Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: GVU-Trojaner eingefangen

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 07.08.2013, 12:42   #1
fck-fan
 
GVU-Trojaner eingefangen - Standard

GVU-Trojaner eingefangen



Hallo,

ich habe diesen GVU Trojaner, angeblich vom BKA mit Angela Merkel-Foto oben und der Aufforderung 100 € per paysafecard zu überweisen. Es ist mit einem Countdown, der immer 48 Stunden beträgt bei Neustart.

Ich habe mehrer Benutzerkonten zum Anmelden auf meinem Win 7 PC (32 Bit). Beim Anmelden der anderen Konten kommt dieses Fenster mit der Zahlungsaufforderung nicht, nur der eine Benutzer hat keine Möglichkeit, das Fenster wegzuklicken, wenn er sich angemeldet hat in Win und auf den Desktop kommen will. Man kann von dort nur den Benutzer wechseln über Task-Manager oder ausschalten. Bei Neustart und Anmelden dieses Benutzers ist das Fenster mit der Zahlungsaufforderung wieder da und lässt sich wie gesagt nicht löschen.

Habe schon gesehen, dass vielen geholfen wurde bei dem selben Problem.

Ich habe deshalb das Programm OTL von Oldtimer durchlaufen lassen als anderer Benutzer (auf Desktop abgespeichert) und dort "Scanne alle Benutzer" angeklickt.

Er ist soeben durch mit dem Scan. Soll ich schon mal das Ergebnis der Txt-Datei von OTL hier posten?

Ich bin wirklich dankbar, dass einem hier geholfen werden kann. Bin froh, dass es Menschen gibt, die sich für sowas engagieren und anderen wie mir helfen, die sich nicht ausskennen.

Alt 07.08.2013, 12:45   #2
markusg
/// Malware-holic
 
GVU-Trojaner eingefangen - Standard

GVU-Trojaner eingefangen



Hi,
zeige mal die OTL Berichte
__________________

__________________

Alt 07.08.2013, 13:36   #3
fck-fan
 
GVU-Trojaner eingefangen - Standard

GVU-Trojaner eingefangen



Danke für die schnelle Antwort. Diesen Text (Extras.txt) hat OTL automatisch erstellt, nachdem der Quick Scan fertig war:

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 07.08.2013 12:36:13 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Rudolf\Desktop
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16635)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,74 Gb Available Physical Memory | 57,92% Memory free
5,99 Gb Paging File | 4,23 Gb Available in Paging File | 70,59% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 445,75 Gb Total Space | 202,10 Gb Free Space | 45,34% Space Free | Partition Type: NTFS
Drive D: | 19,99 Gb Total Space | 11,41 Gb Free Space | 57,05% Space Free | Partition Type: FAT32
Drive J: | 3,84 Gb Total Space | 3,84 Gb Free Space | 100,00% Space Free | Partition Type: FAT32
 
Computer Name: RUDOLF-PC | User Name: Rudolf | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.08.07 12:29:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Rudolf\Desktop\OTL.exe
PRC - [2013.08.01 21:15:33 | 000,377,184 | ---- | M] (BullGuard Ltd.) -- C:\Programme\BullGuard Ltd\BullGuard\BullGuardBhvScanner.exe
PRC - [2013.07.25 23:30:47 | 000,212,832 | ---- | M] (BullGuard Ltd.) -- C:\Programme\BullGuard Ltd\BullGuard\BullGuardScanner.exe
PRC - [2013.07.25 23:30:17 | 000,852,832 | ---- | M] (BullGuard Ltd.) -- C:\Programme\BullGuard Ltd\BullGuard\BullGuard.exe
PRC - [2013.07.25 09:43:49 | 000,288,096 | ---- | M] (BullGuard Ltd.) -- C:\Programme\BullGuard Ltd\BullGuard\BullGuardUpdate.exe
PRC - [2013.06.21 11:52:52 | 000,875,296 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\nvxdsync.exe
PRC - [2013.06.21 11:52:51 | 001,821,984 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\nvtray.exe
PRC - [2013.06.21 05:15:56 | 000,413,472 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2013.06.12 02:23:57 | 000,770,648 | ---- | M] (Microsoft Corporation) -- C:\Programme\Internet Explorer\iexplore.exe
PRC - [2013.05.16 16:44:05 | 001,012,000 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
PRC - [2013.05.16 16:38:39 | 001,826,592 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2013.05.10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013.02.27 07:05:53 | 000,101,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\consent.exe
PRC - [2012.11.23 04:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012.08.28 07:41:08 | 000,092,632 | ---- | M] (TomTom) -- C:\Programme\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2012.08.28 07:41:06 | 000,247,768 | ---- | M] (TomTom) -- C:\Programme\TomTom HOME 2\TomTomHOMERunner.exe
PRC - [2012.03.06 14:49:38 | 000,225,280 | ---- | M] (Teldat GmbH) -- C:\Programme\Teldat WIN-Tools\Eumex 402 WIN-Tools V1.00\ControlCenter.exe
PRC - [2012.02.21 08:01:02 | 000,142,432 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Programme\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE
PRC - [2011.10.14 14:27:46 | 000,304,696 | ---- | M] (Hewlett-Packard Company) -- C:\Programme\HP\StatusAlerts\bin\HPStatusAlerts.exe
PRC - [2011.08.04 01:12:46 | 000,164,352 | ---- | M] (HP) -- C:\Programme\HP\HPLaserJetService\HPLaserJetService.exe
PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.12.03 18:21:16 | 000,807,760 | ---- | M] (LULU Software) -- C:\Programme\Soda PDF\ConversionService.exe
PRC - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2010.11.20 14:17:41 | 001,174,016 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
PRC - [2010.10.12 13:56:40 | 000,979,328 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Programme\EPSON Software\Event Manager\EEventManager.exe
PRC - [2009.08.27 18:09:10 | 001,253,376 | ---- | M] (MAGIX AG) -- C:\Programme\Common Files\MAGIX Services\Database\bin\FABS.exe
PRC - [2009.07.14 03:14:46 | 000,115,200 | ---- | M] () -- \\?\C:\Windows\System32\wbem\WMIADAP.EXE
PRC - [2009.05.14 17:07:14 | 000,759,048 | ---- | M] (ABBYY) -- C:\Programme\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
PRC - [2008.10.24 17:35:44 | 000,128,296 | ---- | M] () -- C:\Programme\AAVUpdateManager\aavus.exe
PRC - [2008.02.28 18:07:58 | 001,828,136 | ---- | M] (Nero AG) -- C:\Programme\Common Files\Nero\Lib\NMIndexStoreSvr.exe
PRC - [2007.12.17 06:00:00 | 000,143,872 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE
PRC - [2007.10.03 15:45:02 | 000,358,936 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007.10.03 15:44:58 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2007.05.11 03:09:48 | 001,050,120 | ---- | M] (O&O Software GmbH) -- C:\Windows\System32\oodag.exe
PRC - [2007.05.11 03:08:54 | 002,512,392 | ---- | M] (O&O Software GmbH) -- C:\Windows\System32\oodtray.exe
PRC - [2007.04.25 22:05:34 | 000,311,296 | ---- | M] (shbox.de) -- C:\Programme\FreePDF_XP\fpassist.exe
PRC - [2007.03.26 13:06:24 | 000,292,864 | ---- | M] (Nokia.) -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe
PRC - [2007.03.23 13:20:52 | 000,227,328 | ---- | M] (Nokia) -- C:\Programme\Nokia\Nokia PC Suite 6\LaunchApplication.exe
PRC - [2007.01.11 06:02:00 | 000,113,664 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE
PRC - [2006.12.19 18:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Programme\Common Files\EPSON\EBAPI\eEBSvc.exe
PRC - [2001.11.12 13:31:48 | 000,020,480 | ---- | M] (X10) -- C:\Programme\Common Files\X10\Common\X10nets.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.07.10 21:43:02 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\f752f8cf702b7c7eff6c659b2e0c760a\System.ServiceProcess.ni.dll
MOD - [2013.07.10 21:42:45 | 011,914,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\c57eba08ab60f48e7d57228849d92a34\System.Web.ni.dll
MOD - [2013.07.10 21:42:31 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\89fe719039385377f6b5ad8d0070aa6b\System.Runtime.Remoting.ni.dll
MOD - [2013.07.10 21:41:47 | 000,310,784 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\a300d50e46379ad6eca7f58e63f4ed70\System.Runtime.Serialization.Formatters.Soap.ni.dll
MOD - [2013.07.10 21:41:46 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\178644ab40108f3becd8b91049a254c3\System.Windows.Forms.ni.dll
MOD - [2013.07.10 21:41:38 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\bfa7a95284aec941f4b03bae0debe07c\System.Drawing.ni.dll
MOD - [2013.07.10 21:41:37 | 001,806,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\11509d217344ee991a9bd930da0d0318\System.Deployment.ni.dll
MOD - [2013.07.10 21:41:15 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\32066405eb9ab14056b2af3115d2a6de\System.Xml.ni.dll
MOD - [2013.07.10 21:41:10 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\9e24b9ffd816c0c90efc4d3fc9fd745f\System.Configuration.ni.dll
MOD - [2013.07.10 21:41:09 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\187c13e8967097d2ed1e5f123e7d890a\System.ni.dll
MOD - [2013.07.10 21:40:53 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll
MOD - [2013.06.06 20:28:52 | 000,482,656 | ---- | M] () -- C:\Programme\BullGuard Ltd\BullGuard\SQLite.dll
MOD - [2013.04.25 21:10:01 | 000,557,408 | ---- | M] () -- C:\Programme\BullGuard Ltd\BullGuard\LibXml2.dll
MOD - [2013.04.25 21:10:01 | 000,077,952 | ---- | M] () -- C:\Programme\BullGuard Ltd\BullGuard\res\de\BpBackupRes.dll
MOD - [2013.03.04 20:15:03 | 000,015,488 | ---- | M] () -- C:\Programme\BullGuard Ltd\BullGuard\res\de\BpInspectorRes.dll
MOD - [2013.03.04 20:14:54 | 000,030,848 | ---- | M] () -- C:\Programme\BullGuard Ltd\BullGuard\res\de\BpMainRes.dll
MOD - [2013.03.04 20:14:44 | 000,073,568 | ---- | M] () -- C:\Programme\BullGuard Ltd\BullGuard\zlib1.dll
MOD - [2011.10.14 14:25:02 | 000,111,160 | ---- | M] () -- C:\Programme\HP\StatusAlerts\bin\NativeUtils.dll
MOD - [2011.08.28 23:19:12 | 000,093,696 | ---- | M] () -- C:\Programme\FileZilla FTP Client\fzshellext.dll
MOD - [2009.10.28 21:24:04 | 000,200,192 | ---- | M] () -- C:\Programme\7-PDF\7-PDF Maker\7p.dll
MOD - [2009.07.14 10:47:16 | 000,397,312 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Deployment.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.Deployment.resources.dll
MOD - [2009.07.14 10:47:11 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2013.08.01 21:15:33 | 000,377,184 | ---- | M] (BullGuard Ltd.) [Auto | Running] -- C:\Programme\BullGuard Ltd\BullGuard\BullGuardBhvScanner.exe -- (BsBhvScan)
SRV - [2013.07.25 23:30:52 | 000,478,048 | ---- | M] (BullGuard Ltd.) [Auto | Running] -- c:\Programme\BullGuard Ltd\BullGuard\BsFire.dll -- (BsFire)
SRV - [2013.07.25 23:30:47 | 000,212,832 | ---- | M] (BullGuard Ltd.) [Auto | Running] -- C:\Programme\BullGuard Ltd\BullGuard\BullGuardScanner.exe -- (BsScanner)
SRV - [2013.07.25 23:30:18 | 000,307,552 | ---- | M] (BullGuard Ltd.) [Auto | Running] -- c:\Programme\BullGuard Ltd\BullGuard\BsFileScan.dll -- (BsFileScan)
SRV - [2013.07.25 23:30:14 | 000,261,472 | ---- | M] (BullGuard Ltd.) [Auto | Running] -- C:\Programme\BullGuard Ltd\BullGuard\BsMain.dll -- (BsMain)
SRV - [2013.07.25 23:30:12 | 000,560,992 | ---- | M] (BullGuard Ltd.) [Auto | Running] -- C:\Programme\BullGuard Ltd\BullGuard\BsBackup.dll -- (BsBackup)
SRV - [2013.07.25 23:30:11 | 000,495,456 | ---- | M] (BullGuard Ltd.) [Auto | Running] -- c:\Programme\BullGuard Ltd\BullGuard\BsMailProxy\BsMailProxy.dll -- (BsMailProxy)
SRV - [2013.07.25 09:43:49 | 000,288,096 | ---- | M] (BullGuard Ltd.) [Auto | Running] -- C:\Programme\BullGuard Ltd\BullGuard\BullGuardUpdate.exe -- (BsUpdate)
SRV - [2013.06.21 05:15:56 | 000,413,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2013.06.12 00:15:08 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.05.27 06:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013.05.16 16:38:39 | 001,826,592 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013.05.10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.08.28 07:41:08 | 000,092,632 | ---- | M] (TomTom) [Auto | Running] -- C:\Programme\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.02.21 08:01:02 | 000,142,432 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Programme\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE -- (EPSON_PM_RPCV4_04)
SRV - [2011.10.17 16:51:54 | 000,013,824 | ---- | M] (Hewlett-Packard Company) [On_Demand | Stopped] -- C:\Programme\HP\HPBDSService\HPBDSService.exe -- (HP DS Service)
SRV - [2011.08.04 01:12:46 | 000,164,352 | ---- | M] (HP) [Auto | Running] -- C:\Programme\HP\HPLaserJetService\HPLaserJetService.exe -- (HP LaserJet Service)
SRV - [2011.07.20 06:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2010.12.03 18:21:16 | 000,807,760 | ---- | M] (LULU Software) [Auto | Running] -- C:\Programme\Soda PDF\ConversionService.exe -- (Soda PDF Service)
SRV - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2010.03.30 17:15:52 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010.01.09 22:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2010.01.09 22:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
SRV - [2009.08.27 18:09:10 | 001,253,376 | ---- | M] (MAGIX AG) [Auto | Running] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.13 14:51:46 | 000,160,768 | ---- | M] (soft Xpansion) [On_Demand | Stopped] -- C:\Program Files\Common Files\soft Xpansion\SXDS10.exe -- (SXDS10)
SRV - [2009.05.14 17:07:14 | 000,759,048 | ---- | M] (ABBYY) [Auto | Running] -- C:\Programme\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.Sprint.9.0)
SRV - [2009.02.26 19:36:22 | 000,064,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2008.10.24 17:35:44 | 000,128,296 | ---- | M] () [Auto | Running] -- C:\Programme\AAVUpdateManager\aavus.exe -- (AAV UpdateService)
SRV - [2008.08.07 12:10:02 | 003,276,800 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Programme\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
SRV - [2008.07.22 00:21:04 | 000,069,120 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Programme\Google\Google Desktop Search\GoogleDesktopManager.exe -- (GoogleDesktopManager)
SRV - [2007.12.17 06:00:00 | 000,143,872 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE -- (EPSON_EB_RPCV4_01)
SRV - [2007.10.03 15:45:02 | 000,358,936 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2007.05.11 03:09:48 | 001,050,120 | ---- | M] (O&O Software GmbH) [Auto | Running] -- C:\Windows\System32\oodag.exe -- (O&O Defrag)
SRV - [2007.03.26 13:06:24 | 000,292,864 | ---- | M] (Nokia.) [On_Demand | Running] -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2007.01.11 06:02:00 | 000,113,664 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE -- (EPSON_PM_RPCV4_01)
SRV - [2006.12.19 18:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Programme\Common Files\EPSON\EBAPI\eEBSvc.exe -- (EpsonBidirectionalService)
SRV - [2001.11.12 13:31:48 | 000,020,480 | ---- | M] (X10) [Auto | Running] -- C:\Programme\Common Files\X10\Common\X10nets.exe -- (x10nets)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\dsltestSp5.sys -- (dsltestSp5)
DRV - [2013.06.21 14:02:43 | 009,069,344 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2013.03.21 22:12:51 | 000,064,624 | ---- | M] (BullGuard Ltd.) [File_System | System | Running] -- C:\Windows\System32\drivers\BdSpy.sys -- (BdSpy)
DRV - [2013.03.04 20:14:52 | 000,033,888 | R--- | M] (Agnitum Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\afw.sys -- (AFW)
DRV - [2013.03.04 20:14:52 | 000,027,760 | ---- | M] (BullGuard Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BdNet.sys -- (BdNet)
DRV - [2013.03.04 20:14:40 | 000,343,456 | ---- | M] (BitDefender S.R.L.) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\Trufos.sys -- (Trufos)
DRV - [2013.03.04 20:14:31 | 000,337,504 | R--- | M] (Agnitum Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afwcore.sys -- (afwcore)
DRV - [2012.08.23 16:44:32 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2012.08.23 16:40:25 | 000,049,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2011.11.18 10:58:18 | 000,216,136 | ---- | M] (NovaShield, Inc.) [File_System | System | Running] -- C:\Windows\System32\drivers\NSKernel.sys -- (NovaShieldFilterDriver)
DRV - [2011.11.18 10:58:18 | 000,020,040 | ---- | M] (NovaShield, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\NSNetmon.sys -- (NovaShieldTDIDriver)
DRV - [2011.11.17 11:38:32 | 000,039,016 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tbhsd.sys -- (tbhsd)
DRV - [2011.11.17 11:38:28 | 000,031,848 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rrnetcap.sys -- (RRNetCapMP)
DRV - [2011.11.17 11:38:28 | 000,031,848 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rrnetcap.sys -- (RRNetCap)
DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.09.17 05:10:36 | 000,596,992 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTL8192su.sys -- (RTL8192su)
DRV - [2010.01.27 04:09:02 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\npf.sys -- (npf)
DRV - [2010.01.05 03:20:10 | 001,500,160 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athur.sys -- (athur)
DRV - [2009.07.14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009.07.14 00:54:15 | 001,311,232 | ---- | M] (NXP Semiconductors) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Ph3xIB32.sys -- (Ph3xIB32)
DRV - [2009.07.14 00:02:53 | 000,657,408 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netr28u.sys -- (netr28u)
DRV - [2009.07.14 00:02:50 | 000,211,456 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express)
DRV - [2009.06.17 19:14:10 | 000,033,408 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\CDRBSDRV.SYS -- (cdrbsdrv)
DRV - [2008.11.19 17:09:10 | 000,024,832 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2008.11.19 17:09:08 | 000,019,968 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2008.11.19 17:09:08 | 000,013,056 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2007.08.01 15:49:00 | 000,016,448 | ---- | M] (T-Systems Enterprise Services GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\dslmnlwf.sys -- (DslMNLwf)
DRV - [2006.11.30 15:18:18 | 000,027,416 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10ufx2.sys -- (XUIF)
DRV - [2005.12.01 10:49:22 | 000,023,600 | ---- | M] (Licensed for Gebhard Software) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\drhard.sys -- (drhard)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKLM\..\SearchScopes,DefaultScope = {BE28C22E-F666-424d-B5FD-125C4AFEE34E}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA
IE - HKLM\..\SearchScopes\{BE28C22E-F666-424d-B5FD-125C4AFEE34E}: "URL" = hxxp://search.myheritage.com?q={searchTerms}
 
 
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\.DEFAULT\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-18\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://startpage24.com
 
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://startpage24.com
 
IE - HKU\S-1-5-21-2060138361-726176767-895876555-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/
IE - HKU\S-1-5-21-2060138361-726176767-895876555-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-2060138361-726176767-895876555-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-2060138361-726176767-895876555-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKU\S-1-5-21-2060138361-726176767-895876555-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://igoogle.de/
IE - HKU\S-1-5-21-2060138361-726176767-895876555-1003\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2060138361-726176767-895876555-1003\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-2060138361-726176767-895876555-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-2060138361-726176767-895876555-1003\..\SearchScopes,DefaultScope = {F7CEDB0B-AA0E-4569-A922-5DB52C4029C9}
IE - HKU\S-1-5-21-2060138361-726176767-895876555-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKU\S-1-5-21-2060138361-726176767-895876555-1003\..\SearchScopes\{1890EA42-2E82-4D0F-AB8A-BB6D02569C18}: "URL" = hxxp://de.wikipedia.org/wiki/Spezial:Search?search={searchTerms}
IE - HKU\S-1-5-21-2060138361-726176767-895876555-1003\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA
IE - HKU\S-1-5-21-2060138361-726176767-895876555-1003\..\SearchScopes\{A2DC3FEF-AB4D-442c-8517-34EC6E125C8D}: "URL" = hxxp://search.webwebweb.com/index.html?query={searchTerms}&lang={language}&zip=&town=&site=&country=&safe=[safe,off,strict]
IE - HKU\S-1-5-21-2060138361-726176767-895876555-1003\..\SearchScopes\{BE28C22E-F666-424d-B5FD-125C4AFEE34E}: "URL" = hxxp://search.myheritage.com?q={searchTerms}
IE - HKU\S-1-5-21-2060138361-726176767-895876555-1003\..\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}: "URL" = hxxp://dl.ask.com/toolbarv/askRedirect.jsp?gct=&gc=1&q={searchTerms}&crm=1&toolbar=GLS
IE - HKU\S-1-5-21-2060138361-726176767-895876555-1003\..\SearchScopes\{F7CEDB0B-AA0E-4569-A922-5DB52C4029C9}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKU\S-1-5-21-2060138361-726176767-895876555-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-2060138361-726176767-895876555-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/
IE - HKU\S-1-5-21-2060138361-726176767-895876555-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.web.de/
IE - HKU\S-1-5-21-2060138361-726176767-895876555-1006\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2060138361-726176767-895876555-1006\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKU\S-1-5-21-2060138361-726176767-895876555-1006\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKU\S-1-5-21-2060138361-726176767-895876555-1006\..\SearchScopes\{1890EA42-2E82-4D0F-AB8A-BB6D02569C18}: "URL" = hxxp://de.wikipedia.org/wiki/Spezial:Search?search={searchTerms}
IE - HKU\S-1-5-21-2060138361-726176767-895876555-1006\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA
IE - HKU\S-1-5-21-2060138361-726176767-895876555-1006\..\SearchScopes\{A2DC3FEF-AB4D-442c-8517-34EC6E125C8D}: "URL" = hxxp://search.webwebweb.com/search.php?query={searchTerms}&lang={language}&zip=&town=&site=&country=&safe=[safe,off,strict]
IE - HKU\S-1-5-21-2060138361-726176767-895876555-1006\..\SearchScopes\{BE28C22E-F666-424d-B5FD-125C4AFEE34E}: "URL" = hxxp://search.myheritage.com?q={searchTerms}
IE - HKU\S-1-5-21-2060138361-726176767-895876555-1006\..\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}: "URL" = hxxp://dl.ask.com/toolbarv/askRedirect.jsp?gct=&gc=1&q={searchTerms}&crm=1&toolbar=GLS
IE - HKU\S-1-5-21-2060138361-726176767-895876555-1006\..\SearchScopes\{F7CEDB0B-AA0E-4569-A922-5DB52C4029C9}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKU\S-1-5-21-2060138361-726176767-895876555-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-2060138361-726176767-895876555-1009\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/
IE - HKU\S-1-5-21-2060138361-726176767-895876555-1009\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://startpage24.com
IE - HKU\S-1-5-21-2060138361-726176767-895876555-1009\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2060138361-726176767-895876555-1009\..\SearchScopes,DefaultScope = {F7CEDB0B-AA0E-4569-A922-5DB52C4029C9}
IE - HKU\S-1-5-21-2060138361-726176767-895876555-1009\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2060138361-726176767-895876555-1009\..\SearchScopes\{1890EA42-2E82-4D0F-AB8A-BB6D02569C18}: "URL" = hxxp://de.wikipedia.org/wiki/Spezial:Search?search={searchTerms}
IE - HKU\S-1-5-21-2060138361-726176767-895876555-1009\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA
IE - HKU\S-1-5-21-2060138361-726176767-895876555-1009\..\SearchScopes\{A2DC3FEF-AB4D-442c-8517-34EC6E125C8D}: "URL" = hxxp://search.webwebweb.com/search.php?query={searchTerms}&lang={language}&zip=&town=&site=&country=&safe=[safe,off,strict]
IE - HKU\S-1-5-21-2060138361-726176767-895876555-1009\..\SearchScopes\{BE28C22E-F666-424d-B5FD-125C4AFEE34E}: "URL" = hxxp://search.myheritage.com?q={searchTerms}
IE - HKU\S-1-5-21-2060138361-726176767-895876555-1009\..\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}: "URL" = hxxp://dl.ask.com/toolbarv/askRedirect.jsp?gct=&gc=1&q={searchTerms}&crm=1&toolbar=GLS
IE - HKU\S-1-5-21-2060138361-726176767-895876555-1009\..\SearchScopes\{F7CEDB0B-AA0E-4569-A922-5DB52C4029C9}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKU\S-1-5-21-2060138361-726176767-895876555-1009\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Ask"
FF - prefs.js..browser.search.order.1: "Ask"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/ig"
FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}:6.0.33
FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}:6.0.35
FF - prefs.js..extensions.enabledAddons: {3e9bb2a7-62ca-4efa-a4e6-f6f6168a652d}:2.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "hxxp://search.webwebweb.com/search.php?query="
FF - prefs.js..network.proxy.autoconfig_url: "file:///C:/Users/Rudolf/AppData/Local/RapidSolution/Videoraptor/WebRip/profile/rrproxy_ffox_4dceabbd.pac"
FF - prefs.js..network.proxy.gopher: ""
FF - prefs.js..network.proxy.gopher_port: 0
FF - prefs.js..network.proxy.no_proxies_on: ""
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Windows\system32\C2MP\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Musicnotes.com/Musicnotes Viewer,version=1.17.3: d:\Musicnotes\npmusicn.dll (Musicnotes, Inc.)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@Sibelius.com/Scorch Plugin,version=5.2.5.48: d:\Musicnotes\npsibelius.dll ()
FF - HKLM\Software\MozillaPlugins\@startpage24.com/npLin64;Version=4: C:\Program Files\Startpage24\Plugin\Version_720\firefox\plugins\nplink64.dll (Link64 GmbH)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\videoraptor-firefox-surf-and-catch-extension@audials.com: C:\Program Files\RapidSolution\RS Audials One\VideoRaptor\plugins\GeckoBased\videoraptor-firefox-surf-and-catch-extension@audials.com\ [2010.02.28 00:02:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\FFSodaPDFConverter@sodapdf.com: C:\Program Files\Soda PDF\FFSodaExt [2011.04.11 21:49:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ffext@startpage24: C:\Program Files\Startpage24\Plugin\Version_720\firefox [2011.08.18 21:42:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\antiphishing@bullguard: C:\Program Files\BullGuard Ltd\BullGuard\Antiphishing\FF\antiphishing@bullguard\ [2013.06.07 11:18:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.04.22 16:47:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.05.17 23:25:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0b6\extensions\\Components: C:\Program Files\Mozilla Firefox 4.0 Beta 6\components [2010.11.19 23:12:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0b6\extensions\\Plugins: C:\Program Files\Mozilla Firefox 4.0 Beta 6\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Thunderbird\Extensions\\{380AE6CB-09B9-4373-B360-D01C2462A6E7}: C:\Program Files\BullGuard Ltd\BullGuard\backup\thunderbirdbkplugin [2013.06.07 11:18:56 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Thunderbird\Extensions\\{0E810812-F4BB-4309-942A-755587587A5E}: C:\Program Files\BullGuard Ltd\BullGuard\Spamfilter\TbSpamfilter [2013.06.07 11:18:56 | 000,000,000 | ---D | M]
 
[2010.02.28 00:17:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rudolf\AppData\Roaming\mozilla\Extensions
[2009.12.28 20:58:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rudolf\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2012.04.02 11:06:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rudolf\AppData\Roaming\mozilla\Firefox\Profiles\12e5ej20.tarnfox\extensions
[2012.04.02 11:06:18 | 000,000,000 | ---D | M] (Click&Clean) -- C:\Users\Rudolf\AppData\Roaming\mozilla\Firefox\Profiles\12e5ej20.tarnfox\extensions\clickclean@hotcleaner.com
[2013.06.02 20:33:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rudolf\AppData\Roaming\mozilla\Firefox\Profiles\lqe58dlo.default\extensions
[2010.06.27 13:58:22 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Rudolf\AppData\Roaming\mozilla\Firefox\Profiles\lqe58dlo.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012.03.30 13:05:12 | 000,035,695 | ---- | M] () (No name found) -- C:\Users\Rudolf\AppData\Roaming\mozilla\firefox\profiles\12e5ej20.tarnfox\extensions\facebook@disconnect.me.xpi
[2012.04.02 11:04:40 | 000,255,045 | ---- | M] () (No name found) -- C:\Users\Rudolf\AppData\Roaming\mozilla\firefox\profiles\12e5ej20.tarnfox\extensions\jid1-F9UJ2thwoAm5gQ@jetpack.xpi
[2012.03.30 13:05:12 | 000,008,503 | ---- | M] () (No name found) -- C:\Users\Rudolf\AppData\Roaming\mozilla\firefox\profiles\12e5ej20.tarnfox\extensions\longurlplease@darragh.curran.xpi
[2012.03.30 13:05:12 | 000,048,898 | ---- | M] () (No name found) -- C:\Users\Rudolf\AppData\Roaming\mozilla\firefox\profiles\12e5ej20.tarnfox\extensions\stealthyextension@gmail.com.xpi
[2012.03.30 13:05:12 | 000,049,540 | ---- | M] () (No name found) -- C:\Users\Rudolf\AppData\Roaming\mozilla\firefox\profiles\12e5ej20.tarnfox\extensions\trackerblock@privacychoice.org.xpi
[2012.03.30 13:05:12 | 000,521,058 | ---- | M] () (No name found) -- C:\Users\Rudolf\AppData\Roaming\mozilla\firefox\profiles\12e5ej20.tarnfox\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2012.03.30 13:05:12 | 000,634,964 | ---- | M] () (No name found) -- C:\Users\Rudolf\AppData\Roaming\mozilla\firefox\profiles\12e5ej20.tarnfox\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.04.02 20:27:11 | 000,049,690 | ---- | M] () (No name found) -- C:\Users\Rudolf\AppData\Roaming\mozilla\firefox\profiles\lqe58dlo.default\extensions\{3e9bb2a7-62ca-4efa-a4e6-f6f6168a652d}.xpi
[2009.04.11 22:16:39 | 000,000,681 | ---- | M] () -- C:\Users\Rudolf\AppData\Roaming\mozilla\firefox\profiles\lqe58dlo.default\searchplugins\ask.xml
[2012.04.21 15:48:25 | 000,005,249 | ---- | M] () -- C:\Users\Rudolf\AppData\Roaming\mozilla\firefox\profiles\lqe58dlo.default\searchplugins\Startpage24.xml
[2013.02.27 20:03:58 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.06.19 13:02:34 | 000,000,000 | ---D | M] (Skype extension) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.06.28 20:57:26 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012.09.24 21:19:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2012.06.28 20:57:26 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012.09.24 21:19:07 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2012.04.02 12:13:46 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010.06.26 21:43:33 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
[2012.04.02 12:13:48 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.04.02 12:13:48 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.04.02 12:13:48 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.04.02 12:13:48 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.04.02 12:13:48 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.04.02 12:13:48 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: hxxp://dsl-start.computerbild.de/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\28.0.1500.95\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\28.0.1500.95\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\28.0.1500.95\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_233.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\Rudolf\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.3.0.7550_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: NPCIG.dll (Enabled) = C:\Program Files\Canon\MyCamera Download Plugin\NPCIG.dll
CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Startpage24 Startpage (Enabled) = C:\Program Files\Startpage24\Plugin\Version_720\firefox\plugins\nplink64.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Windows\system32\C2MP\npdivx32.dll
CHR - plugin: Windows Activation Technologies (Enabled) = C:\Windows\system32\Wat\npWatWeb.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Musicnotes (Enabled) = d:\Musicnotes\npmusicn.dll
CHR - plugin: ScorchPlugin (Enabled) = d:\Musicnotes\npsibelius.dll
CHR - Extension: YouTube = C:\Users\Rudolf\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google-Suche = C:\Users\Rudolf\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Send to Kindle (by Klip.me) = C:\Users\Rudolf\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipkfnchcgalnafehpglfbommidgmalan\3.2.5_0\
CHR - Extension: Skype Extension = C:\Users\Rudolf\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.3.0.7550_0\
CHR - Extension: Outlook.com = C:\Users\Rudolf\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfpeapihoiogbcmdmnibeplnikfnhoge\1.0.2_0\
CHR - Extension: Google Mail = C:\Users\Rudolf\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Programme\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (Videoraptor_WebRipPlugin Class) - {3C0372C2-04C3-4100-BAB1-1D42C552BC48} - C:\Programme\RapidSolution\RS Audials One\VideoRaptor\plugins\IE\VR_WebRipIePlugin.dll (RapidSolution Software)
O2 - BHO: (IECatcher Class) - {569E7719-1A11-415E-9206-AC1860FB8BFF} - C:\Programme\LOADSTREET\InstantGet\IEBar\IGCatcher.dll (Kylinsoft, Inc.)
O2 - BHO: (Soda PDF Helper) - {5CFCAFF6-5BB0-4864-B626-021C99ED82E5} - C:\Programme\Soda PDF\PDFIEHelper.dll (LULU Software)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\EPSON Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (no name) - {BBD43808-9D13-4B0B-B023-178FD1FAE442} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Programme\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\EPSON Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (Soda PDF Toolbar) - {980EB9EC-6EB5-4258-BDDB-EFE25C5F99EF} - C:\Programme\Soda PDF\PDFIEPlugin.dll (LULU Software)
O3 - HKLM\..\Toolbar: (InstantGet Bar) - {98C92840-EB1C-40bd-B6A5-395EC9CD6510} - C:\Programme\LOADSTREET\InstantGet\IEBar\IGIEBar.dll ()
O3 - HKLM\..\Toolbar: (Perfect PDF 5) - {9DE41FB9-ACA7-4847-982B-D984042588FC} - C:\Programme\soft Xpansion\Perfect PDF 5\PDF4ie.dll (soft Xpansion)
O3 - HKU\S-1-5-21-2060138361-726176767-895876555-1003\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Programme\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKU\S-1-5-21-2060138361-726176767-895876555-1006\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Programme\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKU\S-1-5-21-2060138361-726176767-895876555-1009\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Programme\AskBarDis\bar\bin\askBar.dll (Ask.com)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [BullGuard] C:\Program Files\BullGuard Ltd\BullGuard\BullGuard.exe (BullGuard Ltd.)
O4 - HKLM..\Run: [BullGuardUpdate2] c:\Programme\BullGuard Ltd\BullGuard\BullGuardUpdate2.exe (BullGuard Ltd.)
O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [Nikon Message Center 2] C:\Program Files\Nikon\Nikon Message Center 2\NkMC2.exe (Nikon Corporation)
O4 - HKLM..\Run: [Nvtmru] C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [OODefragTray] C:\Windows\System32\oodtray.exe (O&O Software GmbH)
O4 - HKLM..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe (Nokia)
O4 - HKLM..\Run: [StatusAlerts] C:\Program Files\HP\StatusAlerts\bin\HPStatusAlerts.exe (Hewlett-Packard Company)
O4 - HKU\S-1-5-21-2060138361-726176767-895876555-1003..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
O4 - HKU\S-1-5-21-2060138361-726176767-895876555-1006..\Run: [EPSON Stylus SX200 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIEFE.EXE (SEIKO EPSON CORPORATION)
O4 - HKU\S-1-5-21-2060138361-726176767-895876555-1006..\Run: [EPSON Stylus SX200 Series (Kopie 1)] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIEFE.EXE (SEIKO EPSON CORPORATION)
O4 - HKU\S-1-5-21-2060138361-726176767-895876555-1006..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
O4 - HKU\S-1-5-21-2060138361-726176767-895876555-1006..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - HKU\S-1-5-21-2060138361-726176767-895876555-1009..\Run: [EPSON Stylus SX200 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIEFE.EXE (SEIKO EPSON CORPORATION)
O4 - HKU\S-1-5-21-2060138361-726176767-895876555-1009..\Run: [EPSON Stylus SX200 Series (Kopie 1)] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIEFE.EXE (SEIKO EPSON CORPORATION)
O4 - HKU\S-1-5-21-2060138361-726176767-895876555-1009..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
O4 - HKU\S-1-5-21-2060138361-726176767-895876555-1009..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2060138361-726176767-895876555-1009..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil10t_Plugin.exe -update plugin File not found
O4 - HKU\S-1-5-21-2060138361-726176767-895876555-1009..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O8 - Extra context menu item: &Alles mit InstantGet runterladen - C:\Program Files\LOADSTREET\InstantGet\IEBar\IGCatcher.dll (Kylinsoft, Inc.)
O8 - Extra context menu item: Acoo Search(&A) - C:\Program Files\LOADSTREET\InstantGet\IEBar\IGIEBar.dll ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Mit InstantGet runterla&den - C:\Program Files\LOADSTREET\InstantGet\IEBar\IGCatcher.dll (Kylinsoft, Inc.)
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre7\bin\jp2iexp.dll ()
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Report to BullGuard - {27FD17FB-CF63-486b-B2BE-8D8781CBEA01} - C:\Programme\BullGuard Ltd\BullGuard\Antiphishing\IE\BgAntiphishingIE.dll (BullGuard Ltd.)
O9 - Extra Button: InstantGet starten - {6DDFE91C-A45C-4812-8F57-098932C9D88D} - C:\Programme\LOADSTREET\InstantGet\InstantGet.exe (Kylinsoft, Inc.)
O9 - Extra 'Tools' menuitem : &InstantGet - {6DDFE91C-A45C-4812-8F57-098932C9D88D} - C:\Programme\LOADSTREET\InstantGet\InstantGet.exe (Kylinsoft, Inc.)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Printee - {E55E1F27-11DA-0001-0002-00AABB000004} - C:\Programme\Irido\Printee for IE\Bin\printee.dll (irido.com)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-2060138361-726176767-895876555-1003\..Trusted Ranges: GD ([http] in Local intranet)
O15 - HKU\S-1-5-21-2060138361-726176767-895876555-1006\..Trusted Ranges: GD ([http] in Local intranet)
O15 - HKU\S-1-5-21-2060138361-726176767-895876555-1009\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 10.17.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{412F6E33-7153-439A-A35A-D292C3C1122E}: DhcpNameServer = 192.168.1.250
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{75CEE66F-318A-4FD5-8328-16CBE11763DB}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AE9AE8FC-3BEB-4468-B818-4D9F93104AA8}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C0C5A969-9B9C-42E5-8C62-8FB3894F04BE}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\printee {E55E1F27-11DA-0001-0002-00AA00000006} - C:\Programme\Irido\Printee for IE\Bin\printee.dll (irido.com)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\startpage24 - No CLSID value found
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (BgGamingMonitor.dll) - C:\Windows\System32\BgGamingMonitor.dll (BullGuard Ltd.)
O20 - AppInit_DLLs: (c:\PROGRA~1\BULLGU~1\BULLGU~1\BgAgent.dll) - c:\Programme\BullGuard Ltd\BullGuard\BgAgent.dll (BullGuard Ltd.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O24 - Desktop WallPaper: C:\Users\Rudolf\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Rudolf\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{90e69d49-c128-11e0-bce8-0021850d4cfe}\Shell - "" = AutoRun
O33 - MountPoints2\{90e69d49-c128-11e0-bce8-0021850d4cfe}\Shell\AutoRun\command - "" = L:\USBAutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (OODBS)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -UserConfig
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files\Google\Chrome\Application\28.0.1500.95\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D} - Microsoft .NET Framework 1.1 Security Update (KB953297)
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.08.07 12:29:53 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Rudolf\Desktop\OTL.exe
[2013.08.06 21:58:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2013.07.28 19:34:20 | 000,000,000 | ---D | C] -- C:\Users\Rudolf\AppData\Local\Abelssoft
[2013.07.28 19:34:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyKeyFinder
[2013.07.28 19:34:14 | 000,000,000 | ---D | C] -- C:\Program Files\MyKeyFinder
[2013.07.28 12:55:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2013.07.25 23:31:37 | 000,113,088 | ---- | C] (BullGuard Ltd.) -- C:\Windows\System32\BgGamingMonitor.dll
[2013.07.25 23:31:35 | 000,060,256 | ---- | C] (BullGuard Ltd.) -- C:\Windows\System32\BGLsp.dll
[2013.07.12 19:50:38 | 000,000,000 | ---D | C] -- C:\Users\Rudolf\AppData\Local\Teldat
[2013.07.12 19:48:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Teldat Eumex 402 WIN-Tools V1.00
[2013.07.12 19:47:47 | 000,000,000 | ---D | C] -- C:\Program Files\Teldat WIN-Tools
[2010.03.14 02:32:08 | 000,877,784 | ---- | C] (MAGIX AG) -- C:\Users\Rudolf\AppData\Roaming\mgxoschk.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.08.07 12:36:22 | 000,728,284 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.08.07 12:36:22 | 000,678,428 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.08.07 12:36:22 | 000,161,236 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.08.07 12:36:22 | 000,131,688 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.08.07 12:32:10 | 000,010,736 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.08.07 12:32:10 | 000,010,736 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.08.07 12:29:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Rudolf\Desktop\OTL.exe
[2013.08.07 12:28:10 | 000,000,494 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Update Version3 Startup Task.job
[2013.08.07 12:28:09 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.08.07 12:26:19 | 000,000,512 | ---- | M] () -- C:\Windows\System32\F39D4DE6-98B8-4E05-91BD-549E8A8248BD
[2013.08.07 12:24:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.08.07 12:24:12 | 2414,481,408 | -HS- | M] () -- C:\hiberfil.sys
[2013.08.07 12:24:10 | 002,260,290 | ---- | M] () -- C:\Windows\System32\oodbs.lor
[2013.08.07 12:15:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.08.07 11:56:01 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.08.06 21:58:11 | 000,002,174 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2013.08.06 18:00:00 | 000,000,470 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Registration3.job
[2013.08.06 18:00:00 | 000,000,446 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Registration3.job
[2013.08.06 13:25:00 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2013.07.28 19:34:15 | 000,001,869 | ---- | M] () -- C:\Users\Public\Desktop\MyKeyFinder.lnk
[2013.07.28 12:55:58 | 000,001,028 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013.07.25 23:31:26 | 000,060,256 | ---- | M] (BullGuard Ltd.) -- C:\Windows\System32\BGLsp.dll
[2013.07.25 23:31:19 | 000,113,088 | ---- | M] (BullGuard Ltd.) -- C:\Windows\System32\BgGamingMonitor.dll
[2013.07.12 19:49:18 | 000,000,046 | ---- | M] () -- C:\Windows\hmview.ini
[2013.07.12 19:48:05 | 000,002,258 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Control Center.lnk
[2013.07.12 19:48:05 | 000,002,217 | ---- | M] () -- C:\Users\Rudolf\Desktop\Konfiguration der Telefonanlage.lnk
[2013.07.10 21:39:21 | 000,510,536 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.08.07 12:26:19 | 000,000,512 | ---- | C] () -- C:\Windows\System32\F39D4DE6-98B8-4E05-91BD-549E8A8248BD
[2013.07.28 19:34:15 | 000,001,869 | ---- | C] () -- C:\Users\Public\Desktop\MyKeyFinder.lnk
[2013.07.28 12:55:58 | 000,001,028 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013.07.12 19:50:36 | 000,002,217 | ---- | C] () -- C:\Users\Rudolf\Desktop\Konfiguration der Telefonanlage.lnk
[2013.07.12 19:48:05 | 000,002,258 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Control Center.lnk
[2013.02.18 22:35:14 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Organs
[2013.02.18 22:35:14 | 000,000,268 | RH-- | C] () -- C:\Users\Rudolf\AppData\Roaming\Nature Sounds
[2013.02.18 22:35:14 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLeo.DAT
[2012.12.28 18:25:39 | 000,000,268 | RH-- | C] () -- C:\Users\Rudolf\AppData\Roaming\MIDI Configurations
[2012.12.28 18:25:39 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Machines
[2012.12.28 18:25:38 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLes.DAT
[2012.12.28 18:25:04 | 000,000,268 | RH-- | C] () -- C:\Users\Rudolf\AppData\Roaming\MIDI Devices
[2012.12.28 18:25:04 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Mail
[2012.12.28 18:25:04 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLev.DAT
[2012.12.28 18:25:03 | 000,000,268 | RH-- | C] () -- C:\ProgramData\MIDI Patch Names
[2012.12.28 18:25:03 | 000,000,268 | RH-- | C] () -- C:\Users\Rudolf\AppData\Roaming\MAS
[2012.12.28 18:25:03 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLet.DAT
[2012.11.16 21:25:13 | 000,000,161 | ---- | C] () -- C:\Windows\Readiris.ini
[2012.11.16 20:01:04 | 000,000,608 | -HS- | C] () -- C:\Windows\System32\winzvprt5.sys
[2012.11.16 20:01:04 | 000,000,230 | ---- | C] () -- C:\Windows\System32\hppfaxprinter5.ini
[2012.08.14 14:20:23 | 000,000,054 | ---- | C] () -- C:\Windows\Player.INI
[2012.01.15 02:34:31 | 000,444,283 | ---- | C] () -- C:\Program Files\Common Files\WinPcapNmap.exe
[2011.12.07 00:41:53 | 000,000,094 | ---- | C] () -- C:\Users\Rudolf\AppData\Local\fusioncache.dat
[2011.11.16 23:17:35 | 000,000,060 | ---- | C] () -- C:\Users\Rudolf\AppData\Roaming\Default.PLS
[2011.11.09 21:14:12 | 000,000,000 | ---- | C] () -- C:\Users\Rudolf\AppData\Local\{ADC9AC13-BE0E-4997-A707-30FC6EC44247}
[2011.10.30 15:02:02 | 000,000,046 | ---- | C] () -- C:\Windows\hmview.ini
[2011.08.12 19:48:20 | 000,164,352 | ---- | C] () -- C:\Windows\System32\UNRAR.DLL
[2011.08.12 19:48:20 | 000,075,264 | ---- | C] () -- C:\Windows\System32\UNACEV2.DLL
[2011.06.23 22:55:31 | 000,000,000 | ---- | C] () -- C:\Users\Rudolf\AppData\Local\{BE254C61-9F73-4BF6-A5CC-35E5CE8E8C6D}
[2010.03.30 21:12:27 | 000,000,186 | ---- | C] () -- C:\Users\Rudolf\AppData\Roaming\wklnhst.dat
[2010.03.14 04:50:30 | 000,115,165 | ---- | C] () -- C:\Users\Rudolf\AppData\Roaming\mdbu.bin
[2010.03.05 22:04:02 | 000,005,632 | ---- | C] () -- C:\Users\Rudolf\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.02.27 01:00:29 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009.10.25 15:21:23 | 000,001,074 | RH-- | C] () -- C:\Users\Rudolf\XrxWm.ini
[2009.10.25 15:21:23 | 000,000,522 | RH-- | C] () -- C:\Users\Rudolf\xw45cpdy.dyc
[2009.09.20 20:28:25 | 000,543,273 | ---- | C] () -- C:\Users\Rudolf\AppData\Roaming\NMM-MetaData.db
[2008.07.28 22:26:26 | 000,000,049 | ---- | C] () -- C:\Users\Rudolf\MU-NDS.INI
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2013.08.06 17:54:03 | 000,000,000 | ---D | M] -- C:\Users\Arne\AppData\Roaming\BullGuard
[2013.02.10 21:51:11 | 000,000,000 | ---D | M] -- C:\Users\Arne\AppData\Roaming\Epson
[2010.02.28 00:15:27 | 000,000,000 | ---D | M] -- C:\Users\Arne\AppData\Roaming\PC Suite
[2011.12.29 23:16:01 | 000,000,000 | ---D | M] -- C:\Users\Berbel.Rudolf-PC\AppData\Roaming\BullGuard
[2011.12.29 23:10:40 | 000,000,000 | ---D | M] -- C:\Users\Berbel.Rudolf-PC\AppData\Roaming\PC Suite
[2013.02.05 22:32:44 | 000,000,000 | ---D | M] -- C:\Users\Berbel.Rudolf-PC\AppData\Roaming\PDF Software
[2013.03.18 15:19:55 | 000,000,000 | ---D | M] -- C:\Users\Helge\AppData\Roaming\7-PDFMaker
[2013.03.07 21:22:25 | 000,000,000 | ---D | M] -- C:\Users\Helge\AppData\Roaming\BullGuard
[2012.07.17 00:49:27 | 000,000,000 | ---D | M] -- C:\Users\Helge\AppData\Roaming\EPSON
[2010.02.28 00:27:31 | 000,000,000 | ---D | M] -- C:\Users\Helge\AppData\Roaming\Nokia
[2010.02.28 00:27:31 | 000,000,000 | ---D | M] -- C:\Users\Helge\AppData\Roaming\PC Suite
[2013.02.05 22:32:44 | 000,000,000 | ---D | M] -- C:\Users\Helge\AppData\Roaming\PDF Software
[2013.06.28 13:26:36 | 000,000,000 | ---D | M] -- C:\Users\Imke\AppData\Roaming\BullGuard
[2013.06.28 13:26:35 | 000,000,000 | ---D | M] -- C:\Users\Imke\AppData\Roaming\Epson
[2011.12.29 23:04:26 | 000,000,000 | ---D | M] -- C:\Users\Imke\AppData\Roaming\PC Suite
[2011.12.08 01:10:18 | 000,000,000 | ---D | M] -- C:\Users\Rudolf\AppData\Roaming\.zaz
[2010.04.26 11:50:57 | 000,000,000 | ---D | M] -- C:\Users\Rudolf\AppData\Roaming\7-PDFMaker
[2010.02.28 00:16:56 | 000,000,000 | ---D | M] -- C:\Users\Rudolf\AppData\Roaming\A-Z Technology
[2013.04.02 20:30:06 | 000,000,000 | ---D | M] -- C:\Users\Rudolf\AppData\Roaming\Baxox
[2010.02.28 00:16:56 | 000,000,000 | ---D | M] -- C:\Users\Rudolf\AppData\Roaming\Buhl Data Service GmbH
[2013.04.23 22:31:05 | 000,000,000 | ---D | M] -- C:\Users\Rudolf\AppData\Roaming\BullGuard
[2011.04.14 00:06:49 | 000,000,000 | ---D | M] -- C:\Users\Rudolf\AppData\Roaming\Canon
[2010.02.28 00:16:57 | 000,000,000 | ---D | M] -- C:\Users\Rudolf\AppData\Roaming\COMPUTERBILD Browser-Optimierer
[2010.02.28 00:16:57 | 000,000,000 | ---D | M] -- C:\Users\Rudolf\AppData\Roaming\concept design
[2010.02.28 00:16:57 | 000,000,000 | ---D | M] -- C:\Users\Rudolf\AppData\Roaming\DasTelefonbuch Deutschland
[2011.08.12 19:48:22 | 000,000,000 | ---D | M] -- C:\Users\Rudolf\AppData\Roaming\Dateicommander
[2011.11.16 22:27:38 | 000,000,000 | ---D | M] -- C:\Users\Rudolf\AppData\Roaming\DriverCure
[2011.03.02 00:05:11 | 000,000,000 | ---D | M] -- C:\Users\Rudolf\AppData\Roaming\Duden
[2013.05.05 13:45:20 | 000,000,000 | ---D | M] -- C:\Users\Rudolf\AppData\Roaming\DVDVideoSoft
[2010.04.26 11:35:01 | 000,000,000 | ---D | M] -- C:\Users\Rudolf\AppData\Roaming\Engelmann Media
[2012.11.03 21:04:57 | 000,000,000 | ---D | M] -- C:\Users\Rudolf\AppData\Roaming\EPSON
[2011.10.17 20:14:29 | 000,000,000 | ---D | M] -- C:\Users\Rudolf\AppData\Roaming\FileZilla
[2013.06.30 20:00:09 | 000,000,000 | ---D | M] -- C:\Users\Rudolf\AppData\Roaming\FolderColorize
[2010.06.26 21:44:25 | 000,000,000 | ---D | M] -- C:\Users\Rudolf\AppData\Roaming\Foxit
[2010.02.28 00:16:57 | 000,000,000 | ---D | M] -- C:\Users\Rudolf\AppData\Roaming\GlarySoft
[2010.08.27 17:46:03 | 000,000,000 | ---D | M] -- C:\Users\Rudolf\AppData\Roaming\InstantGet
[2013.04.23 22:31:05 | 000,000,000 | ---D | M] -- C:\Users\Rudolf\AppData\Roaming\Iqda
[2011.08.07 21:40:55 | 000,000,000 | ---D | M] -- C:\Users\Rudolf\AppData\Roaming\LG Electronics
[2010.12.20 00:11:12 | 000,000,000 | ---D | M] -- C:\Users\Rudolf\AppData\Roaming\MAGIX
[2010.02.28 00:16:57 | 000,000,000 | ---D | M] -- C:\Users\Rudolf\AppData\Roaming\map&guide
[2012.04.28 21:31:12 | 000,000,000 | ---D | M] -- C:\Users\Rudolf\AppData\Roaming\Mobipocket
[2009.01.08 00:09:32 | 000,000,000 | ---D | M] -- C:\Users\Rudolf\AppData\Roaming\MyHeritage
[2012.12.28 18:29:16 | 000,000,000 | ---D | M] -- C:\Users\Rudolf\AppData\Roaming\Nikon
[2010.02.28 00:17:04 | 000,000,000 | ---D | M] -- C:\Users\Rudolf\AppData\Roaming\Nokia
[2010.02.28 00:17:04 | 000,000,000 | ---D | M] -- C:\Users\Rudolf\AppData\Roaming\Nokia Multimedia Player
[2013.04.02 20:30:06 | 000,000,000 | ---D | M] -- C:\Users\Rudolf\AppData\Roaming\Omun
[2013.05.05 13:45:19 | 000,000,000 | ---D | M] -- C:\Users\Rudolf\AppData\Roaming\OpenCandy
[2011.11.16 22:27:37 | 000,000,000 | ---D | M] -- C:\Users\Rudolf\AppData\Roaming\ParetoLogic
[2010.02.28 00:17:04 | 000,000,000 | ---D | M] -- C:\Users\Rudolf\AppData\Roaming\PC Suite
[2013.02.05 22:32:44 | 000,000,000 | ---D | M] -- C:\Users\Rudolf\AppData\Roaming\PDF Software
[2010.02.28 00:17:04 | 000,000,000 | ---D | M] -- C:\Users\Rudolf\AppData\Roaming\Pegasys Inc
[2013.02.05 22:16:54 | 000,000,000 | ---D | M] -- C:\Users\Rudolf\AppData\Roaming\SpeedyPC Software
[2011.08.12 20:23:51 | 000,000,000 | ---D | M] -- C:\Users\Rudolf\AppData\Roaming\Startpage24
[2013.06.30 20:17:07 | 000,000,000 | ---D | M] -- C:\Users\Rudolf\AppData\Roaming\Stellarium
[2010.02.28 00:17:04 | 000,000,000 | ---D | M] -- C:\Users\Rudolf\AppData\Roaming\T-Online
[2011.06.12 18:14:50 | 000,000,000 | ---D | M] -- C:\Users\Rudolf\AppData\Roaming\Template
[2010.02.28 00:17:04 | 000,000,000 | ---D | M] -- C:\Users\Rudolf\AppData\Roaming\The Complete Genealogy Reporter - FTB
[2010.02.28 00:17:04 | 000,000,000 | ---D | M] -- C:\Users\Rudolf\AppData\Roaming\TomTom
[2011.05.14 18:20:16 | 000,000,000 | ---D | M] -- C:\Users\Rudolf\AppData\Roaming\Tunebite
[2009.11.14 01:08:01 | 000,000,000 | ---D | M] -- C:\Users\Rudolf\AppData\Roaming\TVG
[2011.03.18 16:06:21 | 000,000,000 | ---D | M] -- C:\Users\Rudolf\AppData\Roaming\Ulead Systems
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2010.02.27 23:32:48 | 000,000,000 | -H-D | M] -- C:\$INPLACE.~TR
[2011.12.29 23:10:41 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN
[2010.02.28 00:36:34 | 000,000,000 | -H-D | M] -- C:\$WINDOWS.~Q
[2009.01.31 19:21:05 | 000,000,000 | ---D | M] -- C:\12.000 Office Vorlagen Teil 1
[2009.01.31 18:13:15 | 000,000,000 | ---D | M] -- C:\12.000 Office Vorlagen Teil 3
[2010.04.09 21:19:58 | 000,000,000 | ---D | M] -- C:\650 Office Vorlagen
[2011.05.07 00:58:53 | 000,000,000 | -HSD | M] -- C:\Boot
[2013.08.06 21:58:14 | 000,000,000 | -HSD | M] -- C:\Config.Msi
[2009.07.14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2008.07.22 00:26:05 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2010.09.16 21:14:30 | 000,000,000 | ---D | M] -- C:\downloads
[2012.01.17 21:00:34 | 000,000,000 | ---D | M] -- C:\FW3
[2008.07.22 22:27:32 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2008.06.11 10:25:01 | 000,000,000 | ---D | M] -- C:\MyWorks
[2011.12.07 00:19:02 | 000,000,000 | ---D | M] -- C:\NVIDIA
[2009.07.14 04:37:05 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2013.07.28 19:34:14 | 000,000,000 | R--D | M] -- C:\Program Files
[2013.08.07 12:39:40 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2008.07.22 00:26:05 | 000,000,000 | -HSD | M] -- C:\Programme
[2010.02.27 01:00:27 | 000,000,000 | -HSD | M] -- C:\Recovery
[2011.08.07 21:44:18 | 000,000,000 | ---D | M] -- C:\Sounds
[2013.08.07 12:39:08 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2011.12.29 23:10:28 | 000,000,000 | R--D | M] -- C:\Users
[2011.12.05 23:20:33 | 000,000,000 | ---D | M] -- C:\Vimeo
[2013.02.06 21:48:25 | 000,000,000 | ---D | M] -- C:\VPSdriftmodell
[2013.07.03 20:54:49 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< C:\Windows\system32\*.tsp >
[2009.07.14 03:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp
[2009.07.14 03:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp
[2009.07.14 03:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp
[2009.07.14 03:14:11 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp
[2010.11.20 14:16:53 | 000,281,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp
[2009.06.30 21:43:13 | 000,001,094 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2009.06.30 21:43:14 | 000,001,098 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
[2009.07.14 06:53:46 | 000,032,632 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2009.07.14 06:53:47 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2010.05.23 15:55:13 | 000,001,052 | ---- | C] () -- C:\Windows\Tasks\Google Software Updater.job
[2011.11.16 22:27:27 | 000,000,360 | ---- | C] () -- C:\Windows\Tasks\PC Health Advisor.job
[2011.11.16 22:27:28 | 000,000,378 | ---- | C] () -- C:\Windows\Tasks\PC Health Advisor Defrag.job
[2011.11.16 22:27:28 | 000,000,420 | ---- | C] () -- C:\Windows\Tasks\ParetoLogic Update Version3.job
[2011.11.16 22:27:58 | 000,000,446 | ---- | C] () -- C:\Windows\Tasks\ParetoLogic Registration3.job
[2012.04.22 16:45:34 | 000,000,884 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
[2013.02.05 22:16:40 | 000,000,398 | ---- | C] () -- C:\Windows\Tasks\SpeedyPC Pro.job
[2013.02.05 22:16:40 | 000,000,442 | ---- | C] () -- C:\Windows\Tasks\SpeedyPC Update Version3.job
[2013.02.05 22:16:40 | 000,000,494 | ---- | C] () -- C:\Windows\Tasks\SpeedyPC Update Version3 Startup Task.job
[2013.02.05 22:17:02 | 000,000,470 | ---- | C] () -- C:\Windows\Tasks\SpeedyPC Registration3.job
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
 
< MD5 for: EVENTLOG.DLL  >
[2007.01.12 22:30:08 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files\HomeCinema\PowerDirector\EventLog.dll
 
< MD5 for: EXPLORER.EXE  >
[2011.02.26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2011.02.26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[2010.11.20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[2009.08.03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009.08.03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009.10.31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe
 
< MD5 for: IASTOR.SYS  >
[2007.09.29 23:03:32 | 000,384,024 | ---- | M] (Intel Corporation) MD5=16A4671255CFB842225F0FDB6DBDB414 -- C:\Program Files\Intel\Intel Matrix Storage Manager\Driver64\IaStor.sys
[2007.09.29 23:03:12 | 000,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\Program Files\Intel\Intel Matrix Storage Manager\Driver\IaStor.sys
[2007.09.29 23:03:12 | 000,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\Windows\System32\drivers\iaStor.sys
[2007.09.29 23:03:12 | 000,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_x86_neutral_633476a5a8eb44de\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys
[2011.03.11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys
[2011.03.11 07:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys
[2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
[2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys
[2011.03.11 07:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys
[2011.03.11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys
[2011.03.11 07:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys
[2011.03.11 07:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys
[2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys
[2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
[2010.11.20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll
[2010.11.20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009.10.28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2013.05.22 22:20:21 | 000,357,888 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtmsft.dll
[2013.05.22 22:20:21 | 000,226,816 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtrans.dll
 
< %USERPROFILE%\*.* >
[2010.03.30 22:10:35 | 000,012,811 | ---- | M] () -- C:\Users\Rudolf\Ablaufplan Hochzeit Julia.docx
[2010.08.16 23:20:32 | 000,000,049 | ---- | M] () -- C:\Users\Rudolf\MU-NDS.INI
[2013.08.07 12:44:08 | 007,864,320 | -HS- | M] () -- C:\Users\Rudolf\ntuser.dat
[2013.08.07 12:44:08 | 000,262,144 | -HS- | M] () -- C:\Users\Rudolf\ntuser.dat.LOG1
[2010.02.27 23:52:31 | 000,000,000 | -HS- | M] () -- C:\Users\Rudolf\ntuser.dat.LOG2
[2010.02.27 23:52:31 | 000,065,536 | -HS- | M] () -- C:\Users\Rudolf\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf
[2010.02.27 23:52:31 | 000,524,288 | -HS- | M] () -- C:\Users\Rudolf\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms
[2010.02.27 23:52:31 | 000,524,288 | -HS- | M] () -- C:\Users\Rudolf\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms
[2010.04.09 21:24:18 | 000,065,536 | -HS- | M] () -- C:\Users\Rudolf\ntuser.dat{99c94114-4406-11df-bb19-0021850d4cfe}.TM.blf
[2010.04.09 21:24:18 | 000,524,288 | -HS- | M] () -- C:\Users\Rudolf\ntuser.dat{99c94114-4406-11df-bb19-0021850d4cfe}.TMContainer00000000000000000001.regtrans-ms
[2010.04.09 21:24:18 | 000,524,288 | -HS- | M] () -- C:\Users\Rudolf\ntuser.dat{99c94114-4406-11df-bb19-0021850d4cfe}.TMContainer00000000000000000002.regtrans-ms
[2010.05.10 21:33:15 | 000,065,536 | -HS- | M] () -- C:\Users\Rudolf\ntuser.dat{e1d9be48-5c65-11df-a123-0021850d4cfe}.TM.blf
[2010.05.10 21:33:15 | 000,524,288 | -HS- | M] () -- C:\Users\Rudolf\ntuser.dat{e1d9be48-5c65-11df-a123-0021850d4cfe}.TMContainer00000000000000000001.regtrans-ms
[2010.05.10 21:33:15 | 000,524,288 | -HS- | M] () -- C:\Users\Rudolf\ntuser.dat{e1d9be48-5c65-11df-a123-0021850d4cfe}.TMContainer00000000000000000002.regtrans-ms
[2010.02.27 01:00:37 | 000,000,020 | -HS- | M] () -- C:\Users\Rudolf\ntuser.ini
[2008.12.26 12:18:22 | 001,199,437 | ---- | M] () -- C:\Users\Rudolf\Perspektive Imke.docx
[2009.10.25 15:21:23 | 000,001,074 | RH-- | M] () -- C:\Users\Rudolf\XrxWm.ini
[2009.10.25 15:21:23 | 000,000,522 | RH-- | M] () -- C:\Users\Rudolf\xw45cpdy.dyc
 
< %USERPROFILE%\Local Settings\Temp\*.exe >
 
< %USERPROFILE%\Local Settings\Temp\*.dll >
 
< %USERPROFILE%\Application Data\*.exe >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 307 bytes -> C:\ProgramData\TEMP:8E86D32B

< End of report >
         
--- --- ---
__________________

Alt 07.08.2013, 13:47   #4
markusg
/// Malware-holic
 
GVU-Trojaner eingefangen - Standard

GVU-Trojaner eingefangen



Hi,
benötige doch folgenes:
Scan mit Farbar's Recovery Scan Tool (Recovery Mode - Windows Vista, 7, 8)
Hinweise für Windows 8-Nutzer: Anleitung 1 (FRST-Variante) und Anleitung 2 (zweiter Teil)
  • Downloade dir bitte die passende Version des Tools (im Zweifel beide) und speichere diese auf einen USB Stick: FRST Download FRST 64-Bit
  • Schließe den USB Stick an das infizierte System an und boote das System in die System Reparatur Option.
  • Scanne jetzt nach der bebilderten Anleitung oder verwende die folgende Kurzanleitung:
Über den Boot Manager:
  • Starte den Rechner neu.
  • Während dem Hochfahren drücke mehrmals die F8 Taste
  • Wähle nun Computer reparieren.
  • Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".
Mit Windows CD/DVD (auch bei Windows 8 möglich):
  • Lege die Windows CD in dein Laufwerk.
  • Starte den Rechner neu und starte von der CD.
  • Wähle die Spracheinstellungen und klicke "Weiter".
  • Klicke auf Computerreparaturoptionen !
  • Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".
Wähle in den Reparaturoptionen: Eingabeaufforderung
  • Gib nun bitte notepad ein und drücke Enter.
  • Im öffnenden Textdokument: Datei > Speichern unter... und wähle Computer.
    Hier wird dir der Laufwerksbuchstabe deines USB Sticks angezeigt, merke ihn dir.
  • Schließe Notepad wieder
  • Gib nun bitte folgenden Befehl ein.
    e:\frst.exe bzw. e:\frst64.exe
    Hinweis: e steht für den Laufwerksbuchstaben deines USB Sticks, den du dir gemerkt hast. Gegebenfalls anpassen.
  • Akzeptiere den Disclaimer mit Ja und klicke Untersuchen
Das Tool erstellt eine FRST.txt auf deinem USB Stick. Poste den Inhalt bitte hier nach Möglichkeit in Code-Tags (Anleitung).

__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 07.08.2013, 14:27   #5
fck-fan
 
GVU-Trojaner eingefangen - Standard

GVU-Trojaner eingefangen



Ok, werde mich da durcharbeiten. Danke.

Kann ich das alles auch als angemeldeter Benutzer bei Win 7 anwenden, obwohl das Trojaner-Fenster nur beim Anmelden eines anderen Benutzers erscheint? Oder muss das alles von dem Benutzer durchgeführt werden, bei dem das Fenster erscheint?


Alt 07.08.2013, 14:35   #6
markusg
/// Malware-holic
 
GVU-Trojaner eingefangen - Standard

GVU-Trojaner eingefangen



Der scan muss aus dem recovery Mode ausgeführt werden, wie angegeben
__________________
--> GVU-Trojaner eingefangen

Alt 07.08.2013, 15:56   #7
fck-fan
 
GVU-Trojaner eingefangen - Standard

GVU-Trojaner eingefangen



Hier der Inhalt der FRST.txt Datei, die auf meinem USB-Stick nach dem FRST Scan am betroffenen Computer erstellt wurde.



FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 07-08-2013
Ran by SYSTEM on 07-08-2013 17:11:45
Running from I:\
Windows 7 Home Premium (X86) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and Addition.txt log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [FreePDF Assistant] - C:\Program Files\FreePDF_XP\fpassist.exe [311296 2007-04-25] (shbox.de)
HKLM\...\Run: [IAAnotif] - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [178712 2007-10-03] (Intel Corporation)
HKLM\...\Run: [OODefragTray] - C:\Windows\system32\oodtray.exe [2512392 2007-05-11] (O&O Software GmbH)
HKLM\...\Run: [PCSuiteTrayApplication] - C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe [227328 2007-03-23] (Nokia)
HKLM\...\Run: [BCSSync] - C:\Program Files\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM\...\Run: [BullGuard] - C:\Program Files\BullGuard Ltd\BullGuard\BullGuard.exe [852832 2013-07-25] (BullGuard Ltd.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [EEventManager] - C:\Program Files\Epson Software\Event Manager\EEventManager.exe [979328 2010-10-12] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [StatusAlerts] - C:\Program Files\HP\StatusAlerts\bin\HPStatusAlerts.exe [304696 2011-10-14] (Hewlett-Packard Company)
HKLM\...\Run: [] -  [x]
HKLM\...\Run: [Nikon Message Center 2] - C:\Program Files\Nikon\Nikon Message Center 2\NkMC2.exe [571392 2011-10-30] (Nikon Corporation)
HKLM\...\Run: [BullGuardUpdate2] - c:\program files\bullguard ltd\bullguard\BullGuardUpdate2.exe [1879392 2013-07-25] (BullGuard Ltd.)
HKLM\...\Run: [Nvtmru] - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1012000 2013-05-16] (NVIDIA Corporation)
HKU\Arne\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [ 2010-11-20] (Microsoft Corporation)
HKU\Arne\...\Run: [EPSON Stylus SX200 Series] - C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIEFE.EXE /FU "C:\Users\Rudolf\AppData\Local\Temp\E_S62DA.tmp" /EF "HKCU" [x] <===== ATTENTION
HKU\Arne\...\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] - C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe [ 2008-02-28] (Nero AG)
HKU\Arne\...\Run: [TomTomHOME.exe] - C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe [ 2012-08-28] (TomTom)
HKU\Arne\...\Run: [EPSON Stylus SX200 Series (Kopie 1)] - C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIEFE.EXE /FU "C:\Windows\TEMP\E_S61E5.tmp" /EF "HKCU" [x] <===== ATTENTION
HKU\Arne\...\RunOnce: [FlashPlayerUpdate] - C:\Windows\system32\Macromed\Flash\FlashUtil32_11_7_700_224_Plugin.exe [ 2013-06-11] (Adobe Systems Incorporated)
HKU\Berbel.Rudolf-PC\...\Run: [EPSON Stylus SX200 Series (Kopie 1)] - C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIEFE.EXE /FU "C:\Users\BERBEL~1.RUD\AppData\Local\Temp\E_SEF8C.tmp" /EF "HKCU" [x] <===== ATTENTION
HKU\Helge\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [ 2010-11-20] (Microsoft Corporation)
HKU\Helge\...\Run: [EPSON Stylus SX200 Series] - C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIEFE.EXE /FU "C:\Users\Rudolf\AppData\Local\Temp\E_S62DA.tmp" /EF "HKCU" [x] <===== ATTENTION
HKU\Helge\...\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] - C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe [ 2008-02-28] (Nero AG)
HKU\Helge\...\Run: [TomTomHOME.exe] - C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe [ 2012-08-28] (TomTom)
HKU\Helge\...\Run: [EPSON Stylus SX200 Series (Kopie 1)] - C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIEFE.EXE /FU "C:\Windows\TEMP\E_S61E5.tmp" /EF "HKCU" [x] <===== ATTENTION
HKU\Imke\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [ 2010-11-20] (Microsoft Corporation)
HKU\Imke\...\Run: [EPSON Stylus SX200 Series] - C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIEFE.EXE /FU "C:\Users\Rudolf\AppData\Local\Temp\E_S62DA.tmp" /EF "HKCU" [x] <===== ATTENTION
HKU\Imke\...\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] - C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe [ 2008-02-28] (Nero AG)
HKU\Imke\...\Run: [TomTomHOME.exe] - C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe [ 2012-08-28] (TomTom)
HKU\Imke\...\Run: [EPSON Stylus SX200 Series (Kopie 1)] - C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIEFE.EXE /FU "C:\Windows\TEMP\E_S61E5.tmp" /EF "HKCU" [x] <===== ATTENTION
HKU\Rudolf\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [ 2010-11-20] (Microsoft Corporation)
HKU\Rudolf\...\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] - C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe [ 2008-02-28] (Nero AG)
HKU\UpdatusUser\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [ 2010-11-20] (Microsoft Corporation)
HKU\UpdatusUser\...\Run: [EPSON Stylus SX200 Series] - C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIEFE.EXE /FU "C:\Users\Rudolf\AppData\Local\Temp\E_S62DA.tmp" /EF "HKCU" [x] <===== ATTENTION
HKU\UpdatusUser\...\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] - C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe [ 2008-02-28] (Nero AG)
HKU\UpdatusUser\...\Run: [TomTomHOME.exe] - C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe [ 2012-08-28] (TomTom)
HKU\UpdatusUser\...\Run: [EPSON Stylus SX200 Series (Kopie 1)] - C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIEFE.EXE /FU "C:\Windows\TEMP\E_S61E5.tmp" /EF "HKCU" [x] <===== ATTENTION
HKU\UpdatusUser\...\RunOnce: [FlashPlayerUpdate] - C:\Windows\system32\Macromed\Flash\FlashUtil10t_Plugin.exe -update plugin [x]
HKU\UpdatusUser\...\RunOnce: [sxAutoReg] - C:\Program Files\Internet Explorer\iexplore.exe [ 2013-06-12] (Microsoft Corporation)
Startup: C:\Users\Helge\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\fkcovysallamioovjgi.lnk
ShortcutTarget: fkcovysallamioovjgi.lnk -> C:\Users\Helge\AppData\Local\Temp\igjvooimallasyvockf.bfg ()
BootExecute: autocheck autochk * OODBS

========================== Services (Whitelisted) =================

S2 AAV UpdateService; C:\Program Files\AAVUpdateManager\aavus.exe [128296 2008-10-24] ()
S2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
S2 BsBackup; C:\Program Files\BullGuard Ltd\BullGuard\BsBackup.dll [560992 2013-07-25] (BullGuard Ltd.)
S2 BsBhvScan; C:\Program Files\BullGuard Ltd\BullGuard\BullGuardBhvScanner.exe [376736 2013-08-07] (BullGuard Ltd.)
S2 BsFileScan; c:\program files\bullguard ltd\bullguard\BsFileScan.dll [307552 2013-07-25] (BullGuard Ltd.)
S2 BsFire; c:\program files\bullguard ltd\bullguard\BsFire.dll [478048 2013-07-25] (BullGuard Ltd.)
S2 BsMailProxy; c:\program files\bullguard ltd\bullguard\BsMailProxy\BsMailProxy.dll [495456 2013-07-25] (BullGuard Ltd.)
S2 BsMain; C:\Program Files\BullGuard Ltd\BullGuard\BsMain.dll [261472 2013-07-25] (BullGuard Ltd.)
S2 BsScanner; C:\Program Files\BullGuard Ltd\BullGuard\BullGuardScanner.exe [212832 2013-07-25] (BullGuard Ltd.)
S2 BsUpdate; C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe [288096 2013-07-25] (BullGuard Ltd.)
S2 EpsonBidirectionalService; C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe [94208 2006-12-19] (SEIKO EPSON CORPORATION)
S2 EPSON_EB_RPCV4_01; C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE [143872 2007-12-17] (SEIKO EPSON CORPORATION)
S2 EPSON_PM_RPCV4_01; C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE [113664 2007-01-11] (SEIKO EPSON CORPORATION)
S2 EPSON_PM_RPCV4_04; C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE [142432 2012-02-21] (SEIKO EPSON CORPORATION)
S2 Fabs; C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe [1253376 2009-08-27] (MAGIX AG)
S3 FirebirdServerMAGIXInstance; C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe [3276800 2008-08-07] (MAGIX®)
S3 GoogleDesktopManager; C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe [69120 2008-07-21] (Google)
S2 gupdate1c98b0b12b4a6e0; C:\Program Files\Google\Update\GoogleUpdate.exe [133104 2009-02-10] (Google Inc.)
S3 HP DS Service; C:\Program Files\HP\HPBDSService\HPBDSService.exe [13824 2011-10-17] (Hewlett-Packard Company)
S2 HP LaserJet Service; C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe [164352 2011-08-04] (HP)
S2 O&O Defrag; C:\Windows\system32\oodag.exe [1050120 2007-05-11] (O&O Software GmbH)
S2 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [237638 2008-06-03] ()
S2 Soda PDF Service; C:\Program Files\Soda PDF\ConversionService.exe [807760 2010-12-03] (LULU Software)
S3 SXDS10; C:\Program Files\Common Files\soft Xpansion\SXDS10.exe [160768 2009-07-13] (soft Xpansion)
S2 x10nets; C:\Program Files\Common Files\X10\Common\X10nets.exe [20480 2001-11-12] (X10)

==================== Drivers (Whitelisted) ====================

S1 AFW; C:\Windows\System32\DRIVERS\afw.sys [33888 2013-03-04] (Agnitum Ltd.)
S3 afwcore; C:\Windows\System32\DRIVERS\afwcore.sys [337504 2013-03-04] (Agnitum Ltd.)
S3 athur; C:\Windows\System32\DRIVERS\athur.sys [1500160 2010-01-05] (Atheros Communications, Inc.)
S3 BdNet; C:\Windows\System32\drivers\BdNet.sys [27760 2013-03-04] (BullGuard Ltd.)
S1 BdSpy; C:\Windows\System32\DRIVERS\BdSpy.sys [64624 2013-03-21] (BullGuard Ltd.)
S1 cdrbsdrv; C:\Windows\System32\Drivers\cdrbsdrv.sys [33408 2009-06-17] (B.H.A Corporation)
S2 drhard; C:\Windows\System32\Drivers\drhard.sys [23600 2005-12-01] (Licensed for Gebhard Software)
S1 DslMNLwf; C:\Windows\System32\DRIVERS\dslmnlwf.sys [16448 2007-08-01] (T-Systems Enterprise Services GmbH)
S1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [26024 2009-12-17] (Elaborate Bytes AG)
S3 netr28u; C:\Windows\System32\DRIVERS\netr28u.sys [657408 2009-07-13] (Ralink Technology Corp.)
S2 npf; C:\Windows\System32\drivers\npf.sys [50704 2010-01-27] (CACE Technologies, Inc.)
S3 Ph3xIB32; C:\Windows\System32\DRIVERS\Ph3xIB32.sys [1311232 2009-07-13] (NXP Semiconductors)
S3 RRNetCap; C:\Windows\System32\DRIVERS\rrnetcap.sys [31848 2011-11-17] (RapidSolution Software AG)
S3 RRNetCapMP; C:\Windows\System32\DRIVERS\rrnetcap.sys [31848 2011-11-17] (RapidSolution Software AG)
S3 tbhsd; C:\Windows\System32\drivers\tbhsd.sys [39016 2011-11-17] (RapidSolution Software AG)
S3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [343456 2013-03-04] (BitDefender S.R.L.)
S3 usbbus; C:\Windows\System32\DRIVERS\lgusbbus.sys [13056 2008-11-19] (LG Electronics Inc.)
S3 UsbDiag; C:\Windows\System32\DRIVERS\lgusbdiag.sys [19968 2008-11-19] (LG Electronics Inc.)
S3 USBModem; C:\Windows\System32\DRIVERS\lgusbmodem.sys [24832 2008-11-19] (LG Electronics Inc.)
S3 XUIF; C:\Windows\System32\Drivers\x10ufx2.sys [27416 2006-11-30] (X10 Wireless Technology, Inc.)
S3 dsltestSp5; System32\Drivers\dsltestSp5.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-08-07 17:11 - 2013-08-07 17:11 - 00000000 ____D C:\FRST
2013-08-07 16:04 - 2013-08-07 16:04 - 00000512 _____ C:\Windows\System32\F39D4DE6-98B8-4E05-91BD-549E8A8248BD
2013-08-07 13:28 - 2013-08-07 13:28 - 00000000 _____ C:\Users\Rudolf\Desktop\Neues Textdokument.txt
2013-08-07 12:28 - 2013-08-07 12:28 - 00089888 _____ C:\Users\Rudolf\Desktop\Extras.Txt
2013-08-07 12:27 - 2013-08-07 12:27 - 00199578 _____ C:\Users\Rudolf\Desktop\OTL.Txt
2013-08-07 11:29 - 2013-08-07 11:29 - 00602112 _____ (OldTimer Tools) C:\Users\Rudolf\Desktop\OTL.exe
2013-08-06 17:00 - 2013-08-06 17:00 - 00000000 ____D C:\Users\Arne\AppData\Local\Macromedia
2013-08-06 16:57 - 2013-08-06 16:57 - 00000000 ____D C:\Users\Arne\AppData\Local\Mozilla
2013-08-06 16:53 - 2013-08-06 16:57 - 00000000 ____D C:\Users\Arne\AppData\Roaming\Mozilla
2013-08-06 16:42 - 2013-08-06 16:42 - 00000000 ____D C:\Users\Helge\AppData\Roaming\DivX
2013-08-06 12:02 - 2013-08-06 12:11 - 107312646 _____ C:\Users\Helge\Downloads\Patrick_Moraz-Story_of_I(1976).rar
2013-07-28 18:34 - 2013-07-28 18:34 - 00001869 _____ C:\Users\Public\Desktop\MyKeyFinder.lnk
2013-07-28 18:34 - 2013-07-28 18:34 - 00000000 ____D C:\Users\Rudolf\AppData\Local\Abelssoft
2013-07-28 18:34 - 2013-07-28 18:34 - 00000000 ____D C:\Program Files\MyKeyFinder
2013-07-28 11:55 - 2013-07-28 11:55 - 00001028 _____ C:\Users\Public\Desktop\VLC media player.lnk
2013-07-25 22:31 - 2013-07-25 22:31 - 00113088 _____ (BullGuard Ltd.) C:\Windows\System32\BgGamingMonitor.dll
2013-07-25 22:31 - 2013-07-25 22:31 - 00060256 _____ (BullGuard Ltd.) C:\Windows\System32\BGLsp.dll
2013-07-12 18:50 - 2013-07-12 18:50 - 00000000 ____D C:\Users\Rudolf\AppData\Local\Teldat
2013-07-12 18:50 - 2013-07-12 18:48 - 00002217 _____ C:\Users\Rudolf\Desktop\Konfiguration der Telefonanlage.lnk
2013-07-12 18:47 - 2013-07-12 18:47 - 00000000 ____D C:\Program Files\Teldat WIN-Tools
2013-07-10 19:45 - 2013-06-12 00:43 - 14329856 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-07-10 19:45 - 2013-06-12 00:43 - 02877440 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-07-10 19:45 - 2013-06-12 00:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-07-10 19:45 - 2013-06-12 00:43 - 01141248 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-07-10 19:45 - 2013-06-12 00:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-07-10 19:45 - 2013-06-12 00:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-07-10 19:45 - 2013-06-12 00:43 - 00042496 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-07-10 19:45 - 2013-06-12 00:43 - 00039424 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-07-10 19:45 - 2013-06-12 00:42 - 13760512 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-07-10 19:45 - 2013-06-12 00:42 - 02046976 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-07-10 19:45 - 2013-06-12 00:42 - 00391168 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-07-10 19:45 - 2013-06-12 00:42 - 00109056 _____ (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-07-10 19:45 - 2013-06-12 00:42 - 00061440 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-07-10 19:45 - 2013-06-12 00:42 - 00033280 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-07-10 19:45 - 2013-06-11 23:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-07-10 19:45 - 2013-06-07 03:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-07-10 19:29 - 2013-04-10 00:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2013-07-10 19:28 - 2013-06-05 04:05 - 02347520 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-07-10 19:28 - 2013-06-04 05:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\System32\qedit.dll
2013-07-10 19:28 - 2013-05-06 05:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\System32\WMVDECOD.DLL

==================== One Month Modified Files and Folders =======

2013-08-07 17:00 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\LogFiles
2013-08-07 16:04 - 2013-08-07 16:04 - 00000512 _____ C:\Windows\System32\F39D4DE6-98B8-4E05-91BD-549E8A8248BD
2013-08-07 16:04 - 2013-05-11 14:28 - 17545776 _____ C:\Windows\setupact.log
2013-08-07 16:04 - 2011-12-07 22:38 - 00000664 _____ C:\Windows\System32\config\afw_hm.conf
2013-08-07 16:04 - 2011-12-07 22:38 - 00000004 _____ C:\Windows\System32\config\afw_db.conf
2013-08-07 16:04 - 2011-12-07 22:34 - 00000000 ____D C:\ProgramData\BullGuard
2013-08-07 16:04 - 2009-01-02 19:12 - 00000375 _____ C:\Windows\System32\Drivers\etc\hosts.ics
2013-08-07 16:04 - 2008-05-27 08:57 - 00000000 ____D C:\ProgramData\NVIDIA
2013-08-07 16:03 - 2009-01-18 20:43 - 02266675 _____ C:\Windows\System32\oodbs.lor
2013-08-07 15:57 - 2010-02-27 23:53 - 02029490 _____ C:\Windows\WindowsUpdate.log
2013-08-07 15:57 - 2010-02-27 22:50 - 00010736 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-07 15:57 - 2010-02-27 22:50 - 00010736 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-07 15:42 - 2013-05-11 14:28 - 00079668 _____ C:\Windows\PFRO.log
2013-08-07 13:28 - 2013-08-07 13:28 - 00000000 _____ C:\Users\Rudolf\Desktop\Neues Textdokument.txt
2013-08-07 12:28 - 2013-08-07 12:28 - 00089888 _____ C:\Users\Rudolf\Desktop\Extras.Txt
2013-08-07 12:27 - 2013-08-07 12:27 - 00199578 _____ C:\Users\Rudolf\Desktop\OTL.Txt
2013-08-07 11:36 - 2010-02-27 22:51 - 01696914 _____ C:\Windows\System32\PerfStringBackup.INI
2013-08-07 11:29 - 2013-08-07 11:29 - 00602112 _____ (OldTimer Tools) C:\Users\Rudolf\Desktop\OTL.exe
2013-08-06 20:58 - 2011-11-20 10:15 - 00002174 _____ C:\Users\Public\Desktop\Google Earth.lnk
2013-08-06 20:58 - 2008-07-21 23:21 - 00000000 ____D C:\Program Files\Google
2013-08-06 17:00 - 2013-08-06 17:00 - 00000000 ____D C:\Users\Arne\AppData\Local\Macromedia
2013-08-06 16:57 - 2013-08-06 16:57 - 00000000 ____D C:\Users\Arne\AppData\Local\Mozilla
2013-08-06 16:57 - 2013-08-06 16:53 - 00000000 ____D C:\Users\Arne\AppData\Roaming\Mozilla
2013-08-06 16:54 - 2008-10-12 13:19 - 00000000 ____D C:\Users\Arne\AppData\Roaming\BullGuard
2013-08-06 16:42 - 2013-08-06 16:42 - 00000000 ____D C:\Users\Helge\AppData\Roaming\DivX
2013-08-06 12:57 - 2012-08-08 16:38 - 00000000 ____D C:\Users\Helge\AppData\Roaming\vlc
2013-08-06 12:11 - 2013-08-06 12:02 - 107312646 _____ C:\Users\Helge\Downloads\Patrick_Moraz-Story_of_I(1976).rar
2013-07-28 18:34 - 2013-07-28 18:34 - 00001869 _____ C:\Users\Public\Desktop\MyKeyFinder.lnk
2013-07-28 18:34 - 2013-07-28 18:34 - 00000000 ____D C:\Users\Rudolf\AppData\Local\Abelssoft
2013-07-28 18:34 - 2013-07-28 18:34 - 00000000 ____D C:\Program Files\MyKeyFinder
2013-07-28 13:46 - 2008-07-27 00:55 - 00000000 ___RD C:\Users\Rudolf\Documents\BWK
2013-07-28 12:43 - 2008-12-11 21:15 - 00000000 ____D C:\ProgramData\FreePDF
2013-07-28 12:41 - 2013-05-18 21:31 - 00000388 _____ C:\fpRedmon.log
2013-07-28 11:58 - 2009-11-14 00:09 - 00000000 ____D C:\Users\Rudolf\AppData\Roaming\vlc
2013-07-28 11:55 - 2013-07-28 11:55 - 00001028 _____ C:\Users\Public\Desktop\VLC media player.lnk
2013-07-25 22:31 - 2013-07-25 22:31 - 00113088 _____ (BullGuard Ltd.) C:\Windows\System32\BgGamingMonitor.dll
2013-07-25 22:31 - 2013-07-25 22:31 - 00060256 _____ (BullGuard Ltd.) C:\Windows\System32\BGLsp.dll
2013-07-14 22:10 - 2011-07-12 21:21 - 00000000 ____D C:\Users\Rudolf\Desktop\Achtum
2013-07-12 18:53 - 2008-07-27 00:42 - 00000000 ___RD C:\Users\Rudolf\Documents\Privat
2013-07-12 18:50 - 2013-07-12 18:50 - 00000000 ____D C:\Users\Rudolf\AppData\Local\Teldat
2013-07-12 18:49 - 2011-10-30 14:02 - 00000046 _____ C:\Windows\hmview.ini
2013-07-12 18:48 - 2013-07-12 18:50 - 00002217 _____ C:\Users\Rudolf\Desktop\Konfiguration der Telefonanlage.lnk
2013-07-12 18:48 - 2008-05-26 13:27 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2013-07-12 18:47 - 2013-07-12 18:47 - 00000000 ____D C:\Program Files\Teldat WIN-Tools
2013-07-12 18:43 - 2008-09-22 22:22 - 00000000 ____D C:\Program Files\DIFX
2013-07-12 18:42 - 2011-10-30 14:31 - 00000000 ____D C:\Program Files\T-Home
2013-07-10 22:16 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\Microsoft.NET
2013-07-10 20:39 - 2009-07-14 05:33 - 00510536 _____ C:\Windows\System32\FNTCACHE.DAT
2013-07-10 20:38 - 2008-05-26 13:11 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-10 20:36 - 2009-07-14 09:56 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-10 20:36 - 2009-07-14 05:52 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-10 19:46 - 2008-05-26 15:29 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-07-10 19:39 - 2010-03-14 18:24 - 75699896 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-07-08 19:43 - 2009-04-13 12:36 - 00000000 ____D C:\Users\Rudolf\Documents\Steuerfälle

==================== Known DLLs (Whitelisted) ============


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================

Restore point made on: 2013-03-14 00:33:22
Restore point made on: 2013-03-24 19:04:41
Restore point made on: 2013-03-24 21:19:42
Restore point made on: 2013-03-28 00:29:08
Restore point made on: 2013-04-05 09:22:23
Restore point made on: 2013-04-10 23:35:23
Restore point made on: 2013-04-15 23:01:24
Restore point made on: 2013-04-23 21:29:52
Restore point made on: 2013-04-23 23:50:27
Restore point made on: 2013-04-24 22:19:05
Restore point made on: 2013-05-05 12:29:37
Restore point made on: 2013-05-11 14:25:51
Restore point made on: 2013-05-15 13:12:45
Restore point made on: 2013-05-22 21:17:44
Restore point made on: 2013-05-31 21:31:14
Restore point made on: 2013-06-07 21:59:44
Restore point made on: 2013-06-12 14:34:55
Restore point made on: 2013-06-16 20:46:05
Restore point made on: 2013-06-24 19:40:26
Restore point made on: 2013-07-05 21:36:10
Restore point made on: 2013-07-10 19:33:58
Restore point made on: 2013-07-12 18:42:33
Restore point made on: 2013-07-12 18:47:15
Restore point made on: 2013-07-27 13:16:53
Restore point made on: 2013-08-05 20:53:39
Restore point made on: 2013-08-07 11:39:05

==================== Memory info =========================== 

Percentage of memory in use: 15%
Total physical RAM: 3070.18 MB
Available physical RAM: 2596.46 MB
Total Pagefile: 3068.45 MB
Available Pagefile: 2593.25 MB
Total Virtual: 2047.88 MB
Available Virtual: 1930.44 MB

==================== Drives ================================

Drive c: (BOOT) (Fixed) (Total:445.75 GB) (Free:203.31 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (RECOVER) (Fixed) (Total:19.99 GB) (Free:11.41 GB) FAT32
Drive i: () (Removable) (Total:3.84 GB) (Free:3.84 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 341942CD)
Partition 1: (Active) - (Size=446 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=20 GB) - (Type=OF Extended)

========================================================
Disk: 4 (Size: 4 GB) (Disk ID: 8A5C34AE)
Partition 1: (Not Active) - (Size=4 GB) - (Type=0B)


LastRegBack: 2013-08-05 20:46

==================== End Of Log ============================
         
--- --- ---

Geändert von fck-fan (07.08.2013 um 16:16 Uhr)

Alt 07.08.2013, 16:11   #8
markusg
/// Malware-holic
 
GVU-Trojaner eingefangen - Standard

GVU-Trojaner eingefangen



was soll ich mit solch einem Post anfangen?
bitte poste bei Fragen bzw problemen, oder wenn das Log fertig sind.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 07.08.2013, 16:30   #9
fck-fan
 
GVU-Trojaner eingefangen - Standard

GVU-Trojaner eingefangen



Zitat:
Zitat von markusg Beitrag anzeigen
Das Tool erstellt eine FRST.txt auf deinem USB Stick. Poste den Inhalt bitte hier nach Möglichkeit in Code-TagsScan mit Farbar's Recovery Scan Tool (Recovery Mode - Windows Vista, 7, 8)
Hinweise für Windows 8-Nutzer: Anleitung 1 (FRST-Variante) und Anleitung 2 (zweiter Teil)
  • Downloade dir bitte die passende Version des Tools (im Zweifel beide) und speichere diese auf einen USB Stick: FRST Download FRST 32-Bit | FRST 64-Bit
  • Schließe den USB Stick an das infizierte System an und boote das System in die System Reparatur Option.
  • Scanne jetzt nach der bebilderten Anleitung oder verwende die folgende Kurzanleitung:
Über den Boot Manager:
  • Starte den Rechner neu.
  • Während dem Hochfahren drücke mehrmals die F8 Taste
  • Wähle nun Computer reparieren.
  • Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".
Mit Windows CD/DVD (auch bei Windows 8 möglich):
  • Lege die Windows CD in dein Laufwerk.
  • Starte den Rechner neu und starte von der CD.
  • Wähle die Spracheinstellungen und klicke "Weiter".
  • Klicke auf Computerreparaturoptionen !
  • Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".
Wähle in den Reparaturoptionen: Eingabeaufforderung
  • Gib nun bitte notepad ein und drücke Enter.
  • Im öffnenden Textdokument: Datei > Speichern unter... und wähle Computer.
    Hier wird dir der Laufwerksbuchstabe deines USB Sticks angezeigt, merke ihn dir.
  • Schließe Notepad wieder
  • Gib nun bitte folgenden Befehl ein.
    e:\frst.exe bzw. e:\frst64.exe
    Hinweis: e steht für den Laufwerksbuchstaben deines USB Sticks, den du dir gemerkt hast. Gegebenfalls anpassen.
  • Akzeptiere den Disclaimer mit Ja und klicke Untersuchen
Das Tool erstellt eine FRST.txt auf deinem USB Stick. Poste den Inhalt bitte hier nach Möglichkeit in Code-Tags (Anleitung).
Ich dachte, ich soll den Inhalt von FRST.txt hier posten? Was genau habe ich falsch gemacht?


Tante Edit sagt:

All right. Haben uns wohl missverstanden.

Geändert von fck-fan (07.08.2013 um 16:37 Uhr)

Alt 07.08.2013, 16:36   #10
markusg
/// Malware-holic
 
GVU-Trojaner eingefangen - Standard

GVU-Trojaner eingefangen



du hast deinen beitrag um 17.16 geendert, ich habe aber um 17.11 geantwortet also war mein post zu der Zeit noch gerechtfertitg :-)
ich editiere gleich mehr rein.
Drücke bitte die + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
Startup: C:\Users\Helge\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\fkcovysallamioovjgi.lnk
ShortcutTarget: fkcovysallamioovjgi.lnk -> C:\Users\Helge\AppData\Local\Temp\igjvooimallasyvockf.bfg ()
C:\Users\Helge\AppData\Local\Temp\igjvooimallasyvockf.bfg
         
Speichere diese bitte als Fixlist.txt auf deinem USB Stick.
  • Starte deinen Rechner erneut in die Reparaturoptionen
  • Starte nun die FRST.exe erneut und klicke den Entfernen Button.

Das Tool erstellt eine Fixlog.txt auf deinem USB Stick. Poste den Inhalt bitte hier.


Wenn du das betroffene Konto wieder starten kannst:
Navigiere bitte zu:
C:\FRST\Quarantine
Rechtsklick, mit Winrar oder einem anderen Archvierer packen und im Uploadchannel hochladen.
http://upload.trojaner-board.de
Empfehlungen fürs Deinstallieren
Bitte kopiere die Liste der installierten Programme aus der additions.txt hier in deinen Thread. Notiere mir bitte
hinter jede Zeile, ob folgendes Kategorie zutrifft: Unbekannt, Nötig, Unnötig
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 07.08.2013, 17:00   #11
fck-fan
 
GVU-Trojaner eingefangen - Standard

GVU-Trojaner eingefangen



Super. Mein Desktop ist wieder hergestellt und das Fenster vom Trojaner ist verschwunden! Ich kann mich nur 1000 mal bedanken! Wie so ein Trojaner den Kopf bumsen kann. Eindeutig zu viele schlechte Menschen auf diesem Planeten. Umso schöner, dass ihr mir geholfen habt.

Hatte übrigens vorhin den USB-Stick in einem USB-Hub, deshalb funktionierte es nicht. Also USB-Stick sollte scheinbar direkt in den Rechner, wenn man mit FRST arbeiten will.

Wo finde ich die additions.txt fürs Deinstallieren?



Hier der Inhalt von Fixlog.txt:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 07-08-2013
Ran by SYSTEM at 2013-08-07 17:48:39 Run:1
Running from I:\
Boot Mode: Recovery

==============================================

C:\Users\Helge\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\fkcovysallamioovjgi.lnk => Moved successfully.
ShortcutTarget: fkcovysallamioovjgi.lnk -> C:\Users\Helge\AppData\Local\Temp\igjvooimallasyvockf.bfg () not found.
"C:\Users\Helge\AppData\Local\Temp\igjvooimallasyvockf.bfg" => File/Directory not found.

==== End of Fixlog ====

Alt 07.08.2013, 17:10   #12
markusg
/// Malware-holic
 
GVU-Trojaner eingefangen - Standard

GVU-Trojaner eingefangen



Hi, sorry, mach mal bitte mit dem Upload weiter, das mit der Additions.txt kommt später.
Wenn der Upload durch ist, anweisung steht in meinem letzten Post, gehts bitte hiermit weiter:
Es sind 2 Logs zu erstellen, möglichst gleichzeitig posten.
1.
Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.


2.
Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 07.08.2013, 17:15   #13
fck-fan
 
GVU-Trojaner eingefangen - Standard

GVU-Trojaner eingefangen



Hm, Upload hat nicht geklappt, bekomme folgende Meldung beim Upload Channel:

Fehler: Die Dateien konnten nicht empfangen werden. Bitte melden Sie sich im Forum.

Alt 07.08.2013, 17:27   #14
markusg
/// Malware-holic
 
GVU-Trojaner eingefangen - Standard

GVU-Trojaner eingefangen



File-Upload.net - Ihr kostenloser File Hoster!
da hochladen, Link als private Nachicht an mich
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 07.08.2013, 17:33   #15
markusg
/// Malware-holic
 
GVU-Trojaner eingefangen - Standard

GVU-Trojaner eingefangen



Passt, danke.
weiter mit Combofix und TDSS-Killer.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Antwort

Themen zu GVU-Trojaner eingefangen
32 bit, anderen, anderer, angeblich, angemeldet, anmelden, benutzerkonten, countdown, desktop, down, eingefangen, ergebnis, fenster, gen, melde, melden, menschen, posten, programm, scan, task-manager, trojaner, wechsel, wechseln, win, wirklich



Ähnliche Themen: GVU-Trojaner eingefangen


  1. Trojaner eingefangen?
    Log-Analyse und Auswertung - 17.10.2015 (13)
  2. Trojaner eingefangen
    Plagegeister aller Art und deren Bekämpfung - 19.12.2013 (10)
  3. GVU Trojaner eingefangen...
    Plagegeister aller Art und deren Bekämpfung - 17.05.2013 (43)
  4. Viren eingefangen (JAVA/dldr.lamar.TP), auch Trojaner (Polizei.Trojaner) gefunden
    Log-Analyse und Auswertung - 07.05.2013 (15)
  5. GVU Trojaner eingefangen
    Plagegeister aller Art und deren Bekämpfung - 24.02.2013 (6)
  6. GVU Trojaner eingefangen!
    Log-Analyse und Auswertung - 17.10.2012 (2)
  7. GVU Trojaner eingefangen
    Plagegeister aller Art und deren Bekämpfung - 22.09.2012 (17)
  8. Gvu Trojaner 2.07 Eingefangen
    Log-Analyse und Auswertung - 21.08.2012 (6)
  9. GVU Trojaner eingefangen?
    Plagegeister aller Art und deren Bekämpfung - 07.08.2012 (11)
  10. GVU-Trojaner 2.07 eingefangen
    Log-Analyse und Auswertung - 25.07.2012 (11)
  11. GVU Trojaner eingefangen
    Plagegeister aller Art und deren Bekämpfung - 22.07.2012 (19)
  12. 50€ Trojaner eingefangen
    Log-Analyse und Auswertung - 13.02.2012 (21)
  13. Trojaner eingefangen
    Log-Analyse und Auswertung - 13.02.2012 (1)
  14. Trojaner eingefangen....
    Log-Analyse und Auswertung - 27.04.2011 (1)
  15. Trojaner eingefangen
    Plagegeister aller Art und deren Bekämpfung - 16.07.2010 (2)
  16. Trojaner eingefangen?
    Log-Analyse und Auswertung - 03.03.2009 (0)
  17. Trojaner VX2 eingefangen
    Log-Analyse und Auswertung - 03.05.2005 (8)

Zum Thema GVU-Trojaner eingefangen - Hallo, ich habe diesen GVU Trojaner, angeblich vom BKA mit Angela Merkel-Foto oben und der Aufforderung 100 € per paysafecard zu überweisen. Es ist mit einem Countdown, der immer 48 - GVU-Trojaner eingefangen...
Archiv
Du betrachtest: GVU-Trojaner eingefangen auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.