Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: GVU Ransom/Trojaner v2.07 (Win7 64)

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML

Antwort
Alt 24.07.2012, 18:36   #1
Steiner1
 
GVU Ransom/Trojaner v2.07  (Win7 64) - Standard

GVU Ransom/Trojaner v2.07 (Win7 64)



Hallöchen Trojanerboard,

ich hab mir heuer den GVU Ransom v 2.07 eingefangen, der mir statt dem Desktop nur den wohlbekannten Ukash Screensaver präsentiert.

Die vorherigen Versionen dieses Mistdings habe ich durch Regedit und Dateien Löschen schon ein paar mal auf ner VM wegbekommen, diese hier ist mir jedoch ein Rätsel. Ich wüsste nichtmal recht wo ich anfangen sollte mit fixen, daher lass ich es gleich.

Infektionsursache war wahrscheinlich der Veraltete Adobe Flash Player, dessen Autoupdate ich in einem Anfall geistiger Umnachtung wohl mal gestoppt haben muss.

Des weiteren sind mir 2 versteckte "desktop.ini" mit folgendem Inhalt aufgefallen(die waren gestern noch nicht da):
Code:
ATTFilter
[.ShellClassInfo]
LocalizedResourceName=@%SystemRoot%\system32\shell32.dll,-21769
IconResource=%SystemRoot%\system32\imageres.dll,-183
         
Wäre Super wenn mir jemand nen OTL-Fix schreiben könnte (falls überhaupt möglich).

MbAm und OTL logs aus dem Abgesicherten Modus habe ich beigefügt.
OTL weigert sich allerdings die Extras.txt zu generieren - wenn jemand Abhilfe weiss werde ich die Datei nachreichen.

Danke schonmal im Voraus.

MfG,

Steiner

MbAm
Code:
ATTFilter
Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.06.27.09

Windows 7 Service Pack 1 x64 NTFS (Abgesichertenmodus)
Internet Explorer 8.0.7601.17514
Oberst Steiner :: GALGENVOGEL [Administrator]

24.07.2012 18:35:29
mbam-log-2012-07-24 (18-35-29).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM | P2P
Deaktivierte Suchlaufeinstellungen: 
Durchsuchte Objekte: 349129
Laufzeit: 25 Minute(n), 

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         
OTL.txt

Code:
ATTFilter
OTL logfile created on: 24.07.2012 19:25:27 - Run 3
OTL by OldTimer - Version 3.2.54.1     Folder = C:\Users\Oberst Steiner\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
5,99 Gb Total Physical Memory | 4,85 Gb Available Physical Memory | 81,03% Memory free
11,98 Gb Paging File | 11,00 Gb Available in Paging File | 91,82% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 39,90 Gb Total Space | 1,44 Gb Free Space | 3,60% Space Free | Partition Type: NTFS
Drive F: | 661,51 Gb Total Space | 73,75 Gb Free Space | 11,15% Space Free | Partition Type: NTFS
Drive G: | 979,23 Mb Total Space | 813,34 Mb Free Space | 83,06% Space Free | Partition Type: FAT
Drive I: | 30,00 Gb Total Space | 8,84 Gb Free Space | 29,48% Space Free | Partition Type: NTFS
Drive J: | 200,00 Gb Total Space | 13,11 Gb Free Space | 6,56% Space Free | Partition Type: NTFS
 
Computer Name: GALGENVOGEL | User Name: Oberst Steiner | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.07.24 17:16:14 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Oberst Steiner\Desktop\OTL.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2012.06.11 10:50:12 | 000,076,888 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysNative\PnkBstrA.exe -- (PnkBstrA)
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012.07.08 22:43:07 | 000,076,888 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012.06.27 12:29:24 | 002,369,960 | ---- | M] (LogMeIn Inc.) [Auto | Stopped] -- C:\Programme\Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2012.06.23 14:05:01 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012.05.30 13:11:34 | 000,149,544 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Programme\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
SRV - [2012.05.15 12:48:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012.04.19 22:23:38 | 000,736,104 | ---- | M] (Tunngle.net GmbH) [On_Demand | Stopped] -- I:\Programme\Tunngle\TnglCtrl.exe -- (TunngleService)
SRV - [2012.03.26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2012.03.26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.06.01 14:44:54 | 002,337,144 | ---- | M] (TeamViewer GmbH) [Disabled | Stopped] -- I:\Programme\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2010.12.10 17:36:54 | 000,153,440 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.08.18 13:48:02 | 002,291,568 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009.07.20 13:36:14 | 000,160,784 | ---- | M] (Logitech, Inc.) [Disabled | Stopped] -- C:\Programme\Common Files\logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008.08.01 12:11:20 | 000,158,208 | ---- | M] (NVIDIA) [Auto | Stopped] -- I:\Programme\NVIDIA Corporation\System Update\UpdateCenterService.exe -- (UpdateCenterService)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.06.20 09:26:23 | 000,560,184 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2012.05.30 13:10:50 | 000,016,168 | ---- | M] (Intel(R) Corporation) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
DRV:64bit: - [2012.03.20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.01.17 14:45:56 | 000,188,224 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2011.08.19 10:27:30 | 004,869,024 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64)
DRV:64bit: - [2011.08.19 10:27:30 | 000,351,136 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2011.04.27 00:01:56 | 000,314,016 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2011.04.27 00:01:56 | 000,043,680 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2011.03.30 13:05:55 | 000,035,112 | ---- | M] (TeamViewer GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\teamviewervpn.sys -- (teamviewervpn)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.20 13:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010.09.28 16:44:52 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010.09.22 21:19:02 | 000,037,888 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\taphss.sys -- (taphss)
DRV:64bit: - [2009.12.03 17:48:32 | 000,716,872 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ATSwpWDF.sys -- (ATSwpWDF)
DRV:64bit: - [2009.09.16 09:02:42 | 000,031,232 | ---- | M] (Tunngle.net) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tap0901t.sys -- (tap0901t)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.17 18:54:46 | 000,040,976 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV:64bit: - [2009.06.17 18:54:30 | 000,057,872 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2009.06.17 18:54:22 | 000,055,312 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2009.06.10 22:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009.03.18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2007.07.23 10:57:04 | 000,052,992 | ---- | M] (Ideazon Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Alpham164.sys -- (Alpham1)
DRV:64bit: - [2007.03.20 12:51:04 | 000,021,760 | ---- | M] (Ideazon Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Alpham264.sys -- (Alpham2)
DRV:64bit: - [2005.03.29 01:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV - [2011.11.22 20:36:38 | 000,013,416 | ---- | M] () [Kernel | On_Demand | Stopped] -- I:\Programme\EVGA Precision\RTCore64.sys -- (RTCore64)
DRV - [2011.08.22 23:14:59 | 000,019,952 | ---- | M] () [Kernel | On_Demand | Stopped] -- I:\Programme\RivaTuner\RivaTuner64.sys -- (RivaTuner64)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2008.08.01 12:08:28 | 000,040,480 | ---- | M] (NVidia Corp.) [Kernel | Auto | Stopped] -- C:\Windows\nvflsh64.sys -- (NVR0FLASHDev)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-2511048815-3308917260-3651149802-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-2511048815-3308917260-3651149802-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-2511048815-3308917260-3651149802-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 5B 38 76 3E 39 51 CD 01  [binary data]
IE - HKU\S-1-5-21-2511048815-3308917260-3651149802-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2511048815-3308917260-3651149802-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2511048815-3308917260-3651149802-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2511048815-3308917260-3651149802-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..extensions.enabledItems: foxyproxy@eric.h.jung:2.22.6
FF - prefs.js..extensions.enabledItems: {888d99e7-e8b5-46a3-851e-1ec45da1e644}:4.0.3
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..network.proxy.http: "66.199.235.172"
FF - prefs.js..network.proxy.http_port: 8080
FF - prefs.js..network.proxy.no_proxies_on: "localhost, 127.0.0.1, stealthy.co"
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.type: 0
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: I:\Programme\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.104.0: C:\Program Files (x86)\Battlelog Web Plugins\1.104.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.118.0: C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.122.0: C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: \NGM\npNxGameUS.dll File not found
FF - HKLM\Software\MozillaPlugins\@ngm.nexoneu.com/NxGame: C:\ProgramData\NexonEU\NGM\npNxGameeu.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: I:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.01.17 08:31:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: I:\Programme\Mozilla Firefox\components [2012.07.19 10:16:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: I:\Programme\Mozilla Firefox\plugins [2012.07.18 12:49:12 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: I:\Programme\Mozilla Firefox\components [2012.07.19 10:16:54 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: I:\Programme\Mozilla Firefox\plugins [2012.07.18 12:49:12 | 000,000,000 | ---D | M]
 
[2010.10.10 02:56:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Oberst Steiner\AppData\Roaming\mozilla\Extensions
[2012.07.10 11:25:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Oberst Steiner\AppData\Roaming\mozilla\Firefox\Profiles\asq9gdnf.default\extensions
[2012.07.10 11:25:00 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\Oberst Steiner\AppData\Roaming\mozilla\Firefox\Profiles\asq9gdnf.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2011.01.02 22:38:48 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Oberst Steiner\AppData\Roaming\mozilla\Firefox\Profiles\asq9gdnf.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.05.19 13:11:48 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Oberst Steiner\AppData\Roaming\mozilla\Firefox\Profiles\asq9gdnf.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2012.05.22 08:25:27 | 000,000,000 | ---D | M] (FoxyProxy Standard) -- C:\Users\Oberst Steiner\AppData\Roaming\mozilla\Firefox\Profiles\asq9gdnf.default\extensions\foxyproxy@eric.h.jung
[2012.01.01 22:54:56 | 000,074,526 | ---- | M] () (No name found) -- C:\USERS\OBERST STEINER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ASQ9GDNF.DEFAULT\EXTENSIONS\{11483926-DB67-4190-91B1-EF20FCEC5F33}.XPI
[2012.04.23 12:14:32 | 000,013,648 | ---- | M] () (No name found) -- C:\USERS\OBERST STEINER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ASQ9GDNF.DEFAULT\EXTENSIONS\{16466865-007F-4CE4-AEB5-A0AA8B34C61A}.XPI
[2012.06.23 10:09:29 | 000,210,420 | ---- | M] () (No name found) -- C:\USERS\OBERST STEINER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ASQ9GDNF.DEFAULT\EXTENSIONS\{71BFCCE7-421D-4042-95D4-A585A821CBCA}.XPI
[2012.06.04 09:01:32 | 000,030,312 | ---- | M] () (No name found) -- C:\USERS\OBERST STEINER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ASQ9GDNF.DEFAULT\EXTENSIONS\{888D99E7-E8B5-46A3-851E-1EC45DA1E644}.XPI
[2012.06.29 16:26:27 | 000,082,787 | ---- | M] () (No name found) -- C:\USERS\OBERST STEINER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ASQ9GDNF.DEFAULT\EXTENSIONS\LDSI_PLASHCOR@GMAIL.COM.XPI
[2012.02.26 22:43:06 | 000,008,503 | ---- | M] () (No name found) -- C:\USERS\OBERST STEINER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ASQ9GDNF.DEFAULT\EXTENSIONS\LONGURLPLEASE@DARRAGH.CURRAN.XPI
[2012.01.01 22:54:56 | 000,008,001 | ---- | M] () (No name found) -- C:\USERS\OBERST STEINER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ASQ9GDNF.DEFAULT\EXTENSIONS\TINEYE@IDEEINC.COM.XPI
[2012.05.20 20:40:13 | 000,010,013 | ---- | M] () (No name found) -- C:\USERS\OBERST STEINER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ASQ9GDNF.DEFAULT\EXTENSIONS\YOUTUBEUNBLOCKER@UNBLOCKER.YT.XPI
 
O1 HOSTS File: ([2012.06.27 21:16:07 | 000,442,922 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1	www.007guard.com
O1 - Hosts: 127.0.0.1	007guard.com
O1 - Hosts: 127.0.0.1	008i.com
O1 - Hosts: 127.0.0.1	www.008k.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	www.00hq.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	010402.com
O1 - Hosts: 127.0.0.1	www.032439.com
O1 - Hosts: 127.0.0.1	032439.com
O1 - Hosts: 127.0.0.1	www.0scan.com
O1 - Hosts: 127.0.0.1	0scan.com
O1 - Hosts: 127.0.0.1	1000gratisproben.com
O1 - Hosts: 127.0.0.1	www.1000gratisproben.com
O1 - Hosts: 127.0.0.1	1001namen.com
O1 - Hosts: 127.0.0.1	www.1001namen.com
O1 - Hosts: 127.0.0.1	100888290cs.com
O1 - Hosts: 127.0.0.1	www.100888290cs.com
O1 - Hosts: 127.0.0.1	www.100sexlinks.com
O1 - Hosts: 127.0.0.1	100sexlinks.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	www.10sek.com
O1 - Hosts: 127.0.0.1	www.1-2005-search.com
O1 - Hosts: 127.0.0.1	1-2005-search.com
O1 - Hosts: 127.0.0.1	123fporn.info
O1 - Hosts: 15215 more lines...
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2:64bit: - BHO: (no name) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - No CLSID value found.
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - I:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: []  File not found
O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - I:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-2511048815-3308917260-3651149802-1000\..Trusted Ranges: Range1979 ([http] in Trusted sites)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 10.0.0)
O16 - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A338F371-21A1-4068-96AC-DF38C8902A63}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A338F371-21A1-4068-96AC-DF38C8902A63}: NameServer = 8.8.8.8
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKU\S-1-5-21-2511048815-3308917260-3651149802-1000 Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-2511048815-3308917260-3651149802-1000 Winlogon: Shell - (C:\Users\Oberst Steiner\AppData\Roaming\msconfig.dat) - C:\Users\Oberst Steiner\AppData\Roaming\msconfig.dat ()
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O31 - SafeBoot: UseAlternatShell - 1
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{7046c719-019f-11e1-ac35-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{7046c719-019f-11e1-ac35-806e6f6e6963}\Shell\AutoRun\command - "" = D:\.\Bin\Assetup.exe
O33 - MountPoints2\{93c26abd-d980-11e0-b5d9-485b39187762}\Shell - "" = AutoRun
O33 - MountPoints2\{93c26abd-d980-11e0-b5d9-485b39187762}\Shell\AutoRun\command - "" = H:\SETUP.EXE
O33 - MountPoints2\{b9f6c4fd-d40e-11df-b889-485b39187762}\Shell - "" = AutoRun
O33 - MountPoints2\{b9f6c4fd-d40e-11df-b889-485b39187762}\Shell\AutoRun\command - "" = E:\setup.exe
O33 - MountPoints2\{b9f6c4fe-d40e-11df-b889-485b39187762}\Shell - "" = AutoRun
O33 - MountPoints2\{b9f6c4fe-d40e-11df-b889-485b39187762}\Shell\AutoRun\command - "" = G:\Setup.exe
O33 - MountPoints2\{cbbb81a0-d4b2-11e1-beeb-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{cbbb81a0-d4b2-11e1-beeb-806e6f6e6963}\Shell\AutoRun\command - "" = E:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.07.24 17:17:21 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Oberst Steiner\Desktop\OTL.exe
[2012.07.24 02:33:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
[2012.07.24 02:30:34 | 014,259,736 | ---- | C] (DT Soft Ltd) -- C:\Users\Oberst Steiner\Desktop\DTLite4454-0314.exe
[2012.07.18 20:50:19 | 000,000,000 | ---D | C] -- C:\Users\Oberst Steiner\Desktop\peezza
[2012.07.18 12:54:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WSP Module Player for Winamp
[2012.07.18 12:49:12 | 000,000,000 | ---D | C] -- C:\Users\Oberst Steiner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Winamp Erkennungs-Plug-in
[2012.07.18 12:49:02 | 000,000,000 | ---D | C] -- C:\Users\Oberst Steiner\AppData\Roaming\Winamp
[2012.07.18 12:41:53 | 013,092,648 | ---- | C] (Nullsoft, Inc.) -- C:\Users\Oberst Steiner\Desktop\winamp563_full_emusic-7plus_de-de.exe
[2012.07.17 10:27:12 | 000,000,000 | ---D | C] -- C:\Users\Oberst Steiner\Desktop\gärtner
[2012.07.07 00:12:07 | 000,000,000 | ---D | C] -- C:\Users\Oberst Steiner\AppData\Roaming\Image-Line
[2012.07.05 18:18:31 | 000,000,000 | ---D | C] -- C:\Users\Oberst Steiner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASIO4ALL v2
[2012.07.05 18:06:46 | 000,225,280 | ---- | C] (Propellerhead Software AB) -- C:\Windows\SysWow64\rewire.dll
[2012.07.05 18:06:41 | 000,000,000 | ---D | C] -- C:\Users\Oberst Steiner\Documents\Image-Line
[2012.07.05 18:06:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Image-Line
[2012.07.05 18:06:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Image-Line
[2012.07.05 18:06:17 | 000,000,000 | ---D | C] -- C:\Users\Oberst Steiner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line
[2012.07.05 18:06:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Outsim
[2012.07.03 13:55:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
[2012.07.03 13:55:03 | 000,000,000 | ---D | C] -- C:\Program Files\Hamachi
[2012.06.28 01:32:14 | 000,000,000 | ---D | C] -- C:\Users\Oberst Steiner\Desktop\röwer
[2012.06.27 21:16:30 | 000,000,000 | ---D | C] -- C:\Users\Oberst Steiner\AppData\Roaming\Malwarebytes
[2012.06.27 21:16:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.06.27 21:16:20 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.06.27 21:10:46 | 010,063,000 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Oberst Steiner\Desktop\malwarebytes_antimalware_1.61.exe
[2012.06.26 02:08:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
[2012.06.26 02:08:43 | 000,000,000 | ---D | C] -- C:\Program Files\Intel
[2012.06.26 02:08:01 | 000,000,000 | ---D | C] -- C:\Users\Oberst Steiner\AppData\Roaming\InstallShield
[2012.06.25 05:25:44 | 000,000,000 | ---D | C] -- C:\Users\Oberst Steiner\AppData\Roaming\Help
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.07.24 18:23:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.24 18:23:46 | 529,883,135 | -HS- | M] () -- C:\hiberfil.sys
[2012.07.24 17:38:40 | 000,000,045 | ---- | M] () -- C:\Users\Oberst Steiner\AppData\Roaming\msconfig.ini
[2012.07.24 17:38:36 | 000,001,122 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.07.24 17:16:14 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Oberst Steiner\Desktop\OTL.exe
[2012.07.24 16:04:47 | 000,030,784 | ---- | M] () -- C:\Users\Oberst Steiner\Desktop\cc_20120724_160441.reg
[2012.07.24 14:19:00 | 000,001,126 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.07.24 02:33:53 | 000,000,792 | ---- | M] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
[2012.07.24 02:31:41 | 014,259,736 | ---- | M] (DT Soft Ltd) -- C:\Users\Oberst Steiner\Desktop\DTLite4454-0314.exe
[2012.07.23 19:30:02 | 000,283,304 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2012.07.23 19:30:02 | 000,283,304 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.07.23 02:27:45 | 000,283,304 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2012.07.22 04:55:42 | 000,061,839 | ---- | M] () -- C:\Users\Oberst Steiner\Desktop\101.jpg
[2012.07.18 12:53:34 | 000,505,760 | ---- | M] () -- C:\Users\Oberst Steiner\Desktop\WSP_for_Winamp.exe
[2012.07.18 12:49:13 | 000,000,651 | ---- | M] () -- C:\Users\Public\Desktop\Winamp.lnk
[2012.07.18 12:43:13 | 013,092,648 | ---- | M] (Nullsoft, Inc.) -- C:\Users\Oberst Steiner\Desktop\winamp563_full_emusic-7plus_de-de.exe
[2012.07.15 17:21:51 | 000,017,726 | ---- | M] () -- C:\Users\Oberst Steiner\Desktop\Ausbildung Gärtner 3.odt
[2012.07.15 17:18:14 | 000,017,699 | ---- | M] () -- C:\Users\Oberst Steiner\Desktop\Ausbildung Gärtner 2.odt
[2012.07.13 16:07:07 | 005,265,929 | ---- | M] () -- C:\Users\Oberst Steiner\Desktop\50N0_TD0C.7z
[2012.07.12 11:45:00 | 000,296,520 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.07.08 22:43:07 | 000,076,888 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012.07.08 22:01:22 | 003,130,440 | ---- | M] () -- C:\Windows\SysWow64\pbsvc_blr.exe
[2012.07.08 14:19:03 | 000,000,848 | ---- | M] () -- C:\Users\Oberst Steiner\.recently-used.xbel
[2012.07.05 18:18:31 | 000,000,752 | ---- | M] () -- C:\Users\Oberst Steiner\Desktop\ASIO4ALL v2 Instruction Manual.lnk
[2012.07.05 18:06:45 | 000,000,669 | ---- | M] () -- C:\Users\Public\Desktop\FL Studio 10.lnk
[2012.07.05 17:56:29 | 000,650,657 | ---- | M] () -- C:\Users\Oberst Steiner\Desktop\lame3.99.5.zip
[2012.07.05 17:51:35 | 001,174,204 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.07.05 17:51:35 | 000,829,440 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.07.05 17:51:35 | 000,304,700 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.07.05 17:51:35 | 000,258,088 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.07.05 17:51:35 | 000,006,948 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.07.05 00:41:36 | 000,017,164 | ---- | M] () -- C:\Users\Oberst Steiner\Desktop\VerticalRedstone.zip
[2012.07.04 18:03:03 | 001,581,077 | ---- | M] () -- C:\Users\Oberst Steiner\Desktop\mcpatcher-2.3.7_02.exe
[2012.07.03 13:55:04 | 000,000,722 | ---- | M] () -- C:\Users\Public\Desktop\LogMeIn Hamachi.lnk
[2012.07.02 23:35:37 | 000,003,483 | ---- | M] () -- C:\Users\Oberst Steiner\Desktop\Police (The) - Message In A Bottle.zip
[2012.07.02 22:30:11 | 000,009,684 | ---- | M] () -- C:\Users\Oberst Steiner\Desktop\Simon and Garfunkel - El Condor Pasa v1.gp4
[2012.07.02 22:28:14 | 000,011,855 | ---- | M] () -- C:\Users\Oberst Steiner\Desktop\misc_traditional_el_condor_pasa.gp3
[2012.07.02 00:17:34 | 000,103,347 | ---- | M] () -- C:\Users\Oberst Steiner\Desktop\ModLoader.zip
[2012.07.02 00:15:59 | 000,848,389 | ---- | M] () -- C:\Users\Oberst Steiner\Desktop\BTWMod3-72b.zip
[2012.06.27 21:16:07 | 000,442,922 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012.06.27 21:12:12 | 010,063,000 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Oberst Steiner\Desktop\malwarebytes_antimalware_1.61.exe
[2012.06.26 02:08:44 | 000,001,054 | ---- | M] () -- C:\Users\Public\Desktop\Überwachungstool für die Intel® Turbo-Boost-Technik 2.6.lnk
[2012.06.25 16:01:12 | 000,047,374 | ---- | M] () -- C:\Users\Oberst Steiner\Desktop\quransmoking.jpg
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.07.24 16:04:43 | 000,030,784 | ---- | C] () -- C:\Users\Oberst Steiner\Desktop\cc_20120724_160441.reg
[2012.07.24 14:44:05 | 000,000,045 | ---- | C] () -- C:\Users\Oberst Steiner\AppData\Roaming\msconfig.ini
[2012.07.24 02:46:51 | 011,168,714 | ---- | C] () -- C:\Users\Oberst Steiner\Desktop\DR2.CRACK.rar
[2012.07.24 02:33:53 | 000,000,792 | ---- | C] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
[2012.07.22 04:55:37 | 000,061,839 | ---- | C] () -- C:\Users\Oberst Steiner\Desktop\101.jpg
[2012.07.18 12:53:33 | 000,505,760 | ---- | C] () -- C:\Users\Oberst Steiner\Desktop\WSP_for_Winamp.exe
[2012.07.18 12:49:13 | 000,000,651 | ---- | C] () -- C:\Users\Public\Desktop\Winamp.lnk
[2012.07.15 17:21:49 | 000,017,726 | ---- | C] () -- C:\Users\Oberst Steiner\Desktop\Ausbildung Gärtner 3.odt
[2012.07.15 17:18:12 | 000,017,699 | ---- | C] () -- C:\Users\Oberst Steiner\Desktop\Ausbildung Gärtner 2.odt
[2012.07.13 16:06:52 | 005,265,929 | ---- | C] () -- C:\Users\Oberst Steiner\Desktop\50N0_TD0C.7z
[2012.07.08 22:24:36 | 003,130,440 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_blr.exe
[2012.07.08 14:19:03 | 000,000,848 | ---- | C] () -- C:\Users\Oberst Steiner\.recently-used.xbel
[2012.07.05 18:18:31 | 000,000,752 | ---- | C] () -- C:\Users\Oberst Steiner\Desktop\ASIO4ALL v2 Instruction Manual.lnk
[2012.07.05 18:06:46 | 000,000,669 | ---- | C] () -- C:\Users\Public\Desktop\FL Studio 10.lnk
[2012.07.05 17:56:27 | 000,650,657 | ---- | C] () -- C:\Users\Oberst Steiner\Desktop\lame3.99.5.zip
[2012.07.05 00:41:35 | 000,017,164 | ---- | C] () -- C:\Users\Oberst Steiner\Desktop\VerticalRedstone.zip
[2012.07.04 18:03:01 | 001,581,077 | ---- | C] () -- C:\Users\Oberst Steiner\Desktop\mcpatcher-2.3.7_02.exe
[2012.07.03 13:55:04 | 000,000,722 | ---- | C] () -- C:\Users\Public\Desktop\LogMeIn Hamachi.lnk
[2012.07.02 23:35:36 | 000,003,483 | ---- | C] () -- C:\Users\Oberst Steiner\Desktop\Police (The) - Message In A Bottle.zip
[2012.07.02 22:30:10 | 000,009,684 | ---- | C] () -- C:\Users\Oberst Steiner\Desktop\Simon and Garfunkel - El Condor Pasa v1.gp4
[2012.07.02 22:28:13 | 000,011,855 | ---- | C] () -- C:\Users\Oberst Steiner\Desktop\misc_traditional_el_condor_pasa.gp3
[2012.07.02 00:17:34 | 000,103,347 | ---- | C] () -- C:\Users\Oberst Steiner\Desktop\ModLoader.zip
[2012.07.02 00:15:57 | 000,848,389 | ---- | C] () -- C:\Users\Oberst Steiner\Desktop\BTWMod3-72b.zip
[2012.06.26 02:08:44 | 000,001,054 | ---- | C] () -- C:\Users\Public\Desktop\Überwachungstool für die Intel® Turbo-Boost-Technik 2.6.lnk
[2012.06.25 16:01:11 | 000,047,374 | ---- | C] () -- C:\Users\Oberst Steiner\Desktop\quransmoking.jpg
[2012.06.24 02:06:54 | 000,283,304 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.06.24 02:06:53 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012.02.24 23:45:04 | 000,088,981 | ---- | C] () -- C:\Users\Oberst Steiner\AppData\Roaming\icarus-dxdiag.xml
[2012.01.11 07:30:19 | 000,101,888 | ---- | C] () -- C:\Users\Oberst Steiner\AppData\Roaming\msconfig.dat
[2011.12.03 16:23:38 | 000,110,602 | ---- | C] () -- C:\Windows\SysWow64\xcdsfx32.bin
[2011.12.02 18:52:14 | 000,001,746 | ---- | C] () -- C:\Windows\Language_trs.ini
[2011.11.22 00:31:03 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\Access.dat
[2011.10.15 23:50:47 | 000,000,876 | ---- | C] () -- C:\Users\Oberst Steiner\Eigene Videos - Verknüpfung.lnk
[2011.08.19 10:26:20 | 010,898,456 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2011.08.19 10:26:20 | 000,336,408 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2011.08.19 10:26:20 | 000,104,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
[2011.08.14 17:28:45 | 000,000,310 | ---- | C] () -- C:\Windows\game.ini
[2011.07.19 18:01:31 | 000,021,840 | ---- | C] () -- C:\Windows\SysWow64\SIntfNT.dll
[2011.07.19 18:01:31 | 000,017,212 | ---- | C] () -- C:\Windows\SysWow64\SIntf32.dll
[2011.07.19 18:01:31 | 000,012,067 | ---- | C] () -- C:\Windows\SysWow64\SIntf16.dll
[2011.04.09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011.03.31 21:39:55 | 000,000,047 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2010.12.21 10:48:24 | 002,968,064 | ---- | C] () -- C:\Windows\es.exe
[2010.12.05 00:02:48 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2010.12.05 00:02:47 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2010.12.05 00:02:45 | 000,790,528 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2010.12.05 00:02:45 | 000,134,144 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2010.12.05 00:02:45 | 000,108,032 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2010.11.29 00:58:17 | 000,004,625 | ---- | C] () -- C:\Users\Oberst Steiner\AppData\Local\springsettings.cfg
[2010.10.18 00:15:48 | 000,000,102 | ---- | C] () -- C:\Users\Oberst Steiner\AppData\Local\fusioncache.dat
[2010.10.18 00:14:43 | 001,820,658 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010.10.10 02:56:11 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
 
========== LOP Check ==========
 
[2012.07.23 22:29:05 | 000,000,000 | ---D | M] -- C:\Users\Oberst Steiner\AppData\Roaming\.minecraft
[2012.02.14 00:31:12 | 000,000,000 | ---D | M] -- C:\Users\Oberst Steiner\AppData\Roaming\Atari
[2011.12.03 23:04:54 | 000,000,000 | ---D | M] -- C:\Users\Oberst Steiner\AppData\Roaming\BitTorrent
[2011.08.14 17:01:09 | 000,000,000 | ---D | M] -- C:\Users\Oberst Steiner\AppData\Roaming\bizarre creations
[2010.12.25 02:42:45 | 000,000,000 | ---D | M] -- C:\Users\Oberst Steiner\AppData\Roaming\ChaosPro
[2010.12.25 02:45:45 | 000,000,000 | ---D | M] -- C:\Users\Oberst Steiner\AppData\Roaming\ChaosPro 4.0
[2012.06.19 09:05:28 | 000,000,000 | ---D | M] -- C:\Users\Oberst Steiner\AppData\Roaming\CPUControl
[2012.06.06 12:35:20 | 000,000,000 | ---D | M] -- C:\Users\Oberst Steiner\AppData\Roaming\CrystalIdea Software
[2012.07.24 16:39:14 | 000,000,000 | ---D | M] -- C:\Users\Oberst Steiner\AppData\Roaming\DAEMON Tools Lite
[2011.10.31 20:34:10 | 000,000,000 | ---D | M] -- C:\Users\Oberst Steiner\AppData\Roaming\Day 1 Studios
[2011.01.02 22:38:47 | 000,000,000 | ---D | M] -- C:\Users\Oberst Steiner\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.06.03 19:45:07 | 000,000,000 | ---D | M] -- C:\Users\Oberst Steiner\AppData\Roaming\EVEMon
[2012.06.03 00:46:47 | 000,000,000 | ---D | M] -- C:\Users\Oberst Steiner\AppData\Roaming\gtk-2.0
[2010.10.24 00:18:03 | 000,000,000 | ---D | M] -- C:\Users\Oberst Steiner\AppData\Roaming\Guitar Pro 6
[2012.06.26 17:05:21 | 000,000,000 | ---D | M] -- C:\Users\Oberst Steiner\AppData\Roaming\ICQ
[2011.12.02 17:44:04 | 000,000,000 | ---D | M] -- C:\Users\Oberst Steiner\AppData\Roaming\Ideazon
[2012.07.07 00:12:07 | 000,000,000 | ---D | M] -- C:\Users\Oberst Steiner\AppData\Roaming\Image-Line
[2011.09.07 22:35:03 | 000,000,000 | ---D | M] -- C:\Users\Oberst Steiner\AppData\Roaming\Kalypso Media
[2011.02.02 20:56:39 | 000,000,000 | ---D | M] -- C:\Users\Oberst Steiner\AppData\Roaming\Leadertech
[2012.01.23 11:56:50 | 000,000,000 | ---D | M] -- C:\Users\Oberst Steiner\AppData\Roaming\LolClient
[2010.11.09 19:27:33 | 000,000,000 | ---D | M] -- C:\Users\Oberst Steiner\AppData\Roaming\Meine Traffic
[2011.05.07 06:39:24 | 000,000,000 | ---D | M] -- C:\Users\Oberst Steiner\AppData\Roaming\minecraftbackup
[2011.06.01 12:46:28 | 000,000,000 | ---D | M] -- C:\Users\Oberst Steiner\AppData\Roaming\Mount&Blade With Fire and Sword
[2011.02.23 10:42:36 | 000,000,000 | ---D | M] -- C:\Users\Oberst Steiner\AppData\Roaming\Notepad++
[2010.11.17 23:24:25 | 000,000,000 | ---D | M] -- C:\Users\Oberst Steiner\AppData\Roaming\OpenOffice.org
[2011.11.30 20:35:56 | 000,000,000 | ---D | M] -- C:\Users\Oberst Steiner\AppData\Roaming\Origin
[2011.02.18 07:09:27 | 000,000,000 | ---D | M] -- C:\Users\Oberst Steiner\AppData\Roaming\PhotoFiltre
[2012.04.24 00:41:20 | 000,000,000 | ---D | M] -- C:\Users\Oberst Steiner\AppData\Roaming\PlayFirst
[2012.02.14 08:08:42 | 000,000,000 | ---D | M] -- C:\Users\Oberst Steiner\AppData\Roaming\PunkBuster
[2012.04.15 17:31:18 | 000,000,000 | ---D | M] -- C:\Users\Oberst Steiner\AppData\Roaming\Sierra
[2012.04.06 02:12:59 | 000,000,000 | ---D | M] -- C:\Users\Oberst Steiner\AppData\Roaming\Sierra Entertainment
[2011.11.14 03:05:54 | 000,000,000 | ---D | M] -- C:\Users\Oberst Steiner\AppData\Roaming\Sinvise Systems
[2010.11.29 00:41:56 | 000,000,000 | ---D | M] -- C:\Users\Oberst Steiner\AppData\Roaming\springlobby
[2010.11.29 00:46:14 | 000,000,000 | ---D | M] -- C:\Users\Oberst Steiner\AppData\Roaming\springlobby_updater
[2010.11.29 00:58:17 | 000,000,000 | ---D | M] -- C:\Users\Oberst Steiner\AppData\Roaming\springsettings
[2011.08.12 20:06:08 | 000,000,000 | ---D | M] -- C:\Users\Oberst Steiner\AppData\Roaming\TeamViewer
[2011.07.13 01:56:48 | 000,000,000 | ---D | M] -- C:\Users\Oberst Steiner\AppData\Roaming\TerrariaWorldViewer
[2012.04.07 15:32:09 | 000,000,000 | ---D | M] -- C:\Users\Oberst Steiner\AppData\Roaming\Tropico 4
[2012.04.24 03:20:31 | 000,000,000 | ---D | M] -- C:\Users\Oberst Steiner\AppData\Roaming\Tunngle
[2010.10.18 00:17:05 | 000,000,000 | ---D | M] -- C:\Users\Oberst Steiner\AppData\Roaming\Turbine
[2012.02.05 19:34:39 | 000,000,000 | ---D | M] -- C:\Users\Oberst Steiner\AppData\Roaming\Ubisoft
[2011.04.14 09:27:46 | 000,000,000 | ---D | M] -- C:\Users\Oberst Steiner\AppData\Roaming\Ultra Fractal 5
[2012.07.24 16:41:01 | 000,000,000 | ---D | M] -- C:\Users\Oberst Steiner\AppData\Roaming\Windows
[2012.07.12 11:45:04 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
         

Geändert von Steiner1 (24.07.2012 um 18:48 Uhr)

Alt 25.07.2012, 01:47   #2
t'john
/// Helfer-Team
 
GVU Ransom/Trojaner v2.07  (Win7 64) - Standard

GVU Ransom/Trojaner v2.07 (Win7 64)





Fixen mit OTL

Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).

  • Deaktiviere etwaige Virenscanner wie Avira, Kaspersky etc.
  • Starte die OTL.exe.
    Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
  • Kopiere folgendes Skript in das Textfeld unterhalb von Benuterdefinierte Scans/Fixes:


Code:
ATTFilter
:OTL
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
IE - HKU\S-1-5-21-2511048815-3308917260-3651149802-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} 
IE - HKU\S-1-5-21-2511048815-3308917260-3651149802-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC 
IE - HKU\S-1-5-21-2511048815-3308917260-3651149802-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
IE - HKU\S-1-5-21-2511048815-3308917260-3651149802-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local 
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198 
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6 
FF - prefs.js..extensions.enabledItems: foxyproxy@eric.h.jung:2.22.6 
FF - prefs.js..extensions.enabledItems: {888d99e7-e8b5-46a3-851e-1ec45da1e644}:4.0.3 
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 
FF - prefs.js..network.proxy.http: "66.199.235.172" 
FF - prefs.js..network.proxy.http_port: 8080 
FF - prefs.js..network.proxy.no_proxies_on: "localhost, 127.0.0.1, stealthy.co" 
FF - prefs.js..network.proxy.share_proxy_settings: true 
FF - prefs.js..network.proxy.type: 0 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found 
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found 
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.104.0: C:\Program Files (x86)\Battlelog Web Plugins\1.104.0\npesnlaunch.dll File not found 
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: \NGM\npNxGameUS.dll File not found 
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) 
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) 
O2:64bit: - BHO: (no name) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - No CLSID value found. 
O4:64bit: - HKLM..\Run: [] File not found 
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found 
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found 
O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Reg Error: Key error.) 
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found 
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found 
O20 - HKU\S-1-5-21-2511048815-3308917260-3651149802-1000 Winlogon: Shell - (C:\Users\Oberst Steiner\AppData\Roaming\msconfig.dat) - C:\Users\Oberst Steiner\AppData\Roaming\msconfig.dat () 
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. 
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. 
O31 - SafeBoot: UseAlternatShell - 1 
O32 - HKLM CDRom: AutoRun - 1 
O33 - MountPoints2\{7046c719-019f-11e1-ac35-806e6f6e6963}\Shell - "" = AutoRun 
O33 - MountPoints2\{7046c719-019f-11e1-ac35-806e6f6e6963}\Shell\AutoRun\command - "" = D:\.\Bin\Assetup.exe 
O33 - MountPoints2\{93c26abd-d980-11e0-b5d9-485b39187762}\Shell - "" = AutoRun 
O33 - MountPoints2\{93c26abd-d980-11e0-b5d9-485b39187762}\Shell\AutoRun\command - "" = H:\SETUP.EXE 
O33 - MountPoints2\{b9f6c4fd-d40e-11df-b889-485b39187762}\Shell - "" = AutoRun 
O33 - MountPoints2\{b9f6c4fd-d40e-11df-b889-485b39187762}\Shell\AutoRun\command - "" = E:\setup.exe 
O33 - MountPoints2\{b9f6c4fe-d40e-11df-b889-485b39187762}\Shell - "" = AutoRun 
O33 - MountPoints2\{b9f6c4fe-d40e-11df-b889-485b39187762}\Shell\AutoRun\command - "" = G:\Setup.exe 
O33 - MountPoints2\{cbbb81a0-d4b2-11e1-beeb-806e6f6e6963}\Shell - "" = AutoRun 
O33 - MountPoints2\{cbbb81a0-d4b2-11e1-beeb-806e6f6e6963}\Shell\AutoRun\command - "" = E:\setup.exe 
[2012.07.04 18:03:01 | 001,581,077 | ---- | C] () -- C:\Users\Oberst Steiner\Desktop\mcpatcher-2.3.7_02.exe
[2012.07.24 02:46:51 | 011,168,714 | ---- | C] () -- C:\Users\Oberst Steiner\Desktop\DR2.CRACK.rar
:Files
C:\Windows\KHALMNPR.Exe
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[emptyflash]
         
  • Schließe alle Programme.
  • Klicke auf den Fix Button.
  • Wenn OTL einen Neustart verlangt, bitte zulassen.
  • Kopiere den Inhalt des Logfiles hier in Code-Tags in Deinen Thread.
    Nachträglich kannst Du das Logfile hier einsehen => C:\_OTL\MovedFiles\

Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!
__________________

__________________

Alt 08.08.2012, 03:22   #3
t'john
/// Helfer-Team
 
GVU Ransom/Trojaner v2.07  (Win7 64) - Standard

GVU Ransom/Trojaner v2.07 (Win7 64)



Fehlende Rückmeldung

Gibt es Probleme beim Abarbeiten obiger Anleitung?

Um Kapazitäten für andere Hilfesuchende freizumachen, lösche ich dieses Thema aus meinen Benachrichtigungen.

Solltest Du weitermachen wollen, schreibe mir eine PN oder eröffne ein neues Thema.
http://www.trojaner-board.de/69886-a...-beachten.html


Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner sauber ist.
__________________
__________________

Antwort

Themen zu GVU Ransom/Trojaner v2.07 (Win7 64)
.dll, administrator, adobe flash player, autorun, bonjour, browser, cftmon.lnk, desktop.ini, error, explorer, flash player, google earth, go_0molg.pad, gvu trojaner, gvu trojaner 2.07, gvu trojaner entfernen, gvu trojaner mit webcam, imageres.dll, langs, launch, logfile, msconfig.dat, nvidia, nvidia update, plug-in, reveton.c, safer networking, scan, searchscopes, software, super, v 2.07, webcam gvu trojaner, webcamfenster, win7 64



Ähnliche Themen: GVU Ransom/Trojaner v2.07 (Win7 64)


  1. JS/Ransom-ABJ Trojaner
    Plagegeister aller Art und deren Bekämpfung - 05.05.2013 (9)
  2. BKA Trojaner (Trojan.ransom)
    Plagegeister aller Art und deren Bekämpfung - 02.03.2013 (18)
  3. Trojaner: Ransom und PUM.UserWLoad
    Plagegeister aller Art und deren Bekämpfung - 14.02.2013 (30)
  4. GVU Ransom Trojaner
    Plagegeister aller Art und deren Bekämpfung - 08.01.2013 (36)
  5. Win7 ransomware wgsdgsdgdsgsd.dll, Win32/Reveton!lnk (runctf.lnk), Trojan.Ransom.Win32.Foreign.AMN (A)
    Plagegeister aller Art und deren Bekämpfung - 30.12.2012 (9)
  6. GVU Trojaner mit Webcam Win7 Trojan.Ransom.FGen
    Plagegeister aller Art und deren Bekämpfung - 24.12.2012 (30)
  7. (2x) BKA Trojaner (Trojan.ransom)
    Mülltonne - 05.12.2012 (1)
  8. GVU-Trojaner: Trojan.Ransom.Gen
    Log-Analyse und Auswertung - 01.10.2012 (9)
  9. ukash (Trojan.Ransom.FGen) auf Win7 64bit. bitte um Hilfe.
    Plagegeister aller Art und deren Bekämpfung - 26.09.2012 (3)
  10. Ransom Trojaner
    Log-Analyse und Auswertung - 05.09.2012 (12)
  11. Trojaner Ransom
    Plagegeister aller Art und deren Bekämpfung - 12.08.2012 (23)
  12. TR/Ransom.294912 (Antivir) / Trojan-Ransom.Win32.Gimemo.vyp (Kaspersky)
    Log-Analyse und Auswertung - 20.07.2012 (18)
  13. Win7 64Bit Trojan.Ransom.AMNGen
    Log-Analyse und Auswertung - 12.07.2012 (35)
  14. Trojaner ransom.ej
    Plagegeister aller Art und deren Bekämpfung - 15.02.2012 (1)
  15. Trojaner Ransom EJ
    Plagegeister aller Art und deren Bekämpfung - 14.02.2012 (1)
  16. Ransom-Trojaner
    Log-Analyse und Auswertung - 09.02.2012 (9)
  17. Trojaner Ransom EJ
    Log-Analyse und Auswertung - 10.01.2012 (24)

Zum Thema GVU Ransom/Trojaner v2.07 (Win7 64) - Hallöchen Trojanerboard, ich hab mir heuer den GVU Ransom v 2.07 eingefangen, der mir statt dem Desktop nur den wohlbekannten Ukash Screensaver präsentiert. Die vorherigen Versionen dieses Mistdings habe ich - GVU Ransom/Trojaner v2.07 (Win7 64)...
Archiv
Du betrachtest: GVU Ransom/Trojaner v2.07 (Win7 64) auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.