbox_data_1.zip"
sh=4EE01A453E899177CE174781BBE265C4842ABD23 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="D:\ICQ 7.7\ICQ7M\Xtraz\icq\content\random_service\random_service5_max.zip"
sh=DBE1CC889B3ECDA4A13166BD0B3A90617D7E4700 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="D:\ICQ 7.7\ICQ7M\Xtraz\icq\theme\announcement\mobile.zip"
sh=7EF0E7FAC539F7617C1708E7974421C4F92809C0 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="D:\ICQ 7.7\ICQ7M\Xtraz\icq\theme\avatar\avatar1.zip"
sh=5F766A32618A3B80EB90FC13F50CC72D02B797E4 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="D:\ICQ 7.7\ICQ7M\Xtraz\icq\theme\babylon_feed\flower.zip"
sh=6F7B371513571C730EC1F9CA99E1300C5CC7D758 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="D:\ICQ 7.7\ICQ7M\Xtraz\icq\theme\coreg\flower.zip"
sh=A52407FA759ED2C53D840A6BCAE6B880C8767D54 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="D:\ICQ 7.7\ICQ7M\Xtraz\icq\theme\email_notifier_login\notifier_icons.zip"
sh=6432E8DBC7CB9FA25DC5E008200B23A4CB63A709 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="D:\ICQ 7.7\ICQ7M\Xtraz\icq\theme\email_notifier_service\images.zip"
sh=D217AD502DE4D77A7F5035C87425EAF9DFA04E2D ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="D:\ICQ 7.7\ICQ7M\Xtraz\icq\theme\facebook_connect\facebook.zip"
sh=9B8AB5C1327C68FCC5FD6F5E71B00765CEE9821C ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="D:\ICQ 7.7\ICQ7M\Xtraz\icq\theme\fb_login\fb_login.zip"
sh=C8C95711EBA3B31CE6645D49D037E9555018458C ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="D:\ICQ 7.7\ICQ7M\Xtraz\icq\theme\ftue\ftue.zip"
sh=E1E4CBF28A801A15152B2C78A1318C28492E1138 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="D:\ICQ 7.7\ICQ7M\Xtraz\icq\theme\ftue\images.zip"
sh=1A5D766ECE3CE887BC3BE4D54CC0596CA5F5B0BF ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="D:\ICQ 7.7\ICQ7M\Xtraz\icq\theme\game_center\games_center.zip"
sh=A26BF964AD88E3A365C0B94F51E4E1D3D0CC8A5C ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="D:\ICQ 7.7\ICQ7M\Xtraz\icq\theme\icq5_notification\flower.zip"
sh=9DAB3ED804ACA4B5D4D3E2E66F1644BCB66D1757 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="D:\ICQ 7.7\ICQ7M\Xtraz\icq\theme\icq_email_notifier_ex\flower.zip"
sh=145CC8DDE330CEC8E3C42F53B132A202DCF5D4A1 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="D:\ICQ 7.7\ICQ7M\Xtraz\icq\theme\icq_email_notifier_ex\images.zip"
sh=33D62640A364E8103560A223E59B76566ED7A87C ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="D:\ICQ 7.7\ICQ7M\Xtraz\icq\theme\icq_ls_me\avatars.zip"
sh=42884C28D697A5DA72EDD111847AB08B5EE30919 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="D:\ICQ 7.7\ICQ7M\Xtraz\icq\theme\icq_ls_me\flower.zip"
sh=018413F8F281B6749FFE7D47B97359A96CEB2B40 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="D:\ICQ 7.7\ICQ7M\Xtraz\icq\theme\icq_ls_me\theme.zip"
sh=D1993D814BA36B1A382C22FDF203E03664B7470E ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="D:\ICQ 7.7\ICQ7M\Xtraz\icq\theme\icq_profile\icq7_flower.zip"
sh=50FF5FCB87254F62ADDAD89FC5E025173D03BAF1 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="D:\ICQ 7.7\ICQ7M\Xtraz\icq\theme\icq_profile\theme.zip"
sh=B595C5135A2236246F51709499972EFAB581B4DA ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="D:\ICQ 7.7\ICQ7M\Xtraz\icq\theme\icq_sounds\sounds.zip"
sh=96D5E91876EA556ED0353B0165FD41834717175C ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="D:\ICQ 7.7\ICQ7M\Xtraz\icq\theme\icq_welcome\zones.zip"
sh=A4DCA1E70C77F1BC6DF3ABE012FE84D2BFBA5CC3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="D:\ICQ 7.7\ICQ7M\Xtraz\icq\theme\import_contacts\icq7_flower.zip"
sh=0457FEC6414DCCC2BF7F0F5944426F4FE6ED2ED6 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="D:\ICQ 7.7\ICQ7M\Xtraz\icq\theme\ls_tab\avatars.zip"
sh=0134D7510A88889FF82E999BC25BC83CCCF92B26 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="D:\ICQ 7.7\ICQ7M\Xtraz\icq\theme\ls_tab\flower.zip"
sh=E7603FFFB5164EEF461073B8F8E1CF682A68C210 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="D:\ICQ 7.7\ICQ7M\Xtraz\icq\theme\ls_tab\theme.zip"
sh=CBA8C08CBE0275C02978481203A348B5E1C04A40 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="D:\ICQ 7.7\ICQ7M\Xtraz\icq\theme\mini_game_center\images.zip"
sh=D7671936EDCC1514390538AC221CAC9F576A85C4 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="D:\ICQ 7.7\ICQ7M\Xtraz\icq\theme\mini_game_center\mini_game_center.zip"
sh=F356F0C71C97335B61322C9095515669836D3AC5 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="D:\ICQ 7.7\ICQ7M\Xtraz\icq\theme\odd_cast_vhost\oddcast1.zip"
sh=5B8AC5595222917AFE6C52BD5FB0E7B7F59D10D0 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="D:\ICQ 7.7\ICQ7M\Xtraz\icq\theme\p7_billing\p7_billing.zip"
sh=5788CC65ACB0EC8874FBD8C055E91E9647162DE3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="D:\ICQ 7.7\ICQ7M\Xtraz\icq\theme\phone_login\phone_login_icon.zip"
sh=F31A0F20D93C4BB08ED97B60AB70E0B2B7F04949 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="D:\ICQ 7.7\ICQ7M\Xtraz\icq\theme\phone_login\phone_login_images.zip"
sh=9DFC18ADC0DA10BC03FB362D41B9B55979042519 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="D:\ICQ 7.7\ICQ7M\Xtraz\icq\theme\profile_forms\icq7_flower.zip"
sh=65C04D451837D87FB44BA8927156BC2A970FE664 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="D:\ICQ 7.7\ICQ7M\Xtraz\icq\theme\profile_forms\theme.zip"
sh=7F6AD0A0F490B7D48D5C531274772099B5385997 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="D:\ICQ 7.7\ICQ7M\Xtraz\icq\theme\profile_lightboxs\icq_profile_lightbox.zip"
sh=C053BBA82E473A4D41A733650ACD4D691DF8248F ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="D:\ICQ 7.7\ICQ7M\Xtraz\icq\theme\profile_lightboxs\theme.zip"
sh=F9947097AE2105916C7A41D088BC7CB1A66337DA ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="D:\ICQ 7.7\ICQ7M\Xtraz\icq\theme\pumk\images.zip"
sh=DC6D5611D29C585DA6BC9E88E86F501F1F25BA63 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="D:\ICQ 7.7\ICQ7M\Xtraz\icq\theme\pumk\pumk.zip"
sh=60AB78913591BE358D3753E6BC6970A25B69CE5F ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="D:\ICQ 7.7\ICQ7M\Xtraz\icq\theme\rps\rps.zip"
sh=1AF7E29CCAB4AEEC7BAB6F9CEF800B2B88DCC36B ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="D:\ICQ 7.7\ICQ7M\Xtraz\icq\theme\slide-a-lama\slide-a-lama.zip"
sh=8F144B47063BA8F35A6E70DCA18C77B92022BFD0 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="D:\ICQ 7.7\ICQ7M\Xtraz\icq\theme\sparkbee\PartyLands.zip"
sh=9892E46D832606B7323D5707DD3257817112F0A6 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="D:\ICQ 7.7\ICQ7M\Xtraz\icq\theme\url_opener\icq7_flower.zip"
sh=CD5D83F46A158CC2195037C637F7242C9011EB33 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="D:\ICQ 7.7\ICQ7M\Xtraz\icq\theme\warsheep\warsheep.zip"
sh=9AD9C2BC781D96CD60C31265027789864836939F ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="D:\ICQ 7.7\ICQ7M\Xtraz\icq\theme\xmpp_login\xmpp_login.zip"
sh=372504B7B7640EB9601ED104315BAB3BCFF3B906 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="D:\ICQ 7.7\ICQ7M\Xtraz\icq\theme\xmpp_login_odk\xmpp_login.zip"
sh=2F8431FD53300B75C084FBA2CB88B0EF5C60CD6D ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="D:\ICQ 7.7\ICQ7M\Xtraz\icq\theme\xmpp_login_vk\xmpp_login.zip"
sh=CA2DD71D92E621F894274C794EE5E3FB995B0B62 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="D:\ICQ 7.7\ICQ7M\Xtraz\icq\theme\zoopaloola\zoopaloola.zip"
sh=1F2F1D5A98987242618468D4E31D35AF5C908996 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="D:\ICQ 7.7\ICQ7M\Xtraz\zlango7\content\zlango_popup_xtra\bg-bg.zip"
sh=7CF3A94DF35ED80AEA943427A27FA63C5F6CCB1A ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="D:\ICQ 7.7\ICQ7M\Xtraz\zlango7\content\zlango_popup_xtra\content_max.zip"
sh=85663A8E613D9C84E8453B6D2B22DD0BEC10E75B ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="D:\ICQ 7.7\ICQ7M\Xtraz\zlango7\content\zlango_popup_xtra\cs-cz.zip"
sh=74D56AAA9B4634CA4647539462B429A1E736A25D ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="D:\ICQ 7.7\ICQ7M\Xtraz\zlango7\content\zlango_popup_xtra\de-at.zip"
sh=2B9835C1FE8451B4B9F344FBCDBFE65E898F91F4 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="D:\ICQ 7.7\ICQ7M\Xtraz\zlango7\content\zlango_popup_xtra\de-de.zip"
sh=D3B87492C8EEEC4FD4F617EC850AB6180B743A14 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="D:\ICQ 7.7\ICQ7M\Xtraz\zlango7\content\zlango_popup_xtra\en-us.zip"
sh=83D3C92F69634D75728AA5DF59A10DE6FCEF0A4D ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="D:\ICQ 7.7\ICQ7M\Xtraz\zlango7\content\zlango_popup_xtra\es-es.zip"
sh=22FD90469E98FE4103CF72A91C098ED9F3E44B8C ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="D:\ICQ 7.7\ICQ7M\Xtraz\zlango7\content\zlango_popup_xtra\fr-fr.zip"
sh=2FEADCB6BC75252ACA8F6412A91E20ED72EA123C ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="D:\ICQ 7.7\ICQ7M\Xtraz\zlango7\content\zlango_popup_xtra\he-il.zip"
sh=1C19EC4C1F021DFE69106122C876ED30C858C88C ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="D:\ICQ 7.7\ICQ7M\Xtraz\zlango7\content\zlango_popup_xtra\it-it.zip"
sh=3F53B5EB285A701F9DBEBDAE740E48051B658AED ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="D:\ICQ 7.7\ICQ7M\Xtraz\zlango7\content\zlango_popup_xtra\pt-br.zip"
sh=1E6832188A224BA056A21FFB19B505659B36A2B9 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="D:\ICQ 7.7\ICQ7M\Xtraz\zlango7\content\zlango_popup_xtra\ru-ru.zip"
sh=FEF37C04F2306FD012C970F5BA9444E3B8F2E295 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="D:\ICQ 7.7\ICQ7M\Xtraz\zlango7\content\zlango_popup_xtra\ru-ua.zip"
sh=F59825C702E301F59A3E7D371A3077A2AA3B6E86 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="D:\ICQ 7.7\ICQ7M\Xtraz\zlango7\content\zlango_popup_xtra\sk-sk.zip"
sh=F589996DE02FD4EEF11E7B5C4BFE26F5E695332C ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="D:\ICQ 7.7\ICQ7M\Xtraz\zlango7\content\zlango_popup_xtra\sv-se.zip"
sh=7142FA3BF5BABA186796757859C323EF971E07C4 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="D:\ICQ 7.7\ICQ7M\Xtraz\zlango7\content\zlango_popup_xtra\tr-tr.zip"
sh=3C07863BC4B2257F1A6D2271475AE68E0666FD8A ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="D:\ICQ 7.7\ICQ7M\Xtraz\zlango7\content\zlango_popup_xtra\ua-ua.zip"
sh=15581CAC7F2C08A0C0A73E5B844910D27F7F13ED ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="D:\ICQ 7.7\ICQ7M\Xtraz\zlango7\theme\zlango_popup_xtra\categories.zip"
sh=852CC451E9E44C5850E715B053A8F040D0EB14A8 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="D:\ICQ 7.7\ICQ7M\Xtraz\zlango7\theme\zlango_popup_xtra\day.zip"
sh=EC10AD6FCC1FA4882A47BDCE7338C30804EA23C9 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="D:\ICQ 7.7\ICQ7M\Xtraz\zlango7\theme\zlango_popup_xtra\describe.zip"
sh=9C06B03D16AC2FD0F3E796148EABD6047EC6D2BF ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="D:\ICQ 7.7\ICQ7M\Xtraz\zlango7\theme\zlango_popup_xtra\do.zip"
sh=8552C135279FB5FAE54197743D85355905EABDD0 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="D:\ICQ 7.7\ICQ7M\Xtraz\zlango7\theme\zlango_popup_xtra\do2.zip"
sh=7DDB1D525F1B90EE0F80E52898CCC6FF1067EF26 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="D:\ICQ 7.7\ICQ7M\Xtraz\zlango7\theme\zlango_popup_xtra\etc.zip"
sh=00F29367F0EB11DAF2F46E010D104944826007ED ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="D:\ICQ 7.7\ICQ7M\Xtraz\zlango7\theme\zlango_popup_xtra\etc2.zip"
sh=74955D04D5E6A1A815A422E0C391B0026B3F56A1 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="D:\ICQ 7.7\ICQ7M\Xtraz\zlango7\theme\zlango_popup_xtra\feel.zip"
sh=5A87E0B73ABABACEB363363F7BA85A13399215A4 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="D:\ICQ 7.7\ICQ7M\Xtraz\zlango7\theme\zlango_popup_xtra\feel2.zip"
sh=DB48B1D87AD40E6243105AC74C6F8E76758A9A32 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="D:\ICQ 7.7\ICQ7M\Xtraz\zlango7\theme\zlango_popup_xtra\if_buts.zip"
sh=0C640EBF08C24AC25F791263261745617985A909 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="D:\ICQ 7.7\ICQ7M\Xtraz\zlango7\theme\zlango_popup_xtra\if_buts2.zip"
sh=70F1690DCF2E00E4D323BE3E2FF2A2FF09E07379 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="D:\ICQ 7.7\ICQ7M\Xtraz\zlango7\theme\zlango_popup_xtra\images.zip"
sh=515555F09FD57F9D173AF08B537810C04FC88B41 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="D:\ICQ 7.7\ICQ7M\Xtraz\zlango7\theme\zlango_popup_xtra\nature.zip"
sh=8284A648EB817D628CC956E28EF7E88DCD7EB927 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="D:\ICQ 7.7\ICQ7M\Xtraz\zlango7\theme\zlango_popup_xtra\where.zip"
sh=ABB938384DEDB82088BD11B823229A057DCD3F28 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="D:\ICQ 7.7\ICQ7M\Xtraz\zlango7\theme\zlango_popup_xtra\who.zip"
sh=62B9692D7C05B2CF087A22B7D191C86B91D625D4 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="D:\ICQ 7.7\ICQ7M\Xtraz\zlango7\theme\zlango_popup_xtra\zlango1.zip"
sh=EA91D7DB06E071ACF48E2C4E5383C882A53A2AFD ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="D:\JadMod Pokemon\gba_bios.zip"
sh=17D19C0EF730F91FC59B5AB50F5BF2689A504C86 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="D:\JadMod Pokemon\vba_deu_1.7.zip"
sh=3D1E4270F7D1BB4539D095A9BEDDF2C68F36AD97 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="D:\JadMod Pokemon\VisualBoyAdvance-1.7.2.zip"
sh=D91ECEEA8840F4B9F88174FE2B5D17D624348507 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="D:\JadMod Pokemon\neuer Ordner thehe\vbalink173.zip"
sh=31DADB39F392294AED1E646F2CB2C309AE1FA694 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="D:\Pokemon Smaragd\Pokemon - Smaragd-Edition.zip"
sh=0F284A8099E1D211FDF627763D53A16F4D1005EF ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="D:\Pokemon Smaragd\Pokemon Smaragd (D).zip"
sh=3709D8B71620ABDAC79BECCD8421CD943F3E6F5F ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="D:\SlM 3.3\Morrigan\source\Slave-Morrigan\source.zip"
sh=02977075DF26D4226F38582BCE5AE3E3F125F28E ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan (deleted - quarantined)" ac=C fn="C:\$Recycle.Bin\S-1-5-21-312593407-3926772087-1577777048-1000\$IMKESBC.zip"
sh=EEEAC13868B431D51851C81D81F0EA1B0FCD59AD ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan (deleted - quarantined)" ac=C fn="C:\$Recycle.Bin\S-1-5-21-312593407-3926772087-1577777048-1000\$RB3MBRH.rar"
sh=96DB3B38E6EB13BD5EBC5AAD80DBC71A984FF9FA ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan (deleted - quarantined)" ac=C fn="C:\$Recycle.Bin\S-1-5-21-312593407-3926772087-1577777048-1000\$ROYQPG2.rar"
sh=410B32FD3FE4642644AD91AC60C69B86EC2762DD ft=1 fh=0e378a435beab91a vn="a variant of Win32/Adware.Yontoo.B application (cleaned by deleting - quarantined)" ac=C fn="C:\Documents and Settings\All Users\Anwendungsdaten\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setupx.dll"
sh=EF7B656FCA59643387C28782F378E22FA1E9E540 ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.H application (cleaned by deleting - quarantined)" ac=C fn="C:\Documents and Settings\GEPC\AppData\Local\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\plnjboioidallfpohbmpbjhipjnlginf\1\5173fdb565c156.63885085.js"
sh=11445FCF304B2043FF37461C4F34F492EE5BB19C ft=1 fh=21ba350e23674168 vn="multiple threats (cleaned by deleting - quarantined)" ac=C fn="C:\Documents and Settings\GEPC\AppData\Local\Anwendungsdaten\Microsoft\Windows\Temporary Internet Files\Content.IE5\JRM4JVR4\yontoosetup[1].exe"
sh=1FD832CB6CCC3681772167AC982DF079B3EA184A ft=1 fh=51eb8b785eee4b7f vn="a variant of Win32/Adware.iBryte.H application (cleaned by deleting - quarantined)" ac=C fn="C:\Documents and Settings\GEPC\AppData\Local\Anwendungsdaten\Temp\NyQp+g6T.exe.part"
sh=C5B65183EA7991E96E9C13BC494C256A5299879A ft=0 fh=0000000000000000 vn="Java/Exploit.Agent.OSM trojan (cleaned by deleting - quarantined)" ac=C fn="C:\Documents and Settings\GEPC\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18\42074392-6310633e"
sh=A4273B848216A1E974F2E9E37C5B0CEA72FABDE7 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan (deleted - quarantined)" ac=C fn="C:\Documents and Settings\GEPC\Desktop\Minecraft Zeugs\Player API universal\MC 1.5.1 - Player API universal 1.5.zip"
sh=9AE1BD4E87EB1E94F8D4B1EAC79CACB7664EF94A ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan (deleted - quarantined)" ac=C fn="C:\Documents and Settings\GEPC\Desktop\Minecraft Zeugs\Render Player API\MC 1.5.1 - Render Player API 1.0.zip"
sh=9545338D515BF24EE1E7035FC01524D4250A4AC2 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan (deleted - quarantined)" ac=C fn="C:\Documents and Settings\GEPC\Desktop\MultiMC\instances\Aether\instMods\MC 1.5.1 - Player API universal 1.5.zip"
sh=61E2D66DD62A92AC06E141786083F21D6413204D ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan (deleted - quarantined)" ac=C fn="C:\Documents and Settings\GEPC\Desktop\MultiMC\instances\Aether\instMods\MC 1.5.1 - Render Player API 1.0.zip"
sh=F11251EDB0CC73D4E48677E6F8D1241FF4847921 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan (cleaned by deleting - quarantined)" ac=C fn="C:\Documents and Settings\GEPC\Desktop\MultiMC\instances\Aether\instMods\minecraftforge-universal-1.5.1-7.7.2.682.zip"
sh=A37ACCED239B7DB14D0278846BAA04032205F68A ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan (deleted - quarantined)" ac=C fn="C:\Documents and Settings\GEPC\Desktop\MultiMC\instances\Aether\minecraft\lib\deobfuscation_data_1.5.1.zip"
sh=3CDD925BCF092C589108718CE879661C4711EA74 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan (deleted - quarantined)" ac=C fn="D:\ICQ 7.7\ICQ7M\packages\zlango7\content\content_max.zip"
sh=4232B49F1F68CE230317C0D92A53D380E54117C1 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan (deleted - quarantined)" ac=C fn="D:\ICQ 7.7\ICQ7M\packages\zlango7\content\data\bg-bg.zip"
sh=57CF019E0D3D757C93275B8D206E7B6E0336E29A ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan (deleted - quarantined)" ac=C fn="D:\ICQ 7.7\ICQ7M\packages\zlango7\content\data\cs-cz.zip"
sh=EA4389EC31C99985E4CC7965DD6F2B4ACB05800B ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan (deleted - quarantined)" ac=C fn="D:\ICQ 7.7\ICQ7M\packages\zlango7\content\data\de-at.zip"
sh=123E1BE761F2E17944EA9F1370D535FADDB145A4 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan (deleted - quarantined)" ac=C fn="D:\ICQ 7.7\ICQ7M\packages\zlango7\content\data\de-de.zip"
sh=14094D23946C485F3BD936B502000D7C459BC767 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan (deleted - quarantined)" ac=C fn="D:\ICQ 7.7\ICQ7M\packages\zlango7\content\data\en-us.zip"
sh=FBDC2A331D0C24CE0AB05059FD690F87EC819386 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan (deleted - quarantined)" ac=C fn="D:\ICQ 7.7\ICQ7M\packages\zlango7\content\data\es-es.zip"
sh=4DBDE3DF595B76955AAB9697084D60EF55DDDBA3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan (deleted - quarantined)" ac=C fn="D:\ICQ 7.7\ICQ7M\packages\zlango7\content\data\fr-fr.zip"
sh=9A0DBE08DAFE5E519072EFE069259312BC83DC0D ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan (deleted - quarantined)" ac=C fn="D:\ICQ 7.7\ICQ7M\packages\zlango7\content\data\he-il.zip"
sh=EA4D4193E5A68A193DD80D6130D8C46D0B0A5927 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan (deleted - quarantined)" ac=C fn="D:\ICQ 7.7\ICQ7M\packages\zlango7\content\data\it-it.zip"
sh=27EB1C9308306B07F979A92EE95739730555E958 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan (deleted - quarantined)" ac=C fn="D:\ICQ 7.7\ICQ7M\packages\zlango7\content\data\pt-br.zip"
sh=D71F046F7038B7428D4672CC502A16EB9F90BA5E ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan (deleted - quarantined)" ac=C fn="D:\ICQ 7.7\ICQ7M\packages\zlango7\content\data\ru-ru.zip"
sh=17CD2E128686EA3950830C61418E69E6EB012BBF ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan (deleted - quarantined)" ac=C fn="D:\ICQ 7.7\ICQ7M\packages\zlango7\content\data\ru-ua.zip"
sh=F72409923DE39194951EAEBDDC595CD32A768910 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan (deleted - quarantined)" ac=C fn="D:\ICQ 7.7\ICQ7M\packages\zlango7\content\data\sk-sk.zip"
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=3b3ccc38c606934a87b33c050fed8e69
# engine=14391
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-07-14 02:49:38
# local_time=2013-07-14 04:49:38 (+0100, Mitteleurop臺sche Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776573 100 94 78650 125443228 0 0
# scanned=604444
# found=132
# cleaned=0
# scan_time=7749
sh=B3FA0A9E026E8AD75F0732708DC8C8A92D8392E6 ft=0 fh=0000000000000000 vn="Win32/Injector.AJLS trojan" ac=I fn="C:\Documents and Settings\GEPC\AppData\Local\Anwendungsdaten\Temp\A9sZlRkS.zip.part"
sh=B3FA0A9E026E8AD75F0732708DC8C8A92D8392E6 ft=0 fh=0000000000000000 vn="Win32/Injector.AJLS trojan" ac=I fn="C:\Documents and Settings\GEPC\AppData\Local\Anwendungsdaten\Temp\D68s4914.zip.part"
sh=B3FA0A9E026E8AD75F0732708DC8C8A92D8392E6 ft=0 fh=0000000000000000 vn="Win32/Injector.AJLS trojan" ac=I fn="C:\Documents and Settings\GEPC\AppData\Local\Anwendungsdaten\Temp\QXdErNzc.zip.part"
sh=B3FA0A9E026E8AD75F0732708DC8C8A92D8392E6 ft=0 fh=0000000000000000 vn="Win32/Injector.AJLS trojan" ac=I fn="C:\Documents and Settings\GEPC\AppData\Local\Temp\A9sZlRkS.zip.part"
sh=B3FA0A9E026E8AD75F0732708DC8C8A92D8392E6 ft=0 fh=0000000000000000 vn="Win32/Injector.AJLS trojan" ac=I fn="C:\Documents and Settings\GEPC\AppData\Local\Temp\D68s4914.zip.part"
sh=B3FA0A9E026E8AD75F0732708DC8C8A92D8392E6 ft=0 fh=0000000000000000 vn="Win32/Injector.AJLS trojan" ac=I fn="C:\Documents and Settings\GEPC\AppData\Local\Temp\QXdErNzc.zip.part"
sh=B3FA0A9E026E8AD75F0732708DC8C8A92D8392E6 ft=0 fh=0000000000000000 vn="Win32/Injector.AJLS trojan" ac=I fn="C:\Documents and Settings\GEPC\Lokale Einstellungen\Temp\A9sZlRkS.zip.part"
sh=B3FA0A9E026E8AD75F0732708DC8C8A92D8392E6 ft=0 fh=0000000000000000 vn="Win32/Injector.AJLS trojan" ac=I fn="C:\Documents and Settings\GEPC\Lokale Einstellungen\Temp\D68s4914.zip.part"
sh=B3FA0A9E026E8AD75F0732708DC8C8A92D8392E6 ft=0 fh=0000000000000000 vn="Win32/Injector.AJLS trojan" ac=I fn="C:\Documents and Settings\GEPC\Lokale Einstellungen\Temp\QXdErNzc.zip.part"
sh=B3FA0A9E026E8AD75F0732708DC8C8A92D8392E6 ft=0 fh=0000000000000000 vn="Win32/Injector.AJLS trojan" ac=I fn="C:\Dokumente und Einstellungen\GEPC\AppData\Local\Anwendungsdaten\Temp\A9sZlRkS.zip.part"
sh=B3FA0A9E026E8AD75F0732708DC8C8A92D8392E6 ft=0 fh=0000000000000000 vn="Win32/Injector.AJLS trojan" ac=I fn="C:\Dokumente und Einstellungen\GEPC\AppData\Local\Anwendungsdaten\Temp\D68s4914.zip.part"
sh=B3FA0A9E026E8AD75F0732708DC8C8A92D8392E6 ft=0 fh=0000000000000000 vn="Win32/Injector.AJLS trojan" ac=I fn="C:\Dokumente und Einstellungen\GEPC\AppData\Local\Anwendungsdaten\Temp\QXdErNzc.zip.part"
sh=B3FA0A9E026E8AD75F0732708DC8C8A92D8392E6 ft=0 fh=0000000000000000 vn="Win32/Injector.AJLS trojan" ac=I fn="C:\Dokumente und Einstellungen\GEPC\AppData\Local\Temp\A9sZlRkS.zip.part"
sh=B3FA0A9E026E8AD75F0732708DC8C8A92D8392E6 ft=0 fh=0000000000000000 vn="Win32/Injector.AJLS trojan" ac=I fn="C:\Dokumente und Einstellungen\GEPC\AppData\Local\Temp\D68s4914.zip.part"
sh=B3FA0A9E026E8AD75F0732708DC8C8A92D8392E6 ft=0 fh=0000000000000000 vn="Win32/Injector.AJLS trojan" ac=I fn="C:\Dokumente und Einstellungen\GEPC\AppData\Local\Temp\QXdErNzc.zip.part"
sh=B3FA0A9E026E8AD75F0732708DC8C8A92D8392E6 ft=0 fh=0000000000000000 vn="Win32/Injector.AJLS trojan" ac=I fn="C:\Dokumente und Einstellungen\GEPC\Lokale Einstellungen\Temp\A9sZlRkS.zip.part"
sh=B3FA0A9E026E8AD75F0732708DC8C8A92D8392E6 ft=0 fh=0000000000000000 vn="Win32/Injector.AJLS trojan" ac=I fn="C:\Dokumente und Einstellungen\GEPC\Lokale Einstellungen\Temp\D68s4914.zip.part"
sh=B3FA0A9E026E8AD75F0732708DC8C8A92D8392E6 ft=0 fh=0000000000000000 vn="Win32/Injector.AJLS trojan" ac=I fn="C:\Dokumente und Einstellungen\GEPC\Lokale Einstellungen\Temp\QXdErNzc.zip.part"
sh=B3FA0A9E026E8AD75F0732708DC8C8A92D8392E6 ft=0 fh=0000000000000000 vn="Win32/Injector.AJLS trojan" ac=I fn="C:\Users\GEPC\AppData\Local\Temp\A9sZlRkS.zip.part"
sh=B3FA0A9E026E8AD75F0732708DC8C8A92D8392E6 ft=0 fh=0000000000000000 vn="Win32/Injector.AJLS trojan" ac=I fn="C:\Users\GEPC\AppData\Local\Temp\D68s4914.zip.part"
sh=B3FA0A9E026E8AD75F0732708DC8C8A92D8392E6 ft=0 fh=0000000000000000 vn="Win32/Injector.AJLS trojan" ac=I fn="C:\Users\GEPC\AppData\Local\Temp\QXdErNzc.zip.part"
sh=B3FA0A9E026E8AD75F0732708DC8C8A92D8392E6 ft=0 fh=0000000000000000 vn="Win32/Injector.AJLS trojan" ac=I fn="C:\Users\GEPC\Lokale Einstellungen\Temp\A9sZlRkS.zip.part"
sh=B3FA0A9E026E8AD75F0732708DC8C8A92D8392E6 ft=0 fh=0000000000000000 vn="Win32/Injector.AJLS trojan" ac=I fn="C:\Users\GEPC\Lokale Einstellungen\Temp\D68s4914.zip.part"
sh=B3FA0A9E026E8AD75F0732708DC8C8A92D8392E6 ft=0 fh=0000000000000000 vn="Win32/Injector.AJLS trojan" ac=I fn="C:\Users\GEPC\Lokale Einstellungen\Temp\QXdErNzc.zip.part"
sh=BB2C2BD8F436B709BAC2C86466405F0416FFDB48 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="D:\ICQ 7.7\ICQ7M\packages\zlango7\content\data\sv-se.zip"
sh=72C6B32BD0752C7CA89A985867BEA449EAE207EF ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="D:\ICQ 7.7\ICQ7M\packages\zlango7\content\data\tr-tr.zip"
sh=519AC652C88E1B892BD785275F0D091F915C4EA6 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="D:\ICQ 7.7\ICQ7M\packages\zlango7\content\data\ua-ua.zip"
sh=CE4BD53477E9EF2F88008EE60B70FCF443916D37 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="D:\ICQ 7.7\ICQ7M\packages\zlango7\theme\images_max.zip"
sh=18955CA96C67FCF861637BBCD406BE27B9619F17 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="D:\ICQ 7.7\ICQ7M\packages\zlango7\theme\zlango_xtra_img\categories.zip"
sh=5218F472AA8482DE73902596E452653DA0C4ADCE ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="D:\ICQ 7.7\ICQ7M\packages\zlango7\theme\zlango_xtra_img\day.zip"
sh=82C271D9C1EC37E4F1A184C83AFF8631B14B2CE8 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="D:\ICQ 7.7\ICQ7M\packages\zlango7\theme\zlango_xtra_img\describe.zip"
sh=0AA8D5C34E376333631FC006155765029A4A06D3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="D:\ICQ 7.7\ICQ7M\packages\zlango7\theme\zlango_xtra_img\do.zip"
sh=CB004C5497174893FAF158ADBD780A52572DDD9C ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="D:\ICQ 7.7\ICQ7M\packages\zlango7\theme\zlango_xtra_img\do2.zip"
sh=5038947461121EC0045AC5D3918C07CC74BEDAEB ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="D:\ICQ 7.7\ICQ7M\packages\zlango7\theme\zlango_xtra_img\etc.zip"
sh=7A72E7C07CDD8F5F0AC014C0E855ACCFCF9505BD ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="D:\ICQ 7.7\ICQ7M\packages\zlango7\theme\zlango_xtra_img\etc2.zip"
sh=9CD882EAE418756D4424741651E02BDD8BC06C91 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="D:\ICQ 7.7\ICQ7M\packages\zlango7\theme\zlango_xtra_img\feel.zip"
sh=5C551DCFEDF07C57670E5FEBEB57D8438ED4FA3F ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="D:\ICQ 7.7\ICQ7M\packages\zlango7\theme\zlango_xtra_img\feel2.zip"
sh=3078EAF8B5A923B5D9A54ADA924E56271E1DAC82 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="D:\ICQ 7.7\ICQ7M\packages\zlango7\theme\zlango_xtra_img\if+buts.zip"
sh=2C8FC66D51D25270A10B459097C69AFB6D2AF3A8 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="D:\ICQ 7.7\ICQ7M\packages\zlango7\theme\zlango_xtra_img\if+buts2.zip"
sh=DB9A07DAC5BAC8D6A589983E2CBB567C8274776A ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="D:\ICQ 7.7\ICQ7M\packages\zlango7\theme\zlango_xtra_img\nature.zip"
sh=E18B1DF270838F58210C3B05414A42657B585B1C ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="D:\ICQ 7.7\ICQ7M\packages\zlango7\theme\zlango_xtra_img\new_.zip"
sh=80D64668AE5DE785F88F7D035FDDAE5DA841B8FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="D:\ICQ 7.7\ICQ7M\packages\zlango7\theme\zlango_xtra_img\where.zip"
sh=132180E0D95DCC172BE741B74D62028EBCEF7EC2 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="D:\ICQ 7.7\ICQ7M\packages\zlango7\theme\zlango_xtra_img\who.zip"
sh=054612E8BB87C9974764335C3CE721A57124E282 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="D:\ICQ 7.7\ICQ7M\Xtraz\icq\content\phone_login\content.zip"
sh=CC0DF73E8B9679A33D75E37CB77991A8FDEEC384 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="D:\ICQ 7.7\ICQ7M\Xtraz\icq\content\profile_lightboxs\lightbox_data_1.zip"
sh=4EE01A453E899177CE174781BBE265C4842ABD23 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="D:\ICQ 7.7\ICQ7M\Xtraz\icq\content\random_service\random_service5_max.zip"
sh=DBE1CC889B3ECDA4A13166BD0B3A90617D7E4700 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="D:\ICQ 7.7\ICQ7M\Xtraz\icq\theme\announcement\mobile.zip"
sh=7EF0E7FAC539F7617C1708E7974421C4F92809C0 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="D:\ICQ 7.7\ICQ7M\Xtraz\icq\theme\avatar\avatar1.zip"
sh=5F766A32618A3B80EB90FC13F50CC72D02B797E4 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="D:\ICQ 7.7\ICQ7M\Xtraz\icq\theme\babylon_feed\flower.zip"
sh=6F7B371513571C730EC1F9CA99E1300C5CC7D758 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="D:\ICQ 7.7\ICQ7M\Xtraz\icq\theme\coreg\flower.zip"
sh=A52407FA759ED2C53D840A6BCAE6B880C8767D54 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="D:\ICQ 7.7\ICQ7M\Xtraz\icq\theme\email_notifier_login\notifier_icons.zip"
sh=6432E8DBC7CB9FA25DC5E008200B23A4CB63A709 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="D:\ICQ 7.7\ICQ7M\Xtraz\icq\theme\email_notifier_service\images.zip"
sh=D217AD502DE4D77A7F5035C87425EAF9DFA04E2D ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="D:\ICQ 7.7\ICQ7M\Xtraz\icq\theme\facebook_connect\facebook.zip"
sh=9B8AB5C1327C68FCC5FD6F5E71B00765CEE9821C ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="D:\ICQ 7.7\ICQ7M\Xtraz\icq\theme\fb_login\fb_login.zip"
sh=C8C95711EBA3B31CE6645D49D037E9555018458C ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="D:\ICQ 7.7\ICQ7M\Xtraz\icq\theme\ftue\ftue.zip"
sh=E1E4CBF28A801A15152B2C78A1318C28492E1138 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="D:\ICQ 7.7\ICQ7M\Xtraz\icq\theme\ftue\images.zip"
sh=1A5D766ECE3CE887BC3BE4D54CC0596CA5F5B0BF ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="D:\ICQ 7.7\ICQ7M\Xtraz\icq\theme\game_center\games_center.zip"
sh=A26BF964AD88E3A365C0B94F51E4E1D3D0CC8A5C ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="D:\ICQ 7.7\ICQ7M\Xtraz\icq\theme\icq5_notification\flower.zip"
sh=9DAB3ED804ACA4B5D4D3E2E66F1644BCB66D1757 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="D:\ICQ 7.7\ICQ7M\Xtraz\icq\theme\icq_email_notifier_ex\flower.zip"
sh=145CC8DDE330CEC8E3C42F53B132A202DCF5D4A1 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="D:\ICQ 7.7\ICQ7M\Xtraz\icq\theme\icq_email_notifier_ex\images.zip"
sh=33D62640A364E8103560A223E59B76566ED7A87C ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="D:\ICQ 7.7\ICQ7M\Xtraz\icq\theme\icq_ls_me\avatars.zip"
sh=42884C28D697A5DA72EDD111847AB08B5EE30919 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="D:\ICQ 7.7\ICQ7M\Xtraz\icq\theme\icq_ls_me\flower.zip"
sh=018413F8F281B6749FFE7D47B97359A96CEB2B40 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="D:\ICQ 7.7\ICQ7M\Xtraz\icq\theme\icq_ls_me\theme.zip"
sh=D1993D814BA36B1A382C22FDF203E03664B7470E ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="D:\ICQ 7.7\ICQ7M\Xtraz\icq\theme\icq_profile\icq7_flower.zip"
sh=50FF5FCB87254F62ADDAD89FC5E025173D03BAF1 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="D:\ICQ 7.7\ICQ7M\Xtraz\icq\theme\icq_profile\theme.zip"
sh=B595C5135A2236246F51709499972EFAB581B4DA ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="D:\ICQ 7.7\ICQ7M\Xtraz\icq\theme\icq_sounds\sounds.zip"
sh=96D5E91876EA556ED0353B0165FD41834717175C ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="D:\ICQ 7.7\ICQ7M\Xtraz\icq\theme\icq_welcome\zones.zip"
sh=A4DCA1E70C77F1BC6DF3ABE012FE84D2BFBA5CC3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="D:\ICQ 7.7\ICQ7M\Xtraz\icq\theme\import_contacts\icq7_flower.zip"
sh=0457FEC6414DCCC2BF7F0F5944426F4FE6ED2ED6 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="D:\ICQ 7.7\ICQ7M\Xtraz\icq\theme\ls_tab\avatars.zip"
sh=0134D7510A88889FF82E999BC25BC83CCCF92B26 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="D:\ICQ 7.7\ICQ7M\Xtraz\icq\theme\ls_tab\flower.zip"
sh=E7603FFFB5164EEF461073B8F8E1CF682A68C210 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="D:\ICQ 7.7\ICQ7M\Xtraz\icq\theme\ls_tab\theme.zip"
sh=CBA8C08CBE0275C02978481203A348B5E1C04A40 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="D:\ICQ 7.7\ICQ7M\Xtraz\icq\theme\mini_game_center\images.zip"
sh=D7671936EDCC1514390538AC221CAC9F576A85C4 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="D:\ICQ 7.7\ICQ7M\Xtraz\icq\theme\mini_game_center\mini_game_center.zip"
sh=F356F0C71C97335B61322C9095515669836D3AC5 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="D:\ICQ 7.7\ICQ7M\Xtraz\icq\theme\odd_cast_vhost\oddcast1.zip"
sh=5B8AC5595222917AFE6C52BD5FB0E7B7F59D10D0 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="D:\ICQ 7.7\ICQ7M\Xtraz\icq\theme\p7_billing\p7_billing.zip"
sh=5788CC65ACB0EC8874FBD8C055E91E9647162DE3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="D:\ICQ 7.7\ICQ7M\Xtraz\icq\theme\phone_login\phone_login_icon.zip"
sh=F31A0F20D93C4BB08ED97B60AB70E0B2B7F04949 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="D:\ICQ 7.7\ICQ7M\Xtraz\icq\theme\phone_login\phone_login_images.zip"
sh=9DFC18ADC0DA10BC03FB362D41B9B55979042519 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="D:\ICQ 7.7\ICQ7M\Xtraz\icq\theme\profile_forms\icq7_flower.zip"
sh=65C04D451837D87FB44BA8927156BC2A970FE664 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="D:\ICQ 7.7\ICQ7M\Xtraz\icq\theme\profile_forms\theme.zip"
sh=7F6AD0A0F490B7D48D5C531274772099B5385997 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="D:\ICQ 7.7\ICQ7M\Xtraz\icq\theme\profile_lightboxs\icq_profile_lightbox.zip"
sh=C053BBA82E473A4D41A733650ACD4D691DF8248F ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="D:\ICQ 7.7\ICQ7M\Xtraz\icq\theme\profile_lightboxs\theme.zip"
sh=F9947097AE2105916C7A41D088BC7CB1A66337DA ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="D:\ICQ 7.7\ICQ7M\Xtraz\icq\theme\pumk\images.zip"
sh=DC6D5611D29C585DA6BC9E88E86F501F1F25BA63 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="D:\ICQ 7.7\ICQ7M\Xtraz\icq\theme\pumk\pumk.zip"
sh=60AB78913591BE358D3753E6BC6970A25B69CE5F ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="D:\ICQ 7.7\ICQ7M\Xtraz\icq\theme\rps\rps.zip"
sh=1AF7E29CCAB4AEEC7BAB6F9CEF800B2B88DCC36B ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="D:\ICQ 7.7\ICQ7M\Xtraz\icq\theme\slide-a-lama\slide-a-lama.zip"
sh=8F144B47063BA8F35A6E70DCA18C77B92022BFD0 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="D:\ICQ 7.7\ICQ7M\Xtraz\icq\theme\sparkbee\PartyLands.zip"
sh=9892E46D832606B7323D5707DD3257817112F0A6 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="D:\ICQ 7.7\ICQ7M\Xtraz\icq\theme\url_opener\icq7_flower.zip"
sh=CD5D83F46A158CC2195037C637F7242C9011EB33 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="D:\ICQ 7.7\ICQ7M\Xtraz\icq\theme\warsheep\warsheep.zip"
sh=9AD9C2BC781D96CD60C31265027789864836939F ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="D:\ICQ 7.7\ICQ7M\Xtraz\icq\theme\xmpp_login\xmpp_login.zip"
sh=372504B7B7640EB9601ED104315BAB3BCFF3B906 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="D:\ICQ 7.7\ICQ7M\Xtraz\icq\theme\xmpp_login_odk\xmpp_login.zip"
sh=2F8431FD53300B75C084FBA2CB88B0EF5C60CD6D ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="D:\ICQ 7.7\ICQ7M\Xtraz\icq\theme\xmpp_login_vk\xmpp_login.zip"
sh=CA2DD71D92E621F894274C794EE5E3FB995B0B62 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="D:\ICQ 7.7\ICQ7M\Xtraz\icq\theme\zoopaloola\zoopaloola.zip"
sh=1F2F1D5A98987242618468D4E31D35AF5C908996 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="D:\ICQ 7.7\ICQ7M\Xtraz\zlango7\content\zlango_popup_xtra\bg-bg.zip"
sh=7CF3A94DF35ED80AEA943427A27FA63C5F6CCB1A ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="D:\ICQ 7.7\ICQ7M\Xtraz\zlango7\content\zlango_popup_xtra\content_max.zip"
sh=85663A8E613D9C84E8453B6D2B22DD0BEC10E75B ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="D:\ICQ 7.7\ICQ7M\Xtraz\zlango7\content\zlango_popup_xtra\cs-cz.zip"
sh=74D56AAA9B4634CA4647539462B429A1E736A25D ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="D:\ICQ 7.7\ICQ7M\Xtraz\zlango7\content\zlango_popup_xtra\de-at.zip"
sh=2B9835C1FE8451B4B9F344FBCDBFE65E898F91F4 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="D:\ICQ 7.7\ICQ7M\Xtraz\zlango7\content\zlango_popup_xtra\de-de.zip"
sh=D3B87492C8EEEC4FD4F617EC850AB6180B743A14 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="D:\ICQ 7.7\ICQ7M\Xtraz\zlango7\content\zlango_popup_xtra\en-us.zip"
sh=83D3C92F69634D75728AA5DF59A10DE6FCEF0A4D ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="D:\ICQ 7.7\ICQ7M\Xtraz\zlango7\content\zlango_popup_xtra\es-es.zip"
sh=22FD90469E98FE4103CF72A91C098ED9F3E44B8C ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="D:\ICQ 7.7\ICQ7M\Xtraz\zlango7\content\zlango_popup_xtra\fr-fr.zip"
sh=2FEADCB6BC75252ACA8F6412A91E20ED72EA123C ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="D:\ICQ 7.7\ICQ7M\Xtraz\zlango7\content\zlango_popup_xtra\he-il.zip"
sh=1C19EC4C1F021DFE69106122C876ED30C858C88C ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="D:\ICQ 7.7\ICQ7M\Xtraz\zlango7\content\zlango_popup_xtra\it-it.zip"
sh=3F53B5EB285A701F9DBEBDAE740E48051B658AED ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="D:\ICQ 7.7\ICQ7M\Xtraz\zlango7\content\zlango_popup_xtra\pt-br.zip"
sh=1E6832188A224BA056A21FFB19B505659B36A2B9 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="D:\ICQ 7.7\ICQ7M\Xtraz\zlango7\content\zlango_popup_xtra\ru-ru.zip"
sh=FEF37C04F2306FD012C970F5BA9444E3B8F2E295 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="D:\ICQ 7.7\ICQ7M\Xtraz\zlango7\content\zlango_popup_xtra\ru-ua.zip"
sh=F59825C702E301F59A3E7D371A3077A2AA3B6E86 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="D:\ICQ 7.7\ICQ7M\Xtraz\zlango7\content\zlango_popup_xtra\sk-sk.zip"
sh=F589996DE02FD4EEF11E7B5C4BFE26F5E695332C ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="D:\ICQ 7.7\ICQ7M\Xtraz\zlango7\content\zlango_popup_xtra\sv-se.zip"
sh=7142FA3BF5BABA186796757859C323EF971E07C4 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="D:\ICQ 7.7\ICQ7M\Xtraz\zlango7\content\zlango_popup_xtra\tr-tr.zip"
sh=3C07863BC4B2257F1A6D2271475AE68E0666FD8A ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="D:\ICQ 7.7\ICQ7M\Xtraz\zlango7\content\zlango_popup_xtra\ua-ua.zip"
sh=15581CAC7F2C08A0C0A73E5B844910D27F7F13ED ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="D:\ICQ 7.7\ICQ7M\Xtraz\zlango7\theme\zlango_popup_xtra\categories.zip"
sh=852CC451E9E44C5850E715B053A8F040D0EB14A8 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="D:\ICQ 7.7\ICQ7M\Xtraz\zlango7\theme\zlango_popup_xtra\day.zip"
sh=EC10AD6FCC1FA4882A47BDCE7338C30804EA23C9 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="D:\ICQ 7.7\ICQ7M\Xtraz\zlango7\theme\zlango_popup_xtra\describe.zip"
sh=9C06B03D16AC2FD0F3E796148EABD6047EC6D2BF ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="D:\ICQ 7.7\ICQ7M\Xtraz\zlango7\theme\zlango_popup_xtra\do.zip"
sh=8552C135279FB5FAE54197743D85355905EABDD0 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="D:\ICQ 7.7\ICQ7M\Xtraz\zlango7\theme\zlango_popup_xtra\do2.zip"
sh=7DDB1D525F1B90EE0F80E52898CCC6FF1067EF26 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="D:\ICQ 7.7\ICQ7M\Xtraz\zlango7\theme\zlango_popup_xtra\etc.zip"
sh=00F29367F0EB11DAF2F46E010D104944826007ED ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="D:\ICQ 7.7\ICQ7M\Xtraz\zlango7\theme\zlango_popup_xtra\etc2.zip"
sh=74955D04D5E6A1A815A422E0C391B0026B3F56A1 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="D:\ICQ 7.7\ICQ7M\Xtraz\zlango7\theme\zlango_popup_xtra\feel.zip"
sh=5A87E0B73ABABACEB363363F7BA85A13399215A4 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="D:\ICQ 7.7\ICQ7M\Xtraz\zlango7\theme\zlango_popup_xtra\feel2.zip"
sh=DB48B1D87AD40E6243105AC74C6F8E76758A9A32 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="D:\ICQ 7.7\ICQ7M\Xtraz\zlango7\theme\zlango_popup_xtra\if_buts.zip"
sh=0C640EBF08C24AC25F791263261745617985A909 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="D:\ICQ 7.7\ICQ7M\Xtraz\zlango7\theme\zlango_popup_xtra\if_buts2.zip"
sh=70F1690DCF2E00E4D323BE3E2FF2A2FF09E07379 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="D:\ICQ 7.7\ICQ7M\Xtraz\zlango7\theme\zlango_popup_xtra\images.zip"
sh=515555F09FD57F9D173AF08B537810C04FC88B41 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="D:\ICQ 7.7\ICQ7M\Xtraz\zlango7\theme\zlango_popup_xtra\nature.zip"
sh=8284A648EB817D628CC956E28EF7E88DCD7EB927 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="D:\ICQ 7.7\ICQ7M\Xtraz\zlango7\theme\zlango_popup_xtra\where.zip"
sh=ABB938384DEDB82088BD11B823229A057DCD3F28 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="D:\ICQ 7.7\ICQ7M\Xtraz\zlango7\theme\zlango_popup_xtra\who.zip"
sh=62B9692D7C05B2CF087A22B7D191C86B91D625D4 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="D:\ICQ 7.7\ICQ7M\Xtraz\zlango7\theme\zlango_popup_xtra\zlango1.zip"
sh=EA91D7DB06E071ACF48E2C4E5383C882A53A2AFD ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="D:\JadMod Pokemon\gba_bios.zip"
sh=17D19C0EF730F91FC59B5AB50F5BF2689A504C86 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="D:\JadMod Pokemon\vba_deu_1.7.zip"
sh=3D1E4270F7D1BB4539D095A9BEDDF2C68F36AD97 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="D:\JadMod Pokemon\VisualBoyAdvance-1.7.2.zip"
sh=D91ECEEA8840F4B9F88174FE2B5D17D624348507 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="D:\JadMod Pokemon\neuer Ordner thehe\vbalink173.zip"
sh=31DADB39F392294AED1E646F2CB2C309AE1FA694 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="D:\Pokemon Smaragd\Pokemon - Smaragd-Edition.zip"
sh=0F284A8099E1D211FDF627763D53A16F4D1005EF ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="D:\Pokemon Smaragd\Pokemon Smaragd (D).zip"
sh=3709D8B71620ABDAC79BECCD8421CD943F3E6F5F ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="D:\SlM 3.3\Morrigan\source\Slave-Morrigan\source.zip"
         
Security Check:

Code:
ATTFilter
 Results of screen317's Security Check version 0.99.69  
 Windows 7 Service Pack 1 x64 (UAC is disabled!)  
 Internet Explorer 10  
``````````````Antivirus/Firewall Check:`````````````` 
G Data AntiVirus 2013   
 Antivirus up to date!  (On Access scanning disabled!) 
`````````Anti-malware/Other Utilities Check:````````` 
 Malwarebytes Anti-Malware Version 1.75.0.1300  
 Java 7 Update 25  
 Adobe Flash Player 11.7.700.224  
 Adobe Reader XI  
 Mozilla Firefox (22.0) 
````````Process Check: objlist.exe by Laurent````````  
 G Data AntiVirus AVK AVKService.exe 
 G Data AntiVirus AVKTray AVKTray.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````
         
Und nochmal die frische FRST:


FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-07-2013
Ran by GEPC (administrator) on 14-07-2013 17:03:37
Running from C:\Users\GEPC\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(G Data Software AG) C:\Program Files (x86)\G Data\AntiVirus\AVK\AVKService.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Syntek America Inc.) C:\Windows\System32\StkCSrv.exe
(Ulead Systems, Inc.) C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Spotify Ltd) C:\Users\GEPC\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(G Data Software AG) C:\Program Files (x86)\G Data\AntiVirus\AVKTray\AVKTray.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G DATA\AVKProxy\GdBgInx64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s [7560296 2011-12-12] (Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [472992 2013-03-21] (Adobe Systems Incorporated)
HKCU\...\Run: [Skype] - "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [19875432 2013-06-21] (Skype Technologies S.A.)
HKCU\...\Run: [Spotify Web Helper] - "C:\Users\GEPC\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [1105408 2013-05-07] (Spotify Ltd)
HKCU\...\Run: [Steam] - "D:\Steam\Steam.exe" -silent [x]
HKLM-x32\...\Run: [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] - "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [G Data AntiVirus Tray] - C:\Program Files (x86)\G Data\AntiVirus\AVKTray\AVKTray.exe [1444304 2013-03-22] (G Data Software AG)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] - "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start [2255184 2013-06-28] (LogMeIn Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - "C:\Program Files (x86)\Internet Explorer\iexplore.exe"
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\GEPC\AppData\Roaming\Mozilla\Firefox\Profiles\tdeajqej.default
FF Homepage: https://www.google.de/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @java.com/DTPlugin,version=10.17.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.17.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF SearchPlugin: C:\Users\GEPC\AppData\Roaming\Mozilla\Firefox\Profiles\tdeajqej.default\searchplugins\englische-ergebnisse.xml
FF SearchPlugin: C:\Users\GEPC\AppData\Roaming\Mozilla\Firefox\Profiles\tdeajqej.default\searchplugins\gmx-suche.xml
FF SearchPlugin: C:\Users\GEPC\AppData\Roaming\Mozilla\Firefox\Profiles\tdeajqej.default\searchplugins\lastminute.xml
FF SearchPlugin: C:\Users\GEPC\AppData\Roaming\Mozilla\Firefox\Profiles\tdeajqej.default\searchplugins\searchplugins-backup
FF SearchPlugin: C:\Users\GEPC\AppData\Roaming\Mozilla\Firefox\Profiles\tdeajqej.default\searchplugins\webde-suche.xml
FF Extension: ProxTube - Gesperrte YouTube Videos entsperren - C:\Users\GEPC\AppData\Roaming\Mozilla\Firefox\Profiles\tdeajqej.default\Extensions\ich@maltegoetz.de
FF Extension: No Name - C:\Users\GEPC\AppData\Roaming\Mozilla\Firefox\Profiles\tdeajqej.default\Extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}.xpi
FF Extension: No Name - C:\Users\GEPC\AppData\Roaming\Mozilla\Firefox\Profiles\tdeajqej.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

Chrome: 
=======
CHR Extension: (BRoawsoe2save) - C:\Users\GEPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\plnjboioidallfpohbmpbjhipjnlginf\1

==================== Services (Whitelisted) =================

S4 AVKProxy; C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe [1957840 2013-03-22] (G Data Software AG)
R2 AVKService; C:\Program Files (x86)\G Data\AntiVirus\AVK\AVKService.exe [635344 2013-02-25] (G Data Software AG)
S4 AVKWCtl; C:\Program Files (x86)\G Data\AntiVirus\AVK\AVKWCtlX64.exe [2556896 2013-04-24] (G Data Software AG)
S4 GDScan; C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe [696808 2013-02-25] (G Data Software AG)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-02-07] (Intel Corporation)
R2 StkSSrv; C:\Windows\System32\StkCSrv.exe [24576 2007-02-12] (Syntek America Inc.)

==================== Drivers (Whitelisted) ====================

R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-08-09] (DT Soft Ltd)
R0 GDBehave; C:\Windows\System32\drivers\GDBehave.sys [60248 2013-06-04] (G Data Software AG)
R1 GDMnIcpt; C:\Windows\system32\drivers\MiniIcpt.sys [130392 2013-06-04] (G Data Software AG)
S3 GDPkIcpt; C:\Windows\system32\drivers\PktIcpt.sys [62368 2013-01-08] (G Data Software AG)
R1 gdwfpcd; C:\Windows\System32\drivers\gdwfpcd64.sys [64856 2013-06-04] (G Data Software AG)
R1 GRD; C:\Windows\system32\drivers\GRD.sys [106648 2012-08-09] (G Data Software)
R1 GRD; C:\Windows\system32\drivers\GRD.sys [106648 2012-08-09] (G Data Software)
R1 HookCentre; C:\Windows\system32\drivers\HookCentre.sys [65368 2013-06-04] (G Data Software AG)
S3 StkCMini; C:\Windows\System32\Drivers\StkCMini.sys [632704 2007-06-28] (Syntek)
S3 usbbus; C:\Windows\System32\DRIVERS\lgx64bus.sys [17920 2008-11-11] (LG Electronics Inc.)
S3 UsbDiag; C:\Windows\System32\DRIVERS\lgx64diag.sys [27136 2008-11-11] (LG Electronics Inc.)
S3 USBModem; C:\Windows\System32\DRIVERS\lgx64modem.sys [33792 2008-11-11] (LG Electronics Inc.)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-14 17:02 - 2013-07-14 17:03 - 01777839 _____ (Farbar) C:\Users\GEPC\Desktop\FRST64.exe
2013-07-14 16:56 - 2013-07-14 16:56 - 00891022 _____ C:\Users\GEPC\Desktop\SecurityCheck(1).exe
2013-07-13 22:28 - 2013-07-13 22:28 - 00000624 _____ C:\Users\GEPC\Desktop\JRT.txt
2013-07-13 22:22 - 2013-07-13 22:22 - 00001313 _____ C:\Users\GEPC\Desktop\AdwCleaner[S2].txt
2013-07-13 22:20 - 2013-07-13 22:20 - 00001313 _____ C:\AdwCleaner[S2].txt
2013-07-13 22:19 - 2013-07-13 22:19 - 00662345 _____ C:\Users\GEPC\Desktop\adwcleaner.exe
2013-07-13 20:58 - 2013-07-13 20:58 - 00021759 _____ C:\ComboFix.txt
2013-07-13 20:31 - 2013-07-13 20:58 - 00000000 ____D C:\Qoobox
2013-07-13 20:31 - 2013-07-13 20:57 - 00000000 ____D C:\Windows\erdnt
2013-07-13 20:31 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2013-07-13 20:31 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2013-07-13 20:31 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-07-13 20:31 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-07-13 20:31 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-07-13 20:31 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2013-07-13 20:31 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2013-07-13 20:31 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2013-07-13 20:28 - 2013-07-13 20:29 - 05088600 ____R (Swearware) C:\Users\GEPC\Desktop\ComboFix.exe
2013-07-13 19:19 - 2013-07-13 19:19 - 00006912 _____ C:\Users\GEPC\Desktop\Malwarebytes vor Ausbruch des Virus.txt
2013-07-13 19:19 - 2013-07-13 19:19 - 00002614 _____ C:\Users\GEPC\Desktop\Malwarebytes nach dem Virus.txt
2013-07-13 18:57 - 2013-07-13 18:57 - 00033389 _____ C:\Users\GEPC\Downloads\FRST.txt
2013-07-13 18:57 - 2013-07-13 18:57 - 00014757 _____ C:\Users\GEPC\Downloads\Addition.txt
2013-07-13 18:56 - 2013-07-13 18:56 - 00000000 ____D C:\FRST
2013-07-13 18:50 - 2013-07-13 22:24 - 00559441 _____ (Oleg N. Scherbakov) C:\Users\GEPC\Desktop\JRT.exe
2013-07-13 18:50 - 2013-07-13 18:50 - 00000000 ____D C:\Windows\ERUNT
2013-07-13 18:45 - 2013-07-13 18:45 - 00027930 _____ C:\AdwCleaner[S1].txt
2013-07-13 18:42 - 2013-07-13 18:42 - 00000869 _____ C:\Users\GEPC\Desktop\checkup.txt
2013-07-13 18:31 - 2013-07-13 18:31 - 00890988 _____ C:\Users\GEPC\Downloads\SecurityCheck.exe
2013-07-13 18:26 - 2013-07-13 18:26 - 00021557 _____ C:\Users\GEPC\Desktop\eset.txt
2013-07-13 03:22 - 2013-07-13 03:22 - 00000000 ____D C:\Program Files (x86)\ESET
2013-07-13 03:21 - 2013-07-13 03:21 - 02347384 _____ (ESET) C:\Users\GEPC\Downloads\esetsmartinstaller_enu.exe
2013-07-13 03:07 - 2013-06-12 01:42 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-13 03:07 - 2013-06-12 01:25 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-13 03:07 - 2013-06-07 05:22 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-13 03:07 - 2013-06-07 04:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-13 03:06 - 2013-06-12 01:43 - 14329856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-13 03:06 - 2013-06-12 01:43 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-13 03:06 - 2013-06-12 01:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-13 03:06 - 2013-06-12 01:43 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-13 03:06 - 2013-06-12 01:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-13 03:06 - 2013-06-12 01:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-13 03:06 - 2013-06-12 01:43 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-13 03:06 - 2013-06-12 01:42 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-13 03:06 - 2013-06-12 01:42 - 02046976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-13 03:06 - 2013-06-12 01:42 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-07-13 03:06 - 2013-06-12 01:42 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-07-13 03:06 - 2013-06-12 01:42 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-07-13 03:06 - 2013-06-12 01:26 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-13 03:06 - 2013-06-12 01:26 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-13 03:06 - 2013-06-12 01:26 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-07-13 03:06 - 2013-06-12 01:25 - 19238912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-13 03:06 - 2013-06-12 01:25 - 15404032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-13 03:06 - 2013-06-12 01:25 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-13 03:06 - 2013-06-12 01:25 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-13 03:06 - 2013-06-12 01:25 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-13 03:06 - 2013-06-12 01:25 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-13 03:06 - 2013-06-12 01:25 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-07-13 03:06 - 2013-06-12 01:25 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-07-13 03:06 - 2013-06-12 01:25 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-13 03:06 - 2013-06-12 01:25 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-07-13 03:06 - 2013-06-12 00:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-13 03:06 - 2013-06-12 00:50 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-07-13 00:02 - 2013-07-13 00:02 - 00000201 _____ C:\Users\GEPC\Desktop\Borderlands 2.url
2013-07-12 20:26 - 2013-06-04 08:00 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-07-12 20:26 - 2013-06-04 06:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2013-07-12 20:26 - 2013-05-06 08:03 - 01887744 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-12 20:26 - 2013-05-06 06:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-07-12 20:25 - 2013-06-05 05:34 - 03153920 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-07-12 20:24 - 2013-04-10 01:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-07-12 20:24 - 2013-04-03 00:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-07-12 19:15 - 2013-07-12 19:15 - 00000000 ____D C:\Users\GEPC\AppData\Local\YwzTRfLA
2013-07-12 19:15 - 2013-07-12 19:15 - 00000000 ____D C:\Users\GEPC\AppData\Local\QMCNjAnv
2013-07-12 12:15 - 2013-07-12 12:15 - 00000202 _____ C:\Users\GEPC\Desktop\Bastion.url
2013-07-11 22:47 - 2013-07-11 22:47 - 00000200 _____ C:\Users\GEPC\Desktop\Thief Deadly Shadows.url
2013-07-11 22:43 - 2013-07-11 22:43 - 00000202 _____ C:\Users\GEPC\Desktop\Thief 2.url
2013-07-11 22:24 - 2013-07-11 22:24 - 00000202 _____ C:\Users\GEPC\Desktop\Thief Gold.url
2013-07-11 01:42 - 2013-07-11 01:46 - 01933440 _____ C:\Users\GEPC\Desktop\Portal endgültige ende.sfk
2013-07-11 01:40 - 2013-07-11 01:41 - 00003776 _____ C:\Users\GEPC\Desktop\Outro.mp4.sfk
2013-07-11 01:39 - 2013-07-11 01:39 - 247472172 _____ C:\Users\GEPC\Desktop\Portal endgültige ende.wav
2013-07-09 22:30 - 2013-07-09 22:32 - 29911045 _____ C:\Users\GEPC\Desktop\Borderlands_ Claptrap's New Revolution DLC - Mr. Blake & Marcus Cutscene Intros HD Gameplay PS3.mp4
2013-07-09 21:38 - 2013-07-09 21:39 - 04805561 _____ C:\Users\GEPC\Desktop\Borderlands Mr Blake Intro.mp4
2013-07-09 21:36 - 2013-07-09 21:40 - 44659881 _____ C:\Users\GEPC\Desktop\Borderlands Cluck-Trap (HD).mp4
2013-07-09 02:32 - 2013-07-09 02:32 - 00000664 _____ C:\Users\GEPC\Documents\Jawamann Deckliste.txt
2013-07-08 19:55 - 2013-07-08 19:55 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_ssadadb_01005.Wdf
2013-07-07 12:26 - 2013-07-07 12:26 - 00000199 _____ C:\Users\GEPC\Desktop\Left 4 Dead 2.url
2013-07-04 17:29 - 2013-07-04 19:32 - 00000000 ____D C:\Users\GEPC\AppData\Roaming\Nico Mak Computing
2013-07-04 17:29 - 2013-07-04 17:32 - 44141605 _____ C:\Users\GEPC\Desktop\Der Weg neu).mp4
2013-07-04 16:39 - 2013-07-04 16:39 - 00000202 _____ C:\Users\GEPC\Desktop\Unepic.url
2013-07-04 15:51 - 2013-07-14 01:49 - 00000000 ____D C:\Users\GEPC\AppData\Roaming\vlc
2013-07-04 15:50 - 2013-07-04 15:50 - 00001066 _____ C:\Users\Public\Desktop\VLC media player.lnk
2013-07-04 15:50 - 2013-07-04 15:50 - 00001066 _____ C:\ProgramData\Desktop\VLC media player.lnk
2013-07-03 22:54 - 2013-07-03 22:54 - 00000192 _____ C:\Users\GEPC\Desktop\Baldur's Gate Enhanced Edition.url
2013-07-03 19:13 - 2013-07-03 22:12 - 00013495 _____ C:\Users\GEPC\Desktop\Intrp Skript.odt
2013-07-02 20:29 - 2013-07-02 20:29 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi
2013-07-01 13:00 - 2013-07-01 13:00 - 00000199 _____ C:\Users\GEPC\Desktop\Portal.url
2013-06-29 15:05 - 2013-07-03 20:33 - 00000000 ____D C:\Users\GEPC\Desktop\JaDMod Bilder
2013-06-29 12:33 - 2013-07-03 15:44 - 00000000 ____D C:\Users\GEPC\Desktop\Bilder
2013-06-27 21:17 - 2013-06-27 22:09 - 599795156 _____ C:\Users\GEPC\Desktop\Borderlands - All DLC Cutscene Bosses in Order.mp4
2013-06-26 12:49 - 2013-06-27 00:33 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-06-25 12:42 - 2013-06-25 12:42 - 00020020 _____ C:\Users\GEPC\Desktop\Magicka Komplett.odt
2013-06-25 12:19 - 2013-07-09 02:25 - 00000000 ____D C:\Program Files (x86)\DevPro
2013-06-24 21:43 - 2013-06-24 21:43 - 00172032 _____ (Europress Software) C:\Windows\SysWOW64\cncs32.dll
2013-06-24 21:43 - 2013-06-24 21:43 - 00000018 _____ C:\Windows\gfact.ini
2013-06-24 21:43 - 2013-06-24 21:43 - 00000000 ____D C:\Windows\technician
2013-06-24 21:43 - 2013-06-24 21:43 - 00000000 ____D C:\Users\GEPC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Jeux
2013-06-24 01:17 - 2013-06-24 01:17 - 00263592 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-06-24 01:17 - 2013-06-24 01:17 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-06-24 01:17 - 2013-06-24 01:17 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-06-24 01:17 - 2013-06-24 01:17 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-06-24 01:17 - 2013-06-24 01:17 - 00000000 ____D C:\Program Files (x86)\Java
2013-06-22 23:50 - 2013-06-22 23:50 - 00000201 _____ C:\Users\GEPC\Desktop\Magicka.url
2013-06-22 01:30 - 2013-06-22 01:30 - 00000202 _____ C:\Users\GEPC\Desktop\Awesomenauts.url
2013-06-22 01:02 - 2013-06-22 01:02 - 00000202 _____ C:\Users\GEPC\Desktop\Ace of Spades.url
2013-06-15 01:06 - 2013-06-15 01:06 - 00000000 ____D C:\Users\GEPC\AppData\Roaming\collection
2013-06-14 16:29 - 2013-06-14 16:29 - 00000202 _____ C:\Users\GEPC\Desktop\The Basement Collection.url

==================== One Month Modified Files and Folders =======

2013-07-14 17:03 - 2013-07-14 17:02 - 01777839 _____ (Farbar) C:\Users\GEPC\Desktop\FRST64.exe
2013-07-14 16:56 - 2013-07-14 16:56 - 00891022 _____ C:\Users\GEPC\Desktop\SecurityCheck(1).exe
2013-07-14 16:42 - 2012-11-12 11:27 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-14 16:08 - 2012-08-08 01:16 - 01828556 _____ C:\Windows\WindowsUpdate.log
2013-07-14 14:39 - 2013-03-10 23:14 - 00000000 ____D C:\Users\GEPC\AppData\Local\LogMeIn Hamachi
2013-07-14 14:39 - 2012-12-13 12:46 - 00000000 ____D C:\Users\GEPC\AppData\Roaming\Skype
2013-07-14 12:34 - 2009-07-14 06:45 - 00021840 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-14 12:34 - 2009-07-14 06:45 - 00021840 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-14 12:32 - 2010-11-21 08:50 - 00689126 _____ C:\Windows\system32\perfh007.dat
2013-07-14 12:32 - 2010-11-21 08:50 - 00149098 _____ C:\Windows\system32\perfc007.dat
2013-07-14 12:32 - 2009-07-14 07:13 - 01620612 _____ C:\Windows\system32\PerfStringBackup.INI
2013-07-14 12:29 - 2009-07-14 06:51 - 00129729 _____ C:\Windows\setupact.log
2013-07-14 12:27 - 2012-08-08 08:41 - 00000000 ____D C:\ProgramData\NVIDIA
2013-07-14 12:27 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-07-14 03:15 - 2012-08-09 19:56 - 00000000 ____D C:\Users\GEPC\AppData\Roaming\Spotify
2013-07-14 02:00 - 2012-08-20 14:05 - 00000000 ____D C:\Users\GEPC\AppData\Local\Adobe
2013-07-14 01:49 - 2013-07-04 15:51 - 00000000 ____D C:\Users\GEPC\AppData\Roaming\vlc
2013-07-14 01:30 - 2013-04-06 02:02 - 00000000 ____D C:\Users\GEPC\AppData\Local\Deployment
2013-07-14 01:25 - 2009-07-14 07:08 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-07-13 22:28 - 2013-07-13 22:28 - 00000624 _____ C:\Users\GEPC\Desktop\JRT.txt
2013-07-13 22:24 - 2013-07-13 18:50 - 00559441 _____ (Oleg N. Scherbakov) C:\Users\GEPC\Desktop\JRT.exe
2013-07-13 22:22 - 2013-07-13 22:22 - 00001313 _____ C:\Users\GEPC\Desktop\AdwCleaner[S2].txt
2013-07-13 22:21 - 2010-11-21 05:47 - 00517952 _____ C:\Windows\PFRO.log
2013-07-13 22:20 - 2013-07-13 22:20 - 00001313 _____ C:\AdwCleaner[S2].txt
2013-07-13 22:19 - 2013-07-13 22:19 - 00662345 _____ C:\Users\GEPC\Desktop\adwcleaner.exe
2013-07-13 20:59 - 2013-04-06 02:02 - 00000000 ____D C:\Users\GEPC\AppData\Local\Apps\2.0
2013-07-13 20:58 - 2013-07-13 20:58 - 00021759 _____ C:\ComboFix.txt
2013-07-13 20:58 - 2013-07-13 20:31 - 00000000 ____D C:\Qoobox
2013-07-13 20:58 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Default
2013-07-13 20:57 - 2013-07-13 20:31 - 00000000 ____D C:\Windows\erdnt
2013-07-13 20:57 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini
2013-07-13 20:36 - 2012-12-03 21:38 - 00000000 ____D C:\Users\GEPC\AppData\Local\CrashDumps
2013-07-13 20:29 - 2013-07-13 20:28 - 05088600 ____R (Swearware) C:\Users\GEPC\Desktop\ComboFix.exe
2013-07-13 19:19 - 2013-07-13 19:19 - 00006912 _____ C:\Users\GEPC\Desktop\Malwarebytes vor Ausbruch des Virus.txt
2013-07-13 19:19 - 2013-07-13 19:19 - 00002614 _____ C:\Users\GEPC\Desktop\Malwarebytes nach dem Virus.txt
2013-07-13 18:57 - 2013-07-13 18:57 - 00033389 _____ C:\Users\GEPC\Downloads\FRST.txt
2013-07-13 18:57 - 2013-07-13 18:57 - 00014757 _____ C:\Users\GEPC\Downloads\Addition.txt
2013-07-13 18:56 - 2013-07-13 18:56 - 00000000 ____D C:\FRST
2013-07-13 18:50 - 2013-07-13 18:50 - 00000000 ____D C:\Windows\ERUNT
2013-07-13 18:45 - 2013-07-13 18:45 - 00027930 _____ C:\AdwCleaner[S1].txt
2013-07-13 18:42 - 2013-07-13 18:42 - 00000869 _____ C:\Users\GEPC\Desktop\checkup.txt
2013-07-13 18:31 - 2013-07-13 18:31 - 00890988 _____ C:\Users\GEPC\Downloads\SecurityCheck.exe
2013-07-13 18:26 - 2013-07-13 18:26 - 00021557 _____ C:\Users\GEPC\Desktop\eset.txt
2013-07-13 08:23 - 2012-12-13 19:44 - 00004070 _____ C:\Windows\System32\Tasks\Software Updater Ui
2013-07-13 08:23 - 2012-12-10 19:43 - 00004130 _____ C:\Windows\System32\Tasks\Software Updater
2013-07-13 04:33 - 2009-07-14 06:45 - 04944432 _____ C:\Windows\system32\FNTCACHE.DAT
2013-07-13 04:32 - 2012-11-15 19:02 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-13 04:32 - 2012-11-15 19:02 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-07-13 04:31 - 2010-11-21 09:00 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-13 04:31 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-13 04:31 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-07-13 03:22 - 2013-07-13 03:22 - 00000000 ____D C:\Program Files (x86)\ESET
2013-07-13 03:21 - 2013-07-13 03:21 - 02347384 _____ (ESET) C:\Users\GEPC\Downloads\esetsmartinstaller_enu.exe
2013-07-13 03:11 - 2012-08-07 19:46 - 78185248 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-07-13 00:02 - 2013-07-13 00:02 - 00000201 _____ C:\Users\GEPC\Desktop\Borderlands 2.url
2013-07-13 00:02 - 2013-03-27 23:55 - 00000000 ____D C:\Users\GEPC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2013-07-12 21:09 - 2013-04-06 02:03 - 00000000 ____D C:\Users\GEPC\AppData\Roaming\MetroTwit
2013-07-12 21:09 - 2012-11-29 22:21 - 00000000 ____D C:\Users\GEPC\AppData\Local\TubeBox
2013-07-12 21:09 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\registration
2013-07-12 21:09 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\AppCompat
2013-07-12 21:09 - 2009-07-14 05:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2013-07-12 20:19 - 2012-08-08 01:19 - 00000000 ____D C:\Users\GEPC
2013-07-12 19:15 - 2013-07-12 19:15 - 00000000 ____D C:\Users\GEPC\AppData\Local\YwzTRfLA
2013-07-12 19:15 - 2013-07-12 19:15 - 00000000 ____D C:\Users\GEPC\AppData\Local\QMCNjAnv
2013-07-12 12:15 - 2013-07-12 12:15 - 00000202 _____ C:\Users\GEPC\Desktop\Bastion.url
2013-07-11 22:47 - 2013-07-11 22:47 - 00000200 _____ C:\Users\GEPC\Desktop\Thief Deadly Shadows.url
2013-07-11 22:43 - 2013-07-11 22:43 - 00000202 _____ C:\Users\GEPC\Desktop\Thief 2.url
2013-07-11 22:24 - 2013-07-11 22:24 - 00000202 _____ C:\Users\GEPC\Desktop\Thief Gold.url
2013-07-11 02:20 - 2012-09-01 08:31 - 00000000 ____D C:\Users\GEPC\Desktop\Sony Vegas Dateien (geschnitten)
2013-07-11 01:46 - 2013-07-11 01:42 - 01933440 _____ C:\Users\GEPC\Desktop\Portal endgültige ende.sfk
2013-07-11 01:41 - 2013-07-11 01:40 - 00003776 _____ C:\Users\GEPC\Desktop\Outro.mp4.sfk
2013-07-11 01:39 - 2013-07-11 01:39 - 247472172 _____ C:\Users\GEPC\Desktop\Portal endgültige ende.wav
2013-07-11 01:39 - 2012-08-12 22:28 - 00000000 ____D C:\Users\GEPC\AppData\Roaming\Audacity
2013-07-10 21:34 - 2012-12-13 12:46 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-07-10 21:34 - 2012-12-13 12:27 - 00000000 ____D C:\ProgramData\Skype
2013-07-09 22:32 - 2013-07-09 22:30 - 29911045 _____ C:\Users\GEPC\Desktop\Borderlands_ Claptrap's New Revolution DLC - Mr. Blake & Marcus Cutscene Intros HD Gameplay PS3.mp4
2013-07-09 21:40 - 2013-07-09 21:36 - 44659881 _____ C:\Users\GEPC\Desktop\Borderlands Cluck-Trap (HD).mp4
2013-07-09 21:39 - 2013-07-09 21:38 - 04805561 _____ C:\Users\GEPC\Desktop\Borderlands Mr Blake Intro.mp4
2013-07-09 02:32 - 2013-07-09 02:32 - 00000664 _____ C:\Users\GEPC\Documents\Jawamann Deckliste.txt
2013-07-09 02:25 - 2013-06-25 12:19 - 00000000 ____D C:\Program Files (x86)\DevPro
2013-07-08 19:55 - 2013-07-08 19:55 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_ssadadb_01005.Wdf
2013-07-07 12:26 - 2013-07-07 12:26 - 00000199 _____ C:\Users\GEPC\Desktop\Left 4 Dead 2.url
2013-07-07 12:20 - 2013-02-08 23:20 - 00000000 ____D C:\Users\GEPC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Left 4 Dead
2013-07-06 21:57 - 2012-11-26 19:29 - 00000000 ____D C:\Users\GEPC\AppData\Local\Paint.NET
2013-07-05 22:04 - 2012-08-07 19:39 - 00080912 _____ C:\Users\GEPC\AppData\Local\GDIPFONTCACHEV1.DAT
2013-07-04 19:32 - 2013-07-04 17:29 - 00000000 ____D C:\Users\GEPC\AppData\Roaming\Nico Mak Computing
2013-07-04 17:32 - 2013-07-04 17:29 - 44141605 _____ C:\Users\GEPC\Desktop\Der Weg neu).mp4
2013-07-04 17:29 - 2013-01-03 03:21 - 00001289 _____ C:\Users\Public\Desktop\YTD Video Downloader.lnk
2013-07-04 17:29 - 2013-01-03 03:21 - 00001289 _____ C:\ProgramData\Desktop\YTD Video Downloader.lnk
2013-07-04 16:39 - 2013-07-04 16:39 - 00000202 _____ C:\Users\GEPC\Desktop\Unepic.url
2013-07-04 15:50 - 2013-07-04 15:50 - 00001066 _____ C:\Users\Public\Desktop\VLC media player.lnk
2013-07-04 15:50 - 2013-07-04 15:50 - 00001066 _____ C:\ProgramData\Desktop\VLC media player.lnk
2013-07-04 15:12 - 2012-09-03 16:00 - 00018419 _____ C:\Users\GEPC\Desktop\LP.odt
2013-07-03 22:54 - 2013-07-03 22:54 - 00000192 _____ C:\Users\GEPC\Desktop\Baldur's Gate Enhanced Edition.url
2013-07-03 22:12 - 2013-07-03 19:13 - 00013495 _____ C:\Users\GEPC\Desktop\Intrp Skript.odt
2013-07-03 20:33 - 2013-06-29 15:05 - 00000000 ____D C:\Users\GEPC\Desktop\JaDMod Bilder
2013-07-03 15:44 - 2013-06-29 12:33 - 00000000 ____D C:\Users\GEPC\Desktop\Bilder
2013-07-02 20:29 - 2013-07-02 20:29 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi
2013-07-02 15:13 - 2012-09-17 18:21 - 00000000 ____D C:\Users\GEPC\Desktop\Youtube
2013-07-01 13:00 - 2013-07-01 13:00 - 00000199 _____ C:\Users\GEPC\Desktop\Portal.url
2013-06-27 22:09 - 2013-06-27 21:17 - 599795156 _____ C:\Users\GEPC\Desktop\Borderlands - All DLC Cutscene Bosses in Order.mp4
2013-06-27 09:26 - 2012-08-30 07:08 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-06-27 00:33 - 2013-06-26 12:49 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-06-26 13:50 - 2012-08-09 21:16 - 00000000 ____D C:\Users\GEPC\AppData\Roaming\.minecraft
2013-06-25 12:45 - 2012-08-09 14:19 - 00000000 ____D C:\Users\GEPC\AppData\Roaming\Adobe
2013-06-25 12:42 - 2013-06-25 12:42 - 00020020 _____ C:\Users\GEPC\Desktop\Magicka Komplett.odt
2013-06-24 21:43 - 2013-06-24 21:43 - 00172032 _____ (Europress Software) C:\Windows\SysWOW64\cncs32.dll
2013-06-24 21:43 - 2013-06-24 21:43 - 00000018 _____ C:\Windows\gfact.ini
2013-06-24 21:43 - 2013-06-24 21:43 - 00000000 ____D C:\Windows\technician
2013-06-24 21:43 - 2013-06-24 21:43 - 00000000 ____D C:\Users\GEPC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Jeux
2013-06-24 01:17 - 2013-06-24 01:17 - 00263592 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-06-24 01:17 - 2013-06-24 01:17 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-06-24 01:17 - 2013-06-24 01:17 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-06-24 01:17 - 2013-06-24 01:17 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-06-24 01:17 - 2013-06-24 01:17 - 00000000 ____D C:\Program Files (x86)\Java
2013-06-24 01:17 - 2013-03-23 21:47 - 00867240 _____ (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2013-06-24 01:17 - 2013-03-23 21:47 - 00789416 _____ (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2013-06-23 10:46 - 2012-08-21 02:16 - 00096193 _____ C:\Windows\DirectX.log
2013-06-22 23:50 - 2013-06-22 23:50 - 00000201 _____ C:\Users\GEPC\Desktop\Magicka.url
2013-06-22 01:30 - 2013-06-22 01:30 - 00000202 _____ C:\Users\GEPC\Desktop\Awesomenauts.url
2013-06-22 01:02 - 2013-06-22 01:02 - 00000202 _____ C:\Users\GEPC\Desktop\Ace of Spades.url
2013-06-18 13:01 - 2012-12-16 00:42 - 00001078 _____ C:\Users\GEPC\Desktop\League of Legends.lnk
2013-06-15 01:06 - 2013-06-15 01:06 - 00000000 ____D C:\Users\GEPC\AppData\Roaming\collection
2013-06-14 16:29 - 2013-06-14 16:29 - 00000202 _____ C:\Users\GEPC\Desktop\The Basement Collection.url
2013-06-14 03:17 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-07-13 05:02

==================== End Of Log ============================
         
--- --- ---


Ich habe das Gefühl die Trojaner sind weitesgehend verschwunden, allerdings ist das anfängliche Problem der Bilder und Videos noch existent. Inzwischen habe ich jedoch herausgefunden das ich nur jpg-Dateien und wmv-Videos nicht öffnen kann. Png und Mp4 geht beispielsweise. Die Dateien sind alle noch mit dem vollen Speicher vorhanden und auch die Vorschau ist korrekt, sobald ich diese Bilder allerdings mit irgendwas öffnen möchte (z.B. die normale Windows Fotoanzeige) kommt immer noch besagte Grafik des Anfangsposts. Die Videos lassen sich erst gar nicht öffnen, sind jedoch immer noch vorhanden. Könnte es sein das der Trojaner die Codecs in irgendeiner Hinsicht beschädigt hat? Und könnte man das Reparieren?

Alt 14.07.2013, 18:54   #12
schrauber
/// the machine
/// TB-Ausbilder
 

GVU Trojaner komplett entfernen? - Standard

GVU Trojaner komplett entfernen?



Die Eset Funde, die ganzen Ordner mit ICQ und Co, bitte alles löschen und den Papierkorb leeren.

Downloade Dir bitte TFC ( von Oldtimer ) und speichere die Datei auf dem Desktop.
Schließe nun alle offenen Programme und trenne Dich von dem Internet.
Doppelklick auf die TFC.exe und drücke auf Start.
Sollte TFC nicht alle Dateien löschen können wird es einen Neustart verlangen. Dies bitte zulassen.


Deine Dateien sind futsch, es gibt kein Entschlüsselungstool.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 15.07.2013, 18:00   #13
Jawa
 
GVU Trojaner komplett entfernen? - Standard

GVU Trojaner komplett entfernen?



Alles klar, ich bedanke mich nochmal recht herzlich für die ganzen hilfreichen Tipps und die aufgewendete Zeit, ich denke der PC ist jetzt wieder sauber. Ich werde dann mal die ganzen Programme wieder deinstallieren und die kaputten Dateien entsorgen, das könnte etwas dauern.

Alt 15.07.2013, 19:19   #14
schrauber
/// the machine
/// TB-Ausbilder
 

GVU Trojaner komplett entfernen? - Standard

GVU Trojaner komplett entfernen?



Ok

Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.


Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 16.07.2013, 09:33   #15
Jawa
 
GVU Trojaner komplett entfernen? - Standard

GVU Trojaner komplett entfernen?



So ich hab das meiste von deinen Links nun hinzugefügt und inzwischen alle unbrauchbaren Dateien vom Pc entfernt. Ich bedanke mich noch einmal für die Hilfe, damit ist jetzt alles wieder siicher und es gibt keine Probleme mehr. Schönen Tag noch!

Antwort

Themen zu GVU Trojaner komplett entfernen?
appdatalow, automatische, besser, betriebssystem, entfernen, falsche, forum, internet browser, java/exploit.agent.osm, komplett entfernen, malwarebytes, media player, probleme, pum.disabled.securitycenter, pum.hijack.taskmanager, pup.dealply, registrierungsdatenbank, screenshot, systemwiederherstellung, tarma, trojan.ransom, trojan.ransom.rre, win32/adware.ibryte.h, win32/adware.multiplug.h, win32/adware.yontoo.b, win32/filecoder.bh.gen, win32/injector.ajls, windows, windows 7, windows media player



Ähnliche Themen: GVU Trojaner komplett entfernen?


  1. Webssearches eingefangen, wie komplett entfernen?
    Plagegeister aller Art und deren Bekämpfung - 09.12.2014 (5)
  2. PC Performer komplett entfernen
    Plagegeister aller Art und deren Bekämpfung - 07.09.2013 (11)
  3. Hola Search komplett entfernen
    Log-Analyse und Auswertung - 13.07.2013 (13)
  4. GVU-Virus komplett entfernen
    Plagegeister aller Art und deren Bekämpfung - 05.07.2013 (13)
  5. Bundestrojaner komplett entfernen
    Log-Analyse und Auswertung - 30.09.2012 (12)
  6. GVU Trojaner 2.07 komplett entfernen
    Log-Analyse und Auswertung - 06.09.2012 (11)
  7. GVU Trojaner komplett entfernen
    Plagegeister aller Art und deren Bekämpfung - 05.09.2012 (17)
  8. GVU Trojaner komplett entfernen
    Plagegeister aller Art und deren Bekämpfung - 03.09.2012 (24)
  9. Guv Trojaner 2.7 komplett entfernen
    Plagegeister aller Art und deren Bekämpfung - 01.09.2012 (20)
  10. GUV-Trojaner komplett entfernen
    Log-Analyse und Auswertung - 15.08.2012 (37)
  11. GVU Trojaner 2.07 komplett entfernen? Win 7 64bit
    Log-Analyse und Auswertung - 17.07.2012 (20)
  12. BKA Virus komplett entfernen
    Log-Analyse und Auswertung - 23.07.2011 (13)
  13. Malware doctor komplett entfernen ?
    Plagegeister aller Art und deren Bekämpfung - 21.04.2011 (1)
  14. System tool komplett entfernen.
    Log-Analyse und Auswertung - 26.02.2011 (5)
  15. Wie kann ich Malware komplett entfernen?
    Plagegeister aller Art und deren Bekämpfung - 07.05.2010 (6)
  16. My Web Search komplett entfernen
    Plagegeister aller Art und deren Bekämpfung - 25.10.2008 (0)
  17. AntiVir Autostart komplett entfernen
    Antiviren-, Firewall- und andere Schutzprogramme - 26.11.2007 (10)

Zum Thema GVU Trojaner komplett entfernen? - Hallo! Mein Betriebssystem ist: Windows 7 Home Premium Service Pack 1 (64 bits). Ich habe mir gestern scheinbar den GVU Trojaner eingefangen, da es momentan Probleme mit dem Support von - GVU Trojaner komplett entfernen?...
Archiv
Du betrachtest: GVU Trojaner komplett entfernen? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.