GVU Trojaner Windows Vista
 

Schönen guten Abend,

ich habe mir offensichtlich den GVU-Trojaner eingefangen. Eine Systemwiederherstellung über einen Wiederherstellungspunkt funktioniert nicht.

Habe mir im abgesicherten Modus OTL.exe runtergeladen und durchlaufen lassen.
Die zwei kreierten Log-Files hänge ich hier mal mit dran.

Was muss ich nun tun? Kann mir jemand helfen?

Vielen Dank im Voraus!

Die Liese.

OTL logfile created on: 16.05.2013 21:51:47 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\LinNancyUwe\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

1,99 Gb Total Physical Memory | 1,40 Gb Available Physical Memory | 70,52% Memory free
2,39 Gb Paging File | 1,96 Gb Available in Paging File | 81,75% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 68,77 Gb Total Space | 0,23 Gb Free Space | 0,34% Space Free | Partition Type: NTFS
Drive D: | 68,56 Gb Total Space | 56,62 Gb Free Space | 82,59% Space Free | Partition Type: NTFS

Computer Name: LINNANCYUWE-PC | User Name: LinNancyUwe | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\LinNancyUwe\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe (Adobe Systems, Inc.)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Ad-Aware\aawservice.exe (Lavasoft)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)


========== Modules (No Company Name) ==========

MOD - C:\Windows\System32\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
MOD - C:\Programme\Mozilla Firefox\mozjs.dll ()


========== Services (SafeList) ==========

SRV - (Winmgmt) -- C:\Users\LINNAN~1\AppData\Local\Temp\MVbCn7d.exe File not found
SRV - (gupdatem) -- C:\Program Files\Google\Update\GoogleUpdate.exe /medsvc File not found
SRV - (gupdate) -- C:\Program Files\Google\Update\GoogleUpdate.exe /svc File not found
SRV - (SProtection) -- C:\Programme\Common Files\Umbrella\umbrella.exe (Iminent)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (TelevisionFanaticService) -- C:\Programme\TelevisionFanatic\bar\1.bin\64barsvc.exe (COMPANYVERS_NAME)
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (Application Updater) -- C:\Programme\Application Updater\ApplicationUpdater.exe (Spigot, Inc.)
SRV - (Web Assistant) -- C:\Programme\Web Assistant\ExtensionUpdaterService.exe ()
SRV - (BrowserProtect) -- C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe ()
SRV - (IBUpdaterService) -- C:\Windows\System32\dmwu.exe ()
SRV - (Netzmanager Service) -- C:\Programme\Netzmanager\NMInfraIS2\Netzmanager_Service.exe (Deutsche Telekom AG)
SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (aawservice) -- C:\Programme\Ad-Aware\aawservice.exe (Lavasoft)
SRV - (eDataSecurity Service) -- C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
SRV - (eNet Service) -- C:\Acer\Empowering Technology\eNet\eNet Service.exe (Acer Inc.)
SRV - (eSettingsService) -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe ()
SRV - (MobilityService) -- C:\Acer\Mobility Center\MobilityService.exe ()
SRV - (eLockService) -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe (Acer Inc.)
SRV - (WMIService) -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe (acer)
SRV - (ALaunchService) -- C:\Acer\ALaunch\ALaunchSvc.exe ()
SRV - (eRecoveryService) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (Acer Inc.)
SRV - (lxda_device) -- C:\Windows\System32\lxdacoms.exe ( )
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)


========== Driver Services (SafeList) ==========

DRV - (USBModem) -- system32\DRIVERS\lgusbmodem.sys File not found
DRV - (UsbDiag) -- system32\DRIVERS\lgusbdiag.sys File not found
DRV - (usbbus) -- system32\DRIVERS\lgusbbus.sys File not found
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (TelekomNM3) -- C:\Programme\Netzmanager\NMInfraIS2\Driver\TelekomNM3.sys (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (winusb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (ACEDRV07) -- C:\Windows\System32\drivers\ACEDRV07.sys (Protect Software GmbH)
DRV - (UsbserFilt) -- C:\Windows\System32\drivers\usbser_lowerfltj.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (nmwcdc) -- C:\Windows\System32\drivers\ccdcmbo.sys (Nokia)
DRV - (upperdev) -- C:\Windows\System32\drivers\usbser_lowerflt.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (nmwcd) -- C:\Windows\System32\drivers\ccdcmb.sys (Nokia)
DRV - (fwlanusbn) -- C:\Windows\System32\drivers\fwlanusbn.sys (AVM GmbH)
DRV - (avmeject) -- C:\Windows\System32\drivers\avmeject.sys (AVM Berlin)
DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (int15) -- C:\Acer\Empowering Technology\eRecovery\int15.sys (Acer, Inc.)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (DritekPortIO) -- C:\Programme\Launch Manager\DPortIO.sys (Dritek System Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.intl.acer.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.intl.acer.yahoo.com
IE - HKLM\..\URLSearchHook: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Programme\MyAshampoo\prxtbMyA2.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2475029


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3438887808-3780490940-1782055248-1000\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = about:blank
IE - HKU\S-1-5-21-3438887808-3780490940-1782055248-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.web.de/br/ie9_startpage
IE - HKU\S-1-5-21-3438887808-3780490940-1782055248-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-3438887808-3780490940-1782055248-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3438887808-3780490940-1782055248-1000\..\URLSearchHook: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Programme\MyAshampoo\prxtbMyA2.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-3438887808-3780490940-1782055248-1000\..\URLSearchHook: {E634228A-03CF-4BC8-B0AB-668257F1FD8C} - C:\Programme\FreeRIP Toolbar\IE\7.0\freeripToolbarIE.dll (Spigot, Inc.)
IE - HKU\S-1-5-21-3438887808-3780490940-1782055248-1000\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-3438887808-3780490940-1782055248-1000\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-3438887808-3780490940-1782055248-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3438887808-3780490940-1782055248-1000\..\SearchScopes\{09038620-190C-402B-A92F-18864E6AB22F}: "URL" = hxxp://go.1und1.de/br/ie9_search_web/?su={searchTerms}
IE - HKU\S-1-5-21-3438887808-3780490940-1782055248-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://www.delta-search.com/?q={searchTerms}&affID=119528&babsrc=SP_ss&mntrId=90510165000000000000001fe1a5795e
IE - HKU\S-1-5-21-3438887808-3780490940-1782055248-1000\..\SearchScopes\{40064957-18EB-412d-9146-3F57E8D92EEC}: "URL" = hxxp://go.web.de/br/ie9_search_pic/?su={searchTerms}
IE - HKU\S-1-5-21-3438887808-3780490940-1782055248-1000\..\SearchScopes\{52BF31C9-3282-4A5C-A778-28443656EA0F}: "URL" = hxxp://go.web.de/br/ie8_search_amazon/?keywords={searchTerms}
IE - HKU\S-1-5-21-3438887808-3780490940-1782055248-1000\..\SearchScopes\{5A817CF6-92D5-4DE5-AC38-82DF8A73EF28}: "URL" = hxxp://go.gmx.net/br/ie9_search_web/?su={searchTerms}
IE - HKU\S-1-5-21-3438887808-3780490940-1782055248-1000\..\SearchScopes\{6B1D1FB7-7233-4F7C-802C-21A1DDB12754}: "URL" = hxxp://go.web.de/br/ie9_search_web/?su={searchTerms}
IE - HKU\S-1-5-21-3438887808-3780490940-1782055248-1000\..\SearchScopes\{7E3E102D-8AA1-41B1-AC7C-727676868C44}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=386496&p={searchTerms}
IE - HKU\S-1-5-21-3438887808-3780490940-1782055248-1000\..\SearchScopes\{81CE708B-5104-4C62-B333-94B417473B29}: "URL" = hxxp://go.mail.com/br/ie8_search_web/?su={searchTerms}
IE - HKU\S-1-5-21-3438887808-3780490940-1782055248-1000\..\SearchScopes\{8D27B32E-89EE-460e-82D2-5FC354078EAD}: "URL" = hxxp://go.web.de/br/ie9_search_produkte/?su={searchTerms}
IE - HKU\S-1-5-21-3438887808-3780490940-1782055248-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2475029
IE - HKU\S-1-5-21-3438887808-3780490940-1782055248-1000\..\SearchScopes\{CF6AF45C-94AA-4FD5-9893-63A0F7BC7BC8}: "URL" = hxxp://go.web.de/br/ie8_search_ebay/?q={searchTerms}
IE - HKU\S-1-5-21-3438887808-3780490940-1782055248-1000\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = hxxp://mystart.incredibar.com/mb178/?search={searchTerms}&loc=IB_DS&a=6R8D5gul0x&i=26
IE - HKU\S-1-5-21-3438887808-3780490940-1782055248-1000\..\SearchScopes\{DCE59F23-A446-45a5-9459-E68FDC0DE38D}: "URL" = hxxp://go.web.de/br/ie9_search_maps/?su={searchTerms}
IE - HKU\S-1-5-21-3438887808-3780490940-1782055248-1000\..\SearchScopes\{E9F4F12C-21E9-477E-9EC7-6A1CBD2D4FA8}: "URL" = hxxp://go.web.de/br/ie8_search_web/?su={searchTerms}
IE - HKU\S-1-5-21-3438887808-3780490940-1782055248-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3438887808-3780490940-1782055248-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "My Web Search"
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.selectedEngine: "My Web Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://home.mywebsearch.com/index.jhtml?ptb=9F66AD19-1D6B-41D2-AFEC-1F72224DEAB4&n=77fcb509&p2=^XP^xdm116^YY^de&si=CLWGxO-R87YCFVDMtAodxTIARw"
FF - prefs.js..extensions.enabledAddons: %7BE6C1199F-E687-42da-8C24-E7770CC3AE66%7D:1.8.0
FF - prefs.js..extensions.enabledAddons: %7Be4a8a97b-f2ed-450b-b12d-ee082ba24781%7D:1.8
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1
FF - prefs.js..keyword.URL: "hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?st=kwd&ptb=9F66AD19-1D6B-41D2-AFEC-1F72224DEAB4&n=77fcb509&ind=2013050121&p2=^XP^xdm116^YY^de&si=CLWGxO-R87YCFVDMtAodxTIARw&searchfor="
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX OVS Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@TelevisionFanatic.com/Plugin: C:\Program Files\TelevisionFanatic\bar\1.bin\NP64Stub.dll (MindSpark)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\LinNancyUwe\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.04.14 20:44:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2010.12.18 10:51:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2010.12.18 10:51:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\Web Assistant\Firefox [2013.03.11 05:26:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}: C:\Program Files\Web Assistant\Firefox [2013.03.11 05:26:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\64ffxtbr@TelevisionFanatic.com: C:\Program Files\TelevisionFanatic\bar\1.bin [2013.04.30 21:48:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.04.21 22:05:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.04.14 20:44:06 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{58bd07eb-0ee0-4df0-8121-dc9b693373df}: C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension [2013.02.10 19:13:23 | 000,000,000 | ---D | M]

[2010.05.02 15:00:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\LinNancyUwe\AppData\Roaming\mozilla\Extensions
[2010.05.02 15:00:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\LinNancyUwe\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2013.05.01 21:23:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\LinNancyUwe\AppData\Roaming\mozilla\Firefox\Profiles\czto7yrt.default\extensions
[2013.04.30 21:42:40 | 000,000,000 | ---D | M] (TelevisionFanatic) -- C:\Users\LinNancyUwe\AppData\Roaming\mozilla\Firefox\Profiles\czto7yrt.default\extensions\64ffxtbr@TelevisionFanatic.com
[2013.03.17 17:56:03 | 000,269,007 | ---- | M] () (No name found) -- C:\Users\LinNancyUwe\AppData\Roaming\mozilla\firefox\profiles\czto7yrt.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
[2013.03.17 17:37:30 | 000,014,714 | ---- | M] () (No name found) -- C:\Users\LinNancyUwe\AppData\Roaming\mozilla\firefox\profiles\czto7yrt.default\extensions\{E6C1199F-E687-42da-8C24-E7770CC3AE66}.xpi
[2013.04.30 21:48:30 | 000,009,631 | ---- | M] () -- C:\Users\LinNancyUwe\AppData\Roaming\mozilla\firefox\profiles\czto7yrt.default\searchplugins\my-web-search.xml
[2013.03.17 14:58:01 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2013.04.21 22:05:53 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2013.03.07 17:45:15 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013.03.07 17:45:15 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2013.03.07 17:45:15 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2013.03.07 17:45:15 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2013.03.07 17:45:15 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2013.03.07 17:45:15 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,736 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (WEB.DE Konfiguration) - {17166733-40EA-4432-A85C-AE672FF0E236} - C:\ProgramData\1und1InternetExplorerAddon\BHOXML.dll (1&1 Mail & Media GmbH)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Programme\Web Assistant\Extension32.dll ()
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Incredibar.com Helper Object) - {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - C:\Programme\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll (Montera Technologeis LTD)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (HiTRUST)
O2 - BHO: (IMinent WebBooster (BHO)) - {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} - C:\Programme\Iminent\Iminent.WebBooster.InternetExplorer.dll (Iminent)
O2 - BHO: (MyAshampoo Toolbar) - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Programme\MyAshampoo\prxtbMyA2.dll (Conduit Ltd.)
O2 - BHO: (WEB.DE MailCheck BHO) - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Programme\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH)
O2 - BHO: (delta Helper Object) - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Programme\Delta\delta\1.8.10.0\bh\delta.dll (Delta-search.com)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (FreeRIP Toolbar) - {E634228A-03CF-4BC8-B0AB-668257F1FD8C} - C:\Programme\FreeRIP Toolbar\IE\7.0\freeripToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll File not found
O3 - HKLM\..\Toolbar: (Delta Toolbar) - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Programme\Delta\delta\1.8.10.0\deltaTlbr.dll (Delta-search.com)
O3 - HKLM\..\Toolbar: (MyAshampoo Toolbar) - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Programme\MyAshampoo\prxtbMyA2.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (WEB.DE MailCheck) - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Programme\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH)
O3 - HKLM\..\Toolbar: (FreeRIP Toolbar) - {E634228A-03CF-4BC8-B0AB-668257F1FD8C} - C:\Programme\FreeRIP Toolbar\IE\7.0\freeripToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (Incredibar Toolbar) - {F9639E4A-801B-4843-AEE3-03D9DA199E77} - C:\Programme\Incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll (Montera Technologeis LTD)
O3 - HKU\S-1-5-21-3438887808-3780490940-1782055248-1000\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll File not found
O3 - HKU\S-1-5-21-3438887808-3780490940-1782055248-1000\..\Toolbar\WebBrowser: (MyAshampoo Toolbar) - {A1E75A0E-4397-4BA8-BB50-E19FB66890F4} - C:\Programme\MyAshampoo\prxtbMyA2.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-3438887808-3780490940-1782055248-1000\..\Toolbar\WebBrowser: (WEB.DE MailCheck) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Programme\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe File not found
O4 - HKLM..\Run: [ALaunch] C:\Acer\ALaunch\AlaunchClient.exe File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [DivX Download Manager] C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe (DivX, LLC)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated)
O4 - HKLM..\Run: [eRecoveryService] File not found
O4 - HKLM..\Run: [hpqSRMon] File not found
O4 - HKLM..\Run: [Iminent] C:\Program Files\Iminent\Iminent.exe (Iminent)
O4 - HKLM..\Run: [IminentMessenger] C:\Programme\Iminent\Iminent.Messengers.exe (Iminent)
O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [MailCheck IE Broker] C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe (1und1 Mail und Media GmbH)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - HKLM..\Run: [SetPanel] C:\Acer\APanel\APanel.cmd File not found
O4 - HKLM..\Run: [Smart File Advisor] C:\Program Files\Smart File Advisor\sfa.exe (Filefacts.net)
O4 - HKLM..\Run: [TelevisionFanatic Search Scope Monitor] C:\Programme\TelevisionFanatic\bar\1.bin\64SrchMn.exe (MindSpark)
O4 - HKLM..\Run: [WarReg_PopUp] C:\Programme\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Incorporated)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-3438887808-3780490940-1782055248-1000..\Run: [905101ca] rundll32.exe "C:\Users\LINNAN~1\AppData\Local\Temp\jlxdxwja.dll",b File not found
O4 - HKU\S-1-5-21-3438887808-3780490940-1782055248-1000..\Run: [cmds] rundll32.exe C:\Users\LINNAN~1\AppData\Local\Temp\pmnmjJYr.dll,c File not found
O4 - HKU\S-1-5-21-3438887808-3780490940-1782055248-1000..\Run: [ctfmon.exe] C:\ProgramData\rlofoa.dat (Microsoft Corporation)
O4 - HKU\S-1-5-21-3438887808-3780490940-1782055248-1000..\Run: [EWABQAF7KL] C:\Users\LinNancyUwe\AppData\Local\Temp\Bbu.exe File not found
O4 - HKU\S-1-5-21-3438887808-3780490940-1782055248-1000..\Run: [Hyycu] C:\Users\LinNancyUwe\AppData\Roaming\Ydyn\xuuq.exe File not found
O4 - HKU\S-1-5-21-3438887808-3780490940-1782055248-1000..\Run: [MSServer] rundll32.exe C:\Users\LINNAN~1\AppData\Local\Temp\xxyYOiIB.dll,#1 File not found
O4 - HKU\S-1-5-21-3438887808-3780490940-1782055248-1000..\Run: [Spiele Post] C:\Program Files\OXXOGames\GPlayer\GameCenterNotifier.exe File not found
O4 - HKU\S-1-5-21-3438887808-3780490940-1782055248-1000..\Run: [UBC5AB1IDP] C:\Users\LINNAN~1\AppData\Local\Temp\Bbz.exe File not found
O4 - HKU\S-1-5-21-3438887808-3780490940-1782055248-1000..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [SPUpdSentinel] C:\Program Files\Common Files\Umbrella\umbrella_bkp.exe (Iminent)
O4 - Startup: C:\Users\LinNancyUwe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Netzmanager.lnk = C:\Programme\Netzmanager\netzmanager.exe (Deutsche Telekom AG)
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-3438887808-3780490940-1782055248-1000\Software\Policies\Microsoft\Internet Explorer\Recovery present
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - %SystemRoot%\System32\winrnr.dll File not found
O13 - gopher Prefix: missing
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{45741D7D-8C6C-48E5-9E37-D729D5B459CC}: NameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BC2C1E82-C41A-4C02-A68C-D91BF5A0EBB3}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F6178BEA-00B2-4DA0-8444-52FBB445F204}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\webde {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Programme\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (c:\progra~2\browse~1\261095~1.52\{c16c1~1\browse~1.dll) - c:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll ()
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\LinNancyUwe\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\LinNancyUwe\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{5f0c5a6c-f259-11df-ad3c-001eec502328}\Shell - "" = AutoRun
O33 - MountPoints2\{5f0c5a6c-f259-11df-ad3c-001eec502328}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL G:\Vertriebsportal.exe
O33 - MountPoints2\{f2f7b056-7f95-11dd-a024-8cf8afea5608}\Shell - "" = AutoRun
O33 - MountPoints2\{f2f7b056-7f95-11dd-a024-8cf8afea5608}\Shell\AutoRun\command - "" = F:\pushinst.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013.05.15 04:26:19 | 000,147,456 | ---- | C] (Microsoft Corporation) -- C:\ProgramData\rlofoa.dat
[2013.05.15 04:26:19 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\ProgramData\rundll32.exe
[2013.05.15 01:07:49 | 017,613,192 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerInstaller.exe
[2013.05.13 21:31:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\dtp
[2013.05.09 20:48:55 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2013.05.09 20:43:45 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013.05.09 20:43:45 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2013.05.09 20:43:45 | 000,094,112 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013.05.02 22:03:18 | 000,000,000 | ---D | C] -- C:\Users\LinNancyUwe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FTDownloader.com
[2013.04.30 21:48:31 | 000,000,000 | ---D | C] -- C:\Users\LinNancyUwe\AppData\Local\TelevisionFanatic
[2013.04.30 21:48:20 | 000,000,000 | ---D | C] -- C:\Program Files\TelevisionFanatic
[2 C:\Users\LinNancyUwe\Documents\*.tmp files -> C:\Users\LinNancyUwe\Documents\*.tmp -> ]
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013.05.16 21:41:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.05.16 21:10:45 | 095,023,320 | ---- | M] () -- C:\ProgramData\aofolr.pad
[2013.05.16 20:49:50 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.05.16 20:49:50 | 000,000,310 | -H-- | M] () -- C:\Windows\tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job
[2013.05.16 20:49:46 | 000,000,310 | -H-- | M] () -- C:\Windows\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2013.05.16 20:49:41 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013.05.16 20:49:41 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013.05.15 18:20:04 | 000,344,360 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.05.15 16:48:00 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.05.15 16:01:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.05.15 04:52:15 | 000,002,634 | ---- | M] () -- C:\ProgramData\aofolr.js
[2013.05.15 04:26:19 | 000,147,456 | ---- | M] (Microsoft Corporation) -- C:\ProgramData\rlofoa.dat
[2013.05.15 04:26:19 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\ProgramData\rundll32.exe
[2013.05.15 01:08:01 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013.05.15 01:08:01 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013.05.15 01:07:50 | 017,613,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerInstaller.exe
[2013.05.11 20:52:39 | 000,135,168 | ---- | M] () -- C:\Users\LinNancyUwe\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013.05.08 07:13:22 | 000,019,074 | ---- | M] () -- C:\Users\LinNancyUwe\2013-05-08.hrf
[2013.05.03 21:38:35 | 000,018,275 | ---- | M] () -- C:\Users\LinNancyUwe\2013-05-03.hrf
[2013.05.02 22:03:18 | 000,000,663 | ---- | M] () -- C:\Users\LinNancyUwe\Desktop\FTDownloader.lnk
[2013.05.02 02:06:08 | 000,238,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2013.05.01 12:33:29 | 000,018,919 | ---- | M] () -- C:\Users\LinNancyUwe\2013-05-01.hrf
[2013.04.26 18:17:37 | 000,018,701 | ---- | M] () -- C:\Users\LinNancyUwe\2013-04-26.hrf
[2013.04.24 18:04:50 | 000,018,878 | ---- | M] () -- C:\Users\LinNancyUwe\2013-04-24.hrf
[2013.04.19 21:43:38 | 000,018,709 | ---- | M] () -- C:\Users\LinNancyUwe\2013-04-19.hrf
[2 C:\Users\LinNancyUwe\Documents\*.tmp files -> C:\Users\LinNancyUwe\Documents\*.tmp -> ]
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013.05.15 04:52:03 | 000,002,634 | ---- | C] () -- C:\ProgramData\aofolr.js
[2013.05.15 04:26:28 | 095,023,320 | ---- | C] () -- C:\ProgramData\aofolr.pad
[2013.05.08 07:13:22 | 000,019,074 | ---- | C] () -- C:\Users\LinNancyUwe\2013-05-08.hrf
[2013.05.03 21:38:35 | 000,018,275 | ---- | C] () -- C:\Users\LinNancyUwe\2013-05-03.hrf
[2013.05.02 22:03:18 | 000,000,663 | ---- | C] () -- C:\Users\LinNancyUwe\Desktop\FTDownloader.lnk
[2013.05.01 12:33:29 | 000,018,919 | ---- | C] () -- C:\Users\LinNancyUwe\2013-05-01.hrf
[2013.04.26 18:17:37 | 000,018,701 | ---- | C] () -- C:\Users\LinNancyUwe\2013-04-26.hrf
[2013.04.24 18:04:50 | 000,018,878 | ---- | C] () -- C:\Users\LinNancyUwe\2013-04-24.hrf
[2013.04.19 21:43:38 | 000,018,709 | ---- | C] () -- C:\Users\LinNancyUwe\2013-04-19.hrf
[2013.04.16 17:24:06 | 000,018,709 | ---- | C] () -- C:\Users\LinNancyUwe\2013-04-16.hrf
[2013.04.13 09:25:36 | 000,018,684 | ---- | C] () -- C:\Users\LinNancyUwe\2013-04-13.hrf
[2013.04.09 19:06:53 | 000,018,688 | ---- | C] () -- C:\Users\LinNancyUwe\2013-04-09.hrf
[2013.04.05 19:00:17 | 000,018,865 | ---- | C] () -- C:\Users\LinNancyUwe\2013-04-05.hrf
[2013.04.02 17:59:43 | 000,018,867 | ---- | C] () -- C:\Users\LinNancyUwe\2013-04-02.hrf
[2013.03.29 08:52:06 | 000,018,690 | ---- | C] () -- C:\Users\LinNancyUwe\2013-03-29.hrf
[2013.03.26 17:46:05 | 000,018,688 | ---- | C] () -- C:\Users\LinNancyUwe\2013-03-26.hrf
[2013.03.24 13:50:56 | 000,018,687 | ---- | C] () -- C:\Users\LinNancyUwe\2013-03-24.hrf
[2013.03.23 11:27:59 | 000,018,867 | ---- | C] () -- C:\Users\LinNancyUwe\2013-03-23.hrf
[2013.03.20 05:28:29 | 000,018,652 | ---- | C] () -- C:\Users\LinNancyUwe\2013-03-20.hrf
[2013.03.15 22:18:48 | 000,018,136 | ---- | C] () -- C:\Users\LinNancyUwe\2013-03-15.hrf
[2013.03.12 18:33:44 | 000,018,132 | ---- | C] () -- C:\Users\LinNancyUwe\2013-03-12.hrf
[2013.03.11 05:28:18 | 001,008,496 | ---- | C] () -- C:\Windows\System32\dmwu.exe
[2013.03.11 05:28:18 | 000,028,160 | ---- | C] () -- C:\Windows\System32\ImHttpComm.dll
[2013.03.09 10:32:48 | 000,018,125 | ---- | C] () -- C:\Users\LinNancyUwe\2013-03-09.hrf
[2013.03.05 21:23:05 | 000,018,313 | ---- | C] () -- C:\Users\LinNancyUwe\2013-03-05.hrf
[2013.03.01 19:35:46 | 000,018,309 | ---- | C] () -- C:\Users\LinNancyUwe\2013-03-01.hrf
[2013.02.26 21:14:29 | 000,018,135 | ---- | C] () -- C:\Users\LinNancyUwe\2013-02-26.hrf
[2013.02.22 19:53:13 | 000,018,146 | ---- | C] () -- C:\Users\LinNancyUwe\2013-02-22.hrf
[2013.02.19 19:40:10 | 000,018,148 | ---- | C] () -- C:\Users\LinNancyUwe\2013-02-19.hrf
[2013.02.14 20:55:34 | 000,000,127 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2013.02.07 05:39:25 | 000,948,708 | ---- | C] () -- C:\ProgramData\d7nCbVM.pad
[2012.09.29 10:58:27 | 000,178,710 | ---- | C] () -- C:\Windows\hpoins27.dat.temp
[2012.09.29 10:58:27 | 000,000,932 | ---- | C] () -- C:\Windows\hpomdl27.dat.temp
[2012.05.20 21:36:19 | 000,000,000 | ---- | C] () -- C:\Users\LinNancyUwe\AppData\Roaming\MafiaSetup.exe
[2012.05.20 21:23:54 | 000,002,140 | ---- | C] () -- C:\Users\LinNancyUwe\steuernancy.elfo
[2012.05.20 21:22:35 | 000,015,613 | ---- | C] () -- C:\Users\LinNancyUwe\2012-05-04.hrf
[2012.05.20 21:22:35 | 000,015,613 | ---- | C] () -- C:\Users\LinNancyUwe\2012-04-24.hrf
[2012.05.20 21:22:35 | 000,015,611 | ---- | C] () -- C:\Users\LinNancyUwe\2012-04-27.hrf
[2012.05.20 21:22:35 | 000,015,608 | ---- | C] () -- C:\Users\LinNancyUwe\2012-04-09.hrf
[2012.05.20 21:22:35 | 000,015,604 | ---- | C] () -- C:\Users\LinNancyUwe\2012-05-02.hrf
[2012.05.20 21:22:35 | 000,015,600 | ---- | C] () -- C:\Users\LinNancyUwe\2012-04-02.hrf
[2012.05.20 21:22:35 | 000,015,598 | ---- | C] () -- C:\Users\LinNancyUwe\2012-04-13.hrf
[2012.05.20 21:22:35 | 000,015,597 | ---- | C] () -- C:\Users\LinNancyUwe\2012-04-17.hrf
[2012.05.20 21:22:35 | 000,015,596 | ---- | C] () -- C:\Users\LinNancyUwe\2012-03-26.hrf
[2012.05.20 21:22:35 | 000,015,581 | ---- | C] () -- C:\Users\LinNancyUwe\2012-03-23.hrf
[2012.05.20 21:22:35 | 000,000,020 | ---- | C] () -- C:\Users\LinNancyUwe\ho.dir
[2012.05.20 21:22:34 | 000,016,094 | ---- | C] () -- C:\Users\LinNancyUwe\2011-11-30.hrf
[2012.05.20 21:22:34 | 000,016,091 | ---- | C] () -- C:\Users\LinNancyUwe\2011-12-02.hrf
[2012.05.20 21:22:34 | 000,016,025 | ---- | C] () -- C:\Users\LinNancyUwe\2012-02-13.hrf
[2012.05.20 21:22:34 | 000,015,627 | ---- | C] () -- C:\Users\LinNancyUwe\2011-12-16.hrf
[2012.05.20 21:22:34 | 000,015,622 | ---- | C] () -- C:\Users\LinNancyUwe\2011-12-30.hrf
[2012.05.20 21:22:34 | 000,015,622 | ---- | C] () -- C:\Users\LinNancyUwe\2011-12-27.hrf
[2012.05.20 21:22:34 | 000,015,621 | ---- | C] () -- C:\Users\LinNancyUwe\2011-12-06.hrf
[2012.05.20 21:22:34 | 000,015,619 | ---- | C] () -- C:\Users\LinNancyUwe\2011-12-23.hrf
[2012.05.20 21:22:34 | 000,015,618 | ---- | C] () -- C:\Users\LinNancyUwe\2011-12-20.hrf
[2012.05.20 21:22:34 | 000,015,615 | ---- | C] () -- C:\Users\LinNancyUwe\2011-12-10.hrf
[2012.05.20 21:22:34 | 000,015,613 | ---- | C] () -- C:\Users\LinNancyUwe\2012-01-10.hrf
[2012.05.20 21:22:34 | 000,015,611 | ---- | C] () -- C:\Users\LinNancyUwe\2012-01-13.hrf
[2012.05.20 21:22:34 | 000,015,611 | ---- | C] () -- C:\Users\LinNancyUwe\2011-12-12.hrf
[2012.05.20 21:22:34 | 000,015,608 | ---- | C] () -- C:\Users\LinNancyUwe\2012-01-17.hrf
[2012.05.20 21:22:34 | 000,015,604 | ---- | C] () -- C:\Users\LinNancyUwe\2012-01-03.hrf
[2012.05.20 21:22:34 | 000,015,602 | ---- | C] () -- C:\Users\LinNancyUwe\2012-01-31.hrf
[2012.05.20 21:22:34 | 000,015,600 | ---- | C] () -- C:\Users\LinNancyUwe\2012-02-03.hrf
[2012.05.20 21:22:34 | 000,015,599 | ---- | C] () -- C:\Users\LinNancyUwe\2012-01-27.hrf
[2012.05.20 21:22:34 | 000,015,595 | ---- | C] () -- C:\Users\LinNancyUwe\2012-01-20.hrf
[2012.05.20 21:22:34 | 000,015,593 | ---- | C] () -- C:\Users\LinNancyUwe\2012-01-06.hrf
[2012.05.20 21:22:34 | 000,015,590 | ---- | C] () -- C:\Users\LinNancyUwe\2012-02-07.hrf
[2012.05.20 21:22:34 | 000,015,590 | ---- | C] () -- C:\Users\LinNancyUwe\2012-01-23.hrf
[2012.05.20 21:22:34 | 000,015,581 | ---- | C] () -- C:\Users\LinNancyUwe\2012-03-05.hrf
[2012.05.20 21:22:34 | 000,015,580 | ---- | C] () -- C:\Users\LinNancyUwe\2012-03-16.hrf
[2012.05.20 21:22:34 | 000,015,578 | ---- | C] () -- C:\Users\LinNancyUwe\2012-03-19.hrf
[2012.05.20 21:22:34 | 000,015,578 | ---- | C] () -- C:\Users\LinNancyUwe\2012-03-12.hrf
[2012.05.20 21:22:34 | 000,015,573 | ---- | C] () -- C:\Users\LinNancyUwe\2012-02-20.hrf
[2012.05.20 21:22:34 | 000,015,572 | ---- | C] () -- C:\Users\LinNancyUwe\2012-03-02.hrf
[2012.05.20 21:22:34 | 000,015,571 | ---- | C] () -- C:\Users\LinNancyUwe\2012-03-09.hrf
[2012.05.20 21:22:34 | 000,015,571 | ---- | C] () -- C:\Users\LinNancyUwe\2012-02-28.hrf
[2012.05.20 21:22:34 | 000,015,559 | ---- | C] () -- C:\Users\LinNancyUwe\2012-02-25.hrf
[2012.05.20 21:22:34 | 000,015,154 | ---- | C] () -- C:\Users\LinNancyUwe\2011-10-31.hrf
[2012.05.20 21:22:34 | 000,014,965 | ---- | C] () -- C:\Users\LinNancyUwe\2012-02-10.hrf
[2012.04.29 21:46:47 | 000,577,536 | ---- | C] () -- C:\Windows\System32\ChilkatCsv.dll
[2011.11.14 21:46:50 | 000,225,280 | ---- | C] () -- C:\Windows\System32\sdl.dll
[2011.09.28 20:51:47 | 000,001,492 | ---- | C] () -- C:\ProgramData\ss.ini
[2010.02.07 23:18:59 | 000,001,356 | ---- | C] () -- C:\Users\LinNancyUwe\AppData\Local\d3d9caps.dat
[2009.09.28 14:19:38 | 000,004,096 | ---- | C] () -- C:\Users\LinNancyUwe\AppData\Local\locked-keyfile3.drm.dfgq
[2008.09.27 14:21:28 | 000,000,310 | ---- | C] () -- C:\Users\LinNancyUwe\AppData\Roaming\wklnhst.dat
[2008.09.23 06:10:35 | 000,001,105 | ---- | C] () -- C:\Users\LinNancyUwe\Recent - Verknüpfung.lnk
[2008.09.17 19:36:03 | 000,135,168 | ---- | C] () -- C:\Users\LinNancyUwe\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2002.08.13 17:04:12 | 000,217,088 | ---- | C] () -- C:\Users\LinNancyUwe\AppData\Roaming\locked-MafiaSetup.exe.nvfp

========== ZeroAccess Check ==========

[2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
"ThreadingModel" = Both
"" = C:\$Recycle.Bin\S-1-5-21-3438887808-3780490940-1782055248-1000\$d8b5e6c5668795ced4d988d967e866f1\n.

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 08:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012.05.20 21:37:28 | 000,000,000 | -HSD | M] -- C:\Users\LinNancyUwe\AppData\Roaming\.#
[2011.07.28 05:01:53 | 000,000,000 | ---D | M] -- C:\Users\LinNancyUwe\AppData\Roaming\1&1 Mail & Media GmbH
[2012.05.20 21:37:28 | 000,000,000 | ---D | M] -- C:\Users\LinNancyUwe\AppData\Roaming\Acer GameZone Console
[2012.11.06 22:51:15 | 000,000,000 | ---D | M] -- C:\Users\LinNancyUwe\AppData\Roaming\Alawar Stargaze
[2013.02.22 21:25:08 | 000,000,000 | ---D | M] -- C:\Users\LinNancyUwe\AppData\Roaming\Ashampoo
[2009.10.28 21:49:07 | 000,000,000 | ---D | M] -- C:\Users\LinNancyUwe\AppData\Roaming\Awem
[2013.02.10 19:03:12 | 000,000,000 | ---D | M] -- C:\Users\LinNancyUwe\AppData\Roaming\Babylon
[2008.09.29 22:02:45 | 000,000,000 | ---D | M] -- C:\Users\LinNancyUwe\AppData\Roaming\Big Fish Games
[2009.03.08 21:16:02 | 000,000,000 | ---D | M] -- C:\Users\LinNancyUwe\AppData\Roaming\Buhl Data Service
[2013.03.26 22:11:19 | 000,000,000 | ---D | M] -- C:\Users\LinNancyUwe\AppData\Roaming\calibre
[2013.03.12 22:29:34 | 000,000,000 | ---D | M] -- C:\Users\LinNancyUwe\AppData\Roaming\Canneverbe Limited
[2011.08.10 08:29:27 | 000,000,000 | ---D | M] -- C:\Users\LinNancyUwe\AppData\Roaming\DAEMON Tools Lite
[2013.02.10 19:12:52 | 000,000,000 | ---D | M] -- C:\Users\LinNancyUwe\AppData\Roaming\Delta
[2010.12.29 18:14:00 | 000,000,000 | ---D | M] -- C:\Users\LinNancyUwe\AppData\Roaming\DTgrafic
[2010.03.27 15:38:03 | 000,000,000 | ---D | M] -- C:\Users\LinNancyUwe\AppData\Roaming\elsterformular
[2012.12.17 21:26:22 | 000,000,000 | ---D | M] -- C:\Users\LinNancyUwe\AppData\Roaming\Enlightenus2SE_BFG
[2012.11.06 08:01:15 | 000,000,000 | ---D | M] -- C:\Users\LinNancyUwe\AppData\Roaming\Espow
[2008.09.14 21:15:45 | 000,000,000 | ---D | M] -- C:\Users\LinNancyUwe\AppData\Roaming\FloodLightGames
[2012.05.20 21:37:26 | 000,000,000 | ---D | M] -- C:\Users\LinNancyUwe\AppData\Roaming\FRITZ!
[2011.02.20 17:19:52 | 000,000,000 | ---D | M] -- C:\Users\LinNancyUwe\AppData\Roaming\GetRightToGo
[2012.05.20 21:37:25 | 000,000,000 | ---D | M] -- C:\Users\LinNancyUwe\AppData\Roaming\gsak
[2012.05.20 21:37:25 | 000,000,000 | ---D | M] -- C:\Users\LinNancyUwe\AppData\Roaming\GTM_Bodie
[2009.10.27 21:19:24 | 000,000,000 | ---D | M] -- C:\Users\LinNancyUwe\AppData\Roaming\HdO Adventure
[2012.10.15 21:49:59 | 000,000,000 | ---D | M] -- C:\Users\LinNancyUwe\AppData\Roaming\Hovut
[2013.02.10 19:25:48 | 000,000,000 | ---D | M] -- C:\Users\LinNancyUwe\AppData\Roaming\Iminent
[2013.03.03 12:07:52 | 000,000,000 | ---D | M] -- C:\Users\LinNancyUwe\AppData\Roaming\IsolatedStorage
[2010.12.18 10:51:41 | 000,000,000 | ---D | M] -- C:\Users\LinNancyUwe\AppData\Roaming\Local
[2013.02.16 14:05:22 | 000,000,000 | ---D | M] -- C:\Users\LinNancyUwe\AppData\Roaming\Lonely Troops
[2010.12.20 16:29:03 | 000,000,000 | ---D | M] -- C:\Users\LinNancyUwe\AppData\Roaming\map&guide
[2012.12.28 14:24:29 | 000,000,000 | ---D | M] -- C:\Users\LinNancyUwe\AppData\Roaming\Merscom
[2011.08.12 12:36:56 | 000,000,000 | ---D | M] -- C:\Users\LinNancyUwe\AppData\Roaming\My Games
[2012.11.08 22:11:58 | 000,000,000 | ---D | M] -- C:\Users\LinNancyUwe\AppData\Roaming\Old Castle
[2010.12.18 17:17:23 | 000,000,000 | ---D | M] -- C:\Users\LinNancyUwe\AppData\Roaming\Opera
[2012.05.20 21:36:21 | 000,000,000 | ---D | M] -- C:\Users\LinNancyUwe\AppData\Roaming\phonostar-Player
[2012.12.30 15:13:09 | 000,000,000 | ---D | M] -- C:\Users\LinNancyUwe\AppData\Roaming\PopCapv1006
[2009.10.30 21:59:44 | 000,000,000 | ---D | M] -- C:\Users\LinNancyUwe\AppData\Roaming\Princess Isabella
[2012.05.20 21:36:21 | 000,000,000 | ---D | M] -- C:\Users\LinNancyUwe\AppData\Roaming\RobinsonCrusoeCER
[2013.02.10 14:47:28 | 000,000,000 | ---D | M] -- C:\Users\LinNancyUwe\AppData\Roaming\Systweak
[2010.12.14 21:52:25 | 000,000,000 | ---D | M] -- C:\Users\LinNancyUwe\AppData\Roaming\T-Online
[2013.03.28 15:57:29 | 000,000,000 | ---D | M] -- C:\Users\LinNancyUwe\AppData\Roaming\TeamViewer
[2008.09.27 14:21:42 | 000,000,000 | ---D | M] -- C:\Users\LinNancyUwe\AppData\Roaming\Template
[2011.08.17 20:43:26 | 000,000,000 | ---D | M] -- C:\Users\LinNancyUwe\AppData\Roaming\TitanicMystery
[2010.05.02 15:00:38 | 000,000,000 | ---D | M] -- C:\Users\LinNancyUwe\AppData\Roaming\TomTom
[2012.05.05 16:29:31 | 000,000,000 | ---D | M] -- C:\Users\LinNancyUwe\AppData\Roaming\Txan
[2011.02.12 09:23:21 | 000,000,000 | ---D | M] -- C:\Users\LinNancyUwe\AppData\Roaming\uniblue
[2011.09.19 21:06:25 | 000,000,000 | ---D | M] -- C:\Users\LinNancyUwe\AppData\Roaming\VistaCodecs
[2012.10.22 20:49:47 | 000,000,000 | ---D | M] -- C:\Users\LinNancyUwe\AppData\Roaming\Ydyn
[2009.10.23 21:17:49 | 000,000,000 | ---D | M] -- C:\Users\LinNancyUwe\AppData\Roaming\Zylom

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:FEBEC560
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:9F683177
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:E1F04E8D
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:C95B63DA
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:8173A019
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:8AB6C1D7
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:861A898F
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:4F636E25
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:580E04D8

< End of report >

Hallo und :hallo:

Funktioniert dieser abgesicherte Modus uneingeschärnkt, d.h. auch mit Internetverbindung?

Hm, was ist denn das? Kennst du das Programm Vertriebsportal.exe?

Guten Morgen,

Danke für die schnelle Antwort.

Im abgesicherten Modus funktioniert alles einwandfrei. Da gibt keinerlei Probleme.

Die Liese.

Bitte die andere Frage auch beantworten, danke

Hallo,

Vertriebsportal sagt mir überhaupt nix.

Beste Grüße

Die Liese

Dann bitte jetzt Combofix ausführen:

Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

• WICHTIG: Speichere Combofix auf deinem Desktop.
• Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
• Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
• Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
• Wenn Combofix fertig ist, wird es ein Logfile erstellen.
• Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

starte den Rechner einfach neu. Dies sollte das Problem beheben.

Hallo,
im Anhang findest Du die Log.txt.

Die Liese.

Combofix-Skript

WARNUNG für die MITLESER:
Folgendes ComboFix Skript ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!

• Lösche die vorhandene Combofix.exe von deinem Desktop und lade das Programm von folgenden Download-Spiegel neu herunter: Link
• Speichere es erneut auf dem Desktop (nicht woanders hin, das ist wichtig)!
• Drücke die Windows + R Taste --> notepad (hinein schreiben) --> OK
• Kopiere nun den Text aus der folgenden Codebox komplett in das leere Textdokument.
  
  Code:

  ---

  File::
c:\programdata\aofolr.js
c:\users\LinNancyUwe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk

  ---

  Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
• Speichere dies als CFScript.txt auf deinem Desktop.
• Wichtig: Stelle deine Anti Viren Software temporär ab. Dies kann ComboFix nämlich bei der Arbeit behindern.
  Danach wieder anstellen nicht vergessen!
• Schließe alle laufenden Programme damit ComboFix ungehindert arbeiten kann.
• Ziehe CFScript.txt in die ComboFix.exe wie in diesem Bild:
  
  
• Mache nichts am Computer, bewege nicht die Maus über das ComboFix-Fenster oder klicke in dieses hinein. Dies kann dazu führen, dass ComboFix sich aufhängt.
• Wenn ComboFix fertig ist wird es ein Log erstellen: C:\ComboFix.txt
  Bitte füge es hier als Antwort (in CODE-Tags mit dem #-Button des Editors) ein.

Hinweis:
Suspect:: und Collect::
Falls im Skript diese Anweisungen enthalten sind, sollen Dateien zur Analyse eingeschickt werden. Es erscheint eine Message-Box, nachdem Combofix fertig ist. Klicke OK und folge den Aufforderungen/Anweisungen, um die Dateien hochzuladen. Teile mir unbedingt mit, ob der Upload geklappt hat!