gvu trojanar auf pc (WIN7ultimate)
hallo Trojaner-board team
leider auf Pc gvu trojanar eingefangen.dann pc mit der OTLPE CD startet und gescant.poste hier dann OTL.Txt Code:
OTL logfile created on: 9/5/2013 6:16:35 PM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Windows 7 Ultimate Service Pack 1 (Version = 6.1.7601) - Type = System
Internet Explorer (Version = 9.10.9200.16660)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 87.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = E: | %SystemRoot% = E:\Windows | %ProgramFiles% = E:\Program Files
Drive C: | 100.00 Mb Total Space | 74.15 Mb Free Space | 74.16% Space Free | Partition Type: NTFS
Drive E: | 465.66 Gb Total Space | 299.82 Gb Free Space | 64.39% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
========== Win32 Services (SafeList) ==========
SRV - [2013/08/21 04:54:54 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- E:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/08/18 03:27:20 | 001,643,184 | ---- | M] (AVG Secure Search) [Auto] -- E:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe -- (vToolbarUpdater15.5.0)
SRV - [2013/06/28 08:02:04 | 001,440,080 | ---- | M] (LogMeIn Inc.) [Auto] -- E:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2013/06/21 03:53:36 | 000,162,408 | R--- | M] (Skype Technologies) [Auto] -- E:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/04/07 04:54:58 | 001,156,400 | ---- | M] () [Auto] -- E:\Windows\System32\dmwu.exe -- (IBUpdaterService)
SRV - [2013/01/29 09:28:32 | 000,188,760 | ---- | M] () [Auto] -- E:\Program Files\Web Assistant\ExtensionUpdaterService.exe -- (Web Assistant)
SRV - [2012/08/04 11:10:26 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand] -- E:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/02/03 00:16:58 | 000,172,032 | ---- | M] (AMD) [Auto] -- E:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand] -- E:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 21:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand] -- E:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2008/05/23 08:58:34 | 000,594,600 | ---- | M] ( ) [Auto] -- E:\Windows\System32\lxducoms.exe -- (lxdu_device)
SRV - [2008/05/23 08:58:22 | 000,098,984 | ---- | M] () [Auto] -- E:\Windows\System32\spool\DRIVERS\W32X86\3\\lxduserv.exe -- (lxduCATSCustConnectService)
SRV - [2007/03/06 04:35:02 | 000,198,168 | ---- | M] (InterVideo Inc.) [Auto] -- E:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe -- (Capture Device Service)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand] -- -- (VGPU)
DRV - File not found [Kernel | On_Demand] -- -- (tsusbhub)
DRV - File not found [Kernel | On_Demand] -- -- (Synth3dVsc)
DRV - File not found [Kernel | Auto] -- -- (Ca1528av)
DRV - File not found [Kernel | On_Demand] -- -- (Bulk1528)
DRV - [2013/08/18 03:27:22 | 000,037,664 | ---- | M] (AVG Technologies) [Kernel | System] -- E:\Windows\System32\drivers\avgtpx86.sys -- (avgtp)
DRV - [2010/11/20 08:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- E:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 08:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- E:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 08:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\system32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 06:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 06:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010/11/20 05:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 05:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 05:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\system32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/05/14 12:19:17 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot] -- E:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2010/05/14 11:41:15 | 000,015,781 | ---- | M] (Meetinghouse Data Communications) [Kernel | Auto] -- E:\Windows\System32\drivers\mdc8021x.sys -- (MDC8021X) AEGIS Protocol (IEEE 802.1x)
DRV - [2010/02/03 00:54:34 | 005,313,536 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- E:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2010/02/03 00:54:34 | 005,313,536 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- E:\Windows\System32\drivers\atipmdag.sys -- (amdkmdag)
DRV - [2010/02/02 23:23:42 | 000,150,016 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand] -- E:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2010/01/28 10:33:30 | 000,100,352 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand] -- E:\Windows\System32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2009/07/13 18:02:52 | 000,347,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\nvm62x32.sys -- (NVENETFD)
DRV - [2009/03/18 12:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand] -- E:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2007/05/09 15:51:34 | 000,041,888 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- E:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2007/05/09 15:47:00 | 001,276,832 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- E:\Windows\System32\drivers\LV302V32.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI)
DRV - [2007/05/09 15:46:48 | 000,014,112 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- E:\Windows\System32\drivers\lv302af.sys -- (pepifilter)
DRV - [2004/08/13 10:38:18 | 000,140,544 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand] -- E:\Windows\System32\drivers\rt2500usb.sys -- (RT2500USB)
DRV - [2004/08/13 03:56:20 | 000,005,810 | ---- | M] () [Kernel | On_Demand] -- E:\Windows\System32\drivers\ASACPI.sys -- (MTsensor)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Timur_ON_E\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.msn.com/?ocid=OIE9MSE&PC=UP09
IE - HKU\Timur_ON_E\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\Timur_ON_E\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\Timur_ON_E\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\Timur_ON_E\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 00 1E A3 66 A3 F9 CA 01 [binary data]
IE - HKU\Timur_ON_E\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Timur_ON_E\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: E:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: E:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\15.5.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: E:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: E:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: E:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: E:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: E:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\Web Assistant\Firefox [2013/03/04 13:19:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\FireFoxExt\15.5.0.2 [2013/08/18 03:30:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}: C:\Program Files\Web Assistant\Firefox [2013/03/04 13:19:34 | 000,000,000 | ---D | M]
[2012/08/29 09:35:22 | 000,000,000 | ---D | M] (No name found) -- E:\Program Files\Mozilla Firefox\extensions
O1 HOSTS File: ([2009/06/10 17:39:37 | 000,000,824 | ---- | M]) - E:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - E:\Program Files\Web Assistant\Extension32.dll ()
O2 - BHO: (Incredibar.com Helper Object) - {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - E:\Program Files\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll (Montera Technologeis LTD)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - E:\Program Files\AVG Secure Search\15.5.0.2\AVG Secure Search_toolbar.dll (AVG Secure Search)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - E:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (Lexmark ) - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - E:\Program Files\Lexmark Printable Web\bho.dll ()
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - E:\Program Files\AVG Secure Search\15.5.0.2\AVG Secure Search_toolbar.dll (AVG Secure Search)
O3 - HKLM\..\Toolbar: (Incredibar Toolbar) - {F9639E4A-801B-4843-AEE3-03D9DA199E77} - E:\Program Files\Incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll (Montera Technologeis LTD)
O4 - HKLM..\Run: [Lexmark 5600-6600 Series Fax Server] E:\Program Files\Lexmark 5600-6600 Series\fm3032.exe ()
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] E:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [lxduamon] E:\Program Files\Lexmark 5600-6600 Series\lxduamon.exe ()
O4 - HKLM..\Run: [lxdumon.exe] E:\Program Files\Lexmark 5600-6600 Series\lxdumon.exe ()
O4 - HKLM..\Run: [StartCCC] E:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [vProt] E:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKU\Timur_ON_E..\Run: [DAEMON Tools Lite] E:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\Timur_ON_E..\Run: [EADM] E:\Program Files\Origin\Origin.exe (Electronic Arts)
O4 - HKU\Timur_ON_E..\Run: [IExplorer Util] E:\Users\Timur\AppData\Roaming\ie_util.exe (The OpenSSL Project, hxxp://www.openssl.org/)
O4 - HKU\Timur_ON_E..\Run: [qcgce2mrvjq91kk1e7pnbb19m52fx] E:\Users\Timur\AppData\Local\Temp\xqynfrnkpkahourow.exe (Valve Corporation)
O4 - HKU\Timur_ON_E..\Run: [Userinit] File not found
O4 - HKU\Timur_ON_E..\Run: [Xiaxrokusy] E:\Users\Timur\AppData\Roaming\Nynucy\dysa.exe (The OpenSSL Project, hxxp://www.openssl.org/)
O4 - HKU\LocalService_ON_E..\RunOnce: [mctadmin] E:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_E..\RunOnce: [mctadmin] E:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: Error locating startup folders.
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - E:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - E:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - E:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\15.5.0\ViProtocol.dll (AVG Secure Search)
O20 - HKLM Winlogon: Shell - (explorer.exe) - E:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - E:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKU\Timur_ON_E Winlogon: Shell - (cmd.exe) - E:\Windows\System32\cmd.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - E:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2013/09/03 16:55:06 | 000,000,000 | ---D | C] -- E:\Kaspersky Rescue Disk 10.0
[2013/09/02 09:50:36 | 000,367,332 | ---- | C] (hxxp://magiclauncher.com) -- E:\Users\Timur\Desktop\MagicLauncher_1.1.7.exe
[2013/08/14 05:38:49 | 002,706,432 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\mshtml.tlb
[2013/08/14 05:38:48 | 002,877,440 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\jscript9.dll
[2013/08/14 05:38:48 | 000,690,688 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\jscript.dll
[2013/08/14 05:38:47 | 000,391,168 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\ieui.dll
[2013/08/14 05:38:47 | 000,061,440 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\iesetup.dll
[2013/08/14 05:38:47 | 000,039,936 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\jsproxy.dll
[2013/08/14 05:38:46 | 000,493,056 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\msfeeds.dll
[2013/08/14 05:38:46 | 000,109,056 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\iesysprep.dll
[2013/08/14 05:38:46 | 000,071,680 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\RegisterIEPKEYs.exe
[2013/08/14 05:38:46 | 000,042,496 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\ie4uinit.exe
[2013/08/14 05:38:46 | 000,033,280 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\iernonce.dll
[2013/08/14 04:05:03 | 003,968,960 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\ntkrnlpa.exe
[2013/08/14 04:05:03 | 003,913,664 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\ntoskrnl.exe
[2013/08/14 04:05:00 | 001,620,992 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\WMVDECOD.DLL
[2013/08/14 04:04:55 | 000,002,048 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\tzres.dll
[2013/08/14 04:04:53 | 000,918,528 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\rdpcorets.dll
[2013/07/27 03:16:10 | 000,067,072 | ---- | C] (The OpenSSL Project, hxxp://www.openssl.org/) -- E:\Users\Timur\AppData\Roaming\ie_util.exe
[2010/12/14 05:17:20 | 000,851,968 | ---- | C] ( ) -- E:\Windows\System32\lxduusb1.dll
[2010/12/14 05:17:20 | 000,438,272 | ---- | C] ( ) -- E:\Windows\System32\LXDUhcp.dll
[2010/12/14 05:17:20 | 000,364,544 | ---- | C] ( ) -- E:\Windows\System32\lxduinpa.dll
[2010/12/14 05:17:20 | 000,339,968 | ---- | C] ( ) -- E:\Windows\System32\lxduiesc.dll
[2010/12/14 05:17:19 | 001,069,056 | ---- | C] ( ) -- E:\Windows\System32\lxduserv.dll
[2010/12/14 05:17:19 | 000,651,264 | ---- | C] ( ) -- E:\Windows\System32\lxdupmui.dll
[2010/12/14 05:17:19 | 000,577,536 | ---- | C] ( ) -- E:\Windows\System32\lxdulmpm.dll
[2010/12/14 05:17:18 | 000,679,936 | ---- | C] ( ) -- E:\Windows\System32\lxduhbn3.dll
[2010/12/14 05:17:18 | 000,328,360 | ---- | C] ( ) -- E:\Windows\System32\lxduih.exe
[2010/12/14 05:17:16 | 000,765,952 | ---- | C] ( ) -- E:\Windows\System32\lxducomc.dll
[2010/12/14 05:17:16 | 000,594,600 | ---- | C] ( ) -- E:\Windows\System32\lxducoms.exe
[2010/12/14 05:17:16 | 000,376,832 | ---- | C] ( ) -- E:\Windows\System32\lxducomm.dll
[2010/12/14 05:17:16 | 000,369,320 | ---- | C] ( ) -- E:\Windows\System32\lxducfg.exe
[2 E:\Program Files\*.tmp files -> E:\Program Files\*.tmp -> ]
[1 E:\Windows\*.tmp files -> E:\Windows\*.tmp -> ]
[1 E:\Users\Timur\AppData\Roaming\*.tmp files -> E:\Users\Timur\AppData\Roaming\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2013/09/05 11:01:38 | 000,067,584 | --S- | M] () -- E:\Windows\bootstat.dat
[2013/09/05 11:01:04 | 000,001,096 | ---- | M] () -- E:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/09/05 10:54:00 | 000,000,884 | ---- | M] () -- E:\Windows\tasks\Adobe Flash Player Updater.job
[2013/09/05 10:46:13 | 000,014,192 | -H-- | M] () -- E:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/09/05 10:46:13 | 000,014,192 | -H-- | M] () -- E:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/09/05 10:42:18 | 000,654,150 | ---- | M] () -- E:\Windows\System32\perfh007.dat
[2013/09/05 10:42:18 | 000,616,032 | ---- | M] () -- E:\Windows\System32\perfh009.dat
[2013/09/05 10:42:18 | 000,106,412 | ---- | M] () -- E:\Windows\System32\perfc009.dat
[2013/09/05 10:42:17 | 000,130,022 | ---- | M] () -- E:\Windows\System32\perfc007.dat
[2013/09/05 10:38:07 | 000,001,092 | ---- | M] () -- E:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/09/05 10:38:07 | 000,000,350 | ---- | M] () -- E:\Windows\tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
[2013/09/05 10:37:55 | 1610,051,584 | -HS- | M] () -- E:\hiberfil.sys
[2013/09/03 02:20:17 | 000,393,549 | ---- | M] () -- E:\Users\Timur\AppData\Local\2433f433
[2013/09/03 02:20:17 | 000,393,532 | ---- | M] () -- E:\Users\Timur\AppData\Roaming\2433f433
[2013/09/03 02:20:17 | 000,393,500 | ---- | M] () -- E:\ProgramData\2433f433
[2013/09/02 09:50:36 | 000,367,332 | ---- | M] (hxxp://magiclauncher.com) -- E:\Users\Timur\Desktop\MagicLauncher_1.1.7.exe
[2013/09/01 07:52:01 | 000,001,022 | ---- | M] () -- E:\Windows\tasks\Google Software Updater.job
[2013/08/21 04:54:52 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- E:\Windows\System32\FlashPlayerApp.exe
[2013/08/21 04:54:52 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- E:\Windows\System32\FlashPlayerCPLApp.cpl
[2013/08/18 03:27:22 | 000,037,664 | ---- | M] (AVG Technologies) -- E:\Windows\System32\drivers\avgtpx86.sys
[2 E:\Program Files\*.tmp files -> E:\Program Files\*.tmp -> ]
[1 E:\Windows\*.tmp files -> E:\Windows\*.tmp -> ]
[1 E:\Users\Timur\AppData\Roaming\*.tmp files -> E:\Users\Timur\AppData\Roaming\*.tmp -> ]
========== Files Created - No Company Name ==========
[2013/09/03 02:20:17 | 000,393,549 | ---- | C] () -- E:\Users\Timur\AppData\Local\2433f433
[2013/09/03 02:20:17 | 000,393,532 | ---- | C] () -- E:\Users\Timur\AppData\Roaming\2433f433
[2013/09/03 02:20:17 | 000,393,500 | ---- | C] () -- E:\ProgramData\2433f433
[2013/01/14 12:55:31 | 000,007,104 | ---- | C] () -- E:\Users\Timur\AppData\Roaming\BAcroIEHelpe250.dll.vir
[2012/11/29 10:15:16 | 000,703,117 | ---- | C] () -- E:\Users\Timur\AppData\Roaming\technic-launcher.jar
[2012/11/29 10:15:16 | 000,581,642 | ---- | C] () -- E:\Users\Timur\AppData\Roaming\technic-launcher.jar.bak
[2012/10/17 05:47:54 | 000,000,160 | ---- | C] () -- E:\Users\Timur\AppData\Roaming\blckdom.res
[2012/08/29 09:36:55 | 000,017,136 | ---- | C] () -- E:\Windows\System32\sasnative32.exe
[2012/08/29 09:35:36 | 001,156,400 | ---- | C] () -- E:\Windows\System32\dmwu.exe
[2012/08/29 09:35:36 | 000,027,136 | ---- | C] () -- E:\Windows\System32\ImHttpComm.dll
[2011/09/05 16:28:54 | 000,014,115 | ---- | C] () -- E:\Windows\twspmm.ini
[2011/05/22 08:41:07 | 000,080,896 | ---- | C] () -- E:\Windows\System32\RDVGHelper.exe
[2011/05/22 08:40:50 | 000,252,928 | ---- | C] () -- E:\Windows\System32\DShowRdpFilter.dll
[2011/05/22 08:40:05 | 000,066,048 | ---- | C] () -- E:\Windows\System32\PrintBrmUi.exe
[2010/12/29 14:24:37 | 001,389,893 | ---- | C] () -- E:\Windows\Mall Tycoon 2 Deluxe Uninstaller.exe
[2010/12/14 05:22:34 | 000,360,448 | ---- | C] () -- E:\Windows\System32\lxducoin.dll
[2010/12/14 05:21:36 | 000,040,960 | ---- | C] () -- E:\Windows\System32\lxduvs.dll
[2010/12/14 05:20:39 | 001,036,288 | ---- | C] () -- E:\Windows\System32\lxdudrs.dll
[2010/12/14 05:20:39 | 000,081,920 | ---- | C] () -- E:\Windows\System32\lxducaps.dll
[2010/12/14 05:20:38 | 000,069,632 | ---- | C] () -- E:\Windows\System32\lxducnv4.dll
[2010/12/14 05:20:25 | 000,086,016 | ---- | C] () -- E:\Windows\System32\lxduoem.dll
[2010/12/14 05:20:25 | 000,045,056 | ---- | C] () -- E:\Windows\System32\LXDUPMON.DLL
[2010/12/14 05:20:25 | 000,032,768 | ---- | C] () -- E:\Windows\System32\LXDUFXPU.DLL
[2010/12/14 05:18:42 | 000,000,044 | ---- | C] () -- E:\Windows\System32\lxdurwrd.ini
[2010/12/14 05:17:21 | 000,389,120 | ---- | C] () -- E:\Windows\System32\LXDUinst.dll
[2010/12/14 05:17:17 | 000,208,896 | ---- | C] () -- E:\Windows\System32\lxdugrd.dll
[2010/10/28 10:36:38 | 000,000,000 | ---- | C] () -- E:\Users\Timur\AppData\Roaming\FileOut.cns
[2010/10/28 10:36:38 | 000,000,000 | ---- | C] () -- E:\Users\Timur\AppData\Roaming\FileIn.cns
[2010/05/14 11:40:57 | 000,110,592 | ---- | C] () -- E:\Windows\System32\AegisI5.exe
[2010/05/14 11:40:57 | 000,086,016 | ---- | C] () -- E:\Windows\System32\install2500USB.dll
[2010/05/14 11:40:57 | 000,045,056 | ---- | C] () -- E:\Windows\System32\DEDriverDLL.dll
[2010/05/14 11:40:57 | 000,036,864 | ---- | C] () -- E:\Windows\System32\WRLSetup.exe
[2010/05/14 11:40:57 | 000,032,768 | ---- | C] () -- E:\Windows\System32\SmartInstallCfg2.dll
[2010/05/14 11:40:57 | 000,028,672 | ---- | C] () -- E:\Windows\System32\CCS2500USB.exe
[2010/05/07 21:39:15 | 000,000,000 | ---- | C] () -- E:\Windows\ativpsrm.bin
[2010/05/07 16:10:55 | 000,001,035 | ---- | C] () -- E:\Windows\System32\atipblag.dat
[2009/12/04 17:17:18 | 000,198,341 | ---- | C] () -- E:\Windows\System32\atiicdxx.dat
[2009/07/14 04:47:43 | 000,654,150 | ---- | C] () -- E:\Windows\System32\perfh007.dat
[2009/07/14 04:47:43 | 000,295,922 | ---- | C] () -- E:\Windows\System32\perfi007.dat
[2009/07/14 04:47:43 | 000,130,022 | ---- | C] () -- E:\Windows\System32\perfc007.dat
[2009/07/14 04:47:43 | 000,038,104 | ---- | C] () -- E:\Windows\System32\perfd007.dat
[2009/07/14 00:57:37 | 000,067,584 | --S- | C] () -- E:\Windows\bootstat.dat
[2009/07/14 00:33:53 | 000,309,648 | ---- | C] () -- E:\Windows\System32\FNTCACHE.DAT
[2009/07/13 22:05:48 | 000,616,032 | ---- | C] () -- E:\Windows\System32\perfh009.dat
[2009/07/13 22:05:48 | 000,291,294 | ---- | C] () -- E:\Windows\System32\perfi009.dat
[2009/07/13 22:05:48 | 000,106,412 | ---- | C] () -- E:\Windows\System32\perfc009.dat
[2009/07/13 22:05:48 | 000,031,548 | ---- | C] () -- E:\Windows\System32\perfd009.dat
[2009/07/13 22:05:05 | 000,000,741 | ---- | C] () -- E:\Windows\System32\NOISE.DAT
[2009/07/13 22:04:11 | 000,215,943 | ---- | C] () -- E:\Windows\System32\dssec.dat
[2009/07/13 19:55:01 | 000,043,131 | ---- | C] () -- E:\Windows\mib.bin
[2009/07/13 19:51:43 | 000,073,728 | ---- | C] () -- E:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- E:\Windows\System32\BWContextHandler.dll
[2009/06/19 14:06:22 | 000,197,912 | ---- | C] () -- E:\Windows\System32\physxcudart_20.dll
[2009/06/19 14:06:22 | 000,058,648 | ---- | C] () -- E:\Windows\System32\AgCPanelTraditionalChinese.dll
[2009/06/19 14:06:22 | 000,058,648 | ---- | C] () -- E:\Windows\System32\AgCPanelSwedish.dll
[2009/06/19 14:06:22 | 000,058,648 | ---- | C] () -- E:\Windows\System32\AgCPanelSpanish.dll
[2009/06/19 14:06:22 | 000,058,648 | ---- | C] () -- E:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2009/06/19 14:06:22 | 000,058,648 | ---- | C] () -- E:\Windows\System32\AgCPanelPortugese.dll
[2009/06/19 14:06:22 | 000,058,648 | ---- | C] () -- E:\Windows\System32\AgCPanelKorean.dll
[2009/06/19 14:06:22 | 000,058,648 | ---- | C] () -- E:\Windows\System32\AgCPanelJapanese.dll
[2009/06/19 14:06:22 | 000,058,648 | ---- | C] () -- E:\Windows\System32\AgCPanelGerman.dll
[2009/06/19 14:06:22 | 000,058,648 | ---- | C] () -- E:\Windows\System32\AgCPanelFrench.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- E:\Windows\System32\mlang.dat
[2009/04/21 18:19:06 | 000,172,173 | ---- | C] () -- E:\Windows\System32\xlive.dll.cat
[2009/02/18 14:55:20 | 000,294,912 | ---- | C] () -- E:\Windows\System32\ATIODE.exe
[2009/02/03 17:52:02 | 000,045,056 | ---- | C] () -- E:\Windows\System32\ATIODCLI.exe
[2007/05/09 14:35:54 | 000,057,126 | ---- | C] () -- E:\Windows\System32\lvcoinst.ini
[2004/08/13 03:56:20 | 000,005,810 | ---- | C] () -- E:\Windows\System32\drivers\ASACPI.sys
========== LOP Check ==========
[2010/12/14 05:20:23 | 000,000,000 | ---D | M] -- E:\ProgramData\5600-6600 Series
[2010/05/07 15:45:02 | 000,000,000 | -HSD | M] -- E:\ProgramData\Anwendungsdaten
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- E:\ProgramData\Application Data
[2013/06/29 02:40:28 | 000,000,000 | ---D | M] -- E:\ProgramData\AVG Secure Search
[2013/08/03 11:40:34 | 000,000,000 | ---D | M] -- E:\ProgramData\boost_interprocess
[2012/08/29 09:37:11 | 000,000,000 | -H-D | M] -- E:\ProgramData\Common Files
[2010/05/14 12:18:37 | 000,000,000 | ---D | M] -- E:\ProgramData\DAEMON Tools Lite
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- E:\ProgramData\Desktop
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- E:\ProgramData\Documents
[2010/05/07 15:45:02 | 000,000,000 | -HSD | M] -- E:\ProgramData\Dokumente
[2013/04/06 05:48:52 | 000,000,000 | ---D | M] -- E:\ProgramData\Electronic Arts
[2010/05/07 15:45:02 | 000,000,000 | -HSD | M] -- E:\ProgramData\Favoriten
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- E:\ProgramData\Favorites
[2011/06/12 05:56:22 | 000,000,000 | ---D | M] -- E:\ProgramData\Lx_cats
[2013/06/04 09:28:03 | 000,000,000 | ---D | M] -- E:\ProgramData\Origin
[2012/08/04 11:13:22 | 000,000,000 | ---D | M] -- E:\ProgramData\Rosetta Stone
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- E:\ProgramData\Start Menu
[2010/05/07 15:45:02 | 000,000,000 | -HSD | M] -- E:\ProgramData\Startmenü
[2012/08/29 09:36:56 | 000,000,000 | ---D | M] -- E:\ProgramData\Systweak
[2010/05/15 12:35:02 | 000,000,000 | ---D | M] -- E:\ProgramData\Temp
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- E:\ProgramData\Templates
[2011/07/28 14:15:30 | 000,000,000 | ---D | M] -- E:\ProgramData\Ulead Systems
[2010/05/07 15:45:02 | 000,000,000 | -HSD | M] -- E:\ProgramData\Vorlagen
[2011/08/16 14:28:12 | 000,000,000 | ---D | M] -- E:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2013/09/05 10:38:07 | 000,000,350 | ---- | M] () -- E:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
[2013/06/25 10:01:30 | 000,032,632 | ---- | M] () -- E:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
< End of report >
Vielen Dank für eure hilfe!
VIEL GRÜSSE. |
AdwCleaner auf deinen Desktop.
FRST 32-Bit | FRST 64-Bit
Textbox. 