Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
GVU Trojaner Laptop gesperrt

GVU Trojaner Laptop gesperrt


Plagegeister aller Art und deren Bekämpfung: GVU Trojaner Laptop gesperrt

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 25.01.2013, 23:58   #1
Bastl112
 
GVU Trojaner Laptop gesperrt - Standard

GVU Trojaner Laptop gesperrt


Hallo liebes TB Team bei mir hat ebenfalls der GVU Trojaner zugeschlagen. :-(
Wenn ich meinen Laptop - ASUS pro 72series Winows Vista - starte erscheint kurz der normale Dektop und dann der bekannte Bildschirm der GVU Bundesamt für Sicherheit.... und nix geht mehr, auch kein Taskmanager.

Ich konnte mir nach dem stöbern in eurem Forum eine Boot-CD erstellen und Reatogo-x-pe starten. OTLPE-Scan ist durchgeführt, die OTL.txt hat es auch erstellt.

Code:
ATTFilter
OTL logfile created on: 1/25/2013 10:59:07 PM - Run 
OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE
Windows Vista (TM) Home Premium Service Pack 2 (Version = 6.0.6002) - Type = System
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 87.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 116.44 Gb Total Space | 35.66 Gb Free Space | 30.62% Space Free | Partition Type: NTFS
Drive D: | 116.44 Gb Total Space | 116.35 Gb Free Space | 99.92% Space Free | Partition Type: NTFS
Drive E: | 106.68 Gb Total Space | 55.96 Gb Free Space | 52.46% Space Free | Partition Type: NTFS
Drive F: | 116.44 Gb Total Space | 72.98 Gb Free Space | 62.67% Space Free | Partition Type: NTFS
Drive G: | 1.90 Gb Total Space | 1.86 Gb Free Space | 98.00% Space Free | Partition Type: FAT
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Auto] --  -- (RoxLiveShare9)
SRV - [2013/01/25 10:27:07 | 000,161,792 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Users\Bastl\AppData\Local\Temp\j2hXyhl.exe -- (Winmgmt)
SRV - [2013/01/22 16:39:10 | 000,945,328 | ---- | M] () [Auto] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.0.1\ToolbarUpdater.exe -- (vToolbarUpdater14.0.1)
SRV - [2013/01/09 12:41:44 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/01/04 14:43:42 | 000,085,280 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013/01/04 14:43:08 | 000,565,024 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)
SRV - [2013/01/04 14:42:59 | 000,400,160 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService)
SRV - [2013/01/04 14:42:58 | 000,109,344 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012/12/18 09:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2008/08/13 23:59:52 | 000,100,920 | ---- | M] () [Auto] -- C:\Program Files\ASUS\ATK Hotkey\AsLdrSrv.exe -- (ASLDRService)
SRV - [2008/07/10 11:26:36 | 000,025,824 | ---- | M] (Memeo) [Auto] -- C:\Program Files\WD\WD Anywhere Backup\MemeoBackgroundService.exe -- (MemeoBackgroundService)
SRV - [2008/03/17 23:27:11 | 000,013,312 | ---- | M] (Agere Systems) [Auto] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2008/01/20 21:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/08/08 03:08:40 | 000,094,208 | ---- | M] () [Auto] -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2007/08/03 15:24:54 | 000,125,496 | ---- | M] () [Auto] -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe -- (spmgr)
SRV - [2007/05/18 05:31:16 | 000,073,728 | ---- | M] () [Auto] -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe -- (ADSMService)
SRV - [2006/04/17 23:00:00 | 000,102,400 | ---- | M] (SEIKO EPSON CORPORATION) [Auto] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S30RP1.EXE -- (EPSON_PM_RPCV4_01) EPSON V3 Service4(01)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand] --  -- (RimUsb)
DRV - File not found [Kernel | On_Demand] --  -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand] --  -- (NwlnkFlt)
DRV - File not found [Kernel | Auto] --  -- (npf)
DRV - File not found [Kernel | On_Demand] --  -- (Ndisrd)
DRV - File not found [Kernel | On_Demand] --  -- (IpInIp)
DRV - [2013/01/22 16:39:11 | 000,031,576 | ---- | M] (AVG Technologies) [Kernel | System] -- C:\Windows\System32\drivers\avgtpx86.sys -- (avgtp)
DRV - [2013/01/04 14:44:05 | 000,134,336 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2013/01/04 14:44:05 | 000,036,552 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2013/01/04 14:44:05 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2013/01/04 14:44:04 | 000,083,944 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011/07/13 07:39:10 | 000,056,496 | ---- | M] (Nero AG) [Kernel | Boot] -- C:\Windows\System32\drivers\NBVol.sys -- (NBVol)
DRV - [2011/07/13 07:39:10 | 000,012,464 | ---- | M] (Nero AG) [Kernel | Boot] -- C:\Windows\System32\drivers\NBVolUp.sys -- (NBVolUp)
DRV - [2009/07/01 17:59:00 | 009,786,752 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/09/05 15:20:19 | 000,045,600 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2008/08/28 10:48:45 | 003,664,384 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel(R)
DRV - [2008/06/24 18:55:12 | 000,047,104 | ---- | M] (REDC) [Kernel | Auto] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2008/06/09 03:45:07 | 001,748,352 | ---- | M] () [Kernel | On_Demand] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV - [2008/06/03 01:41:51 | 000,015,928 | ---- | M] ( ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\kbfiltr.sys -- (kbfiltr)
DRV - [2008/05/29 13:21:04 | 000,015,416 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [File_System | Boot] -- C:\Windows\System32\drivers\lullaby.sys -- (lullaby)
DRV - [2008/05/02 00:59:39 | 000,122,368 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008/03/20 23:12:59 | 001,203,776 | ---- | M] (Agere Systems) [Kernel | On_Demand] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2008/01/20 21:23:21 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2008/01/18 09:16:28 | 000,100,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\a016obex.sys -- (a016obex)
DRV - [2008/01/18 09:16:26 | 000,110,504 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\a016mdm.sys -- (a016mdm)
DRV - [2008/01/18 09:16:26 | 000,104,488 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\a016mgmt.sys -- (a016mgmt) Sony Ericsson Device A016 USB WMC Device Management Drivers (WDM)
DRV - [2008/01/18 09:16:24 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\a016mdfl.sys -- (a016mdfl)
DRV - [2008/01/18 09:16:22 | 000,083,880 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\a016bus.sys -- (a016bus) Sony Ericsson Device A016 driver (WDM)
DRV - [2007/08/10 23:19:26 | 000,029,752 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [File_System | Boot] -- C:\Windows\System32\drivers\AsDsm.sys -- (AsDsm)
DRV - [2007/08/02 23:26:21 | 000,020,936 | ---- | M] () [Kernel | Auto] -- C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys -- (ghaio)
DRV - [2007/07/30 14:54:02 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/07/30 13:42:58 | 000,043,008 | ---- | M] (REDC) [Kernel | Auto] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007/07/24 14:09:04 | 000,013,880 | ---- | M] () [Kernel | Auto] -- C:\Program Files\ATKGFNEX\ASMMAP.sys -- (ASMMAP)
DRV - [2006/12/14 02:11:57 | 000,007,680 | ---- | M] (ATK0100) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ATKACPI.sys -- (MTsensor)
DRV - [2006/11/02 02:41:49 | 001,010,560 | ---- | M] (Motorola Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS
IE - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=stonicde&s={searchTerms}&f=4
IE - HKLM\..\URLSearchHook: {a51a36e6-31e7-4838-9ff7-76298b527ec0} - C:\Program Files\softonic-Germany\tbsoft.dll (Conduit Ltd.)
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\Bastl_ON_C\Software\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\Bastl\Desktop
IE - HKU\Bastl_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS
IE - HKU\Bastl_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKU\Bastl_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\Bastl_ON_C\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\Bastl_ON_C\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKU\Bastl_ON_C\..\URLSearchHook: {a51a36e6-31e7-4838-9ff7-76298b527ec0} - C:\Program Files\softonic-Germany\tbsoft.dll (Conduit Ltd.)
IE - HKU\Bastl_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Bastl_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
 
 
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\14.0.1\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0:  File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\System32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.4.53: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.4.53: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.4.53: C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2011/04/21 15:54:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\virtualKeyboard@kaspersky.ru
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\KavAntiBanner@kaspersky.ru
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\linkfilter@kaspersky.ru
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/07/14 02:56:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/06/16 09:49:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\FireFoxExt\14.0.2.14 [2013/01/22 16:39:42 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/07/14 02:56:03 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}: C:\Program Files\PriceGong\2.5.3\FF [2011/12/01 16:07:38 | 000,000,000 | ---D | M]
 
[2010/09/28 11:14:06 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrchstonicde.xml
 
O1 HOSTS File: ([2006/09/18 16:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Shopping Assistant Plugin) - {1631550F-191D-4826-B069-D9439253D926} - C:\Program Files\PriceGong\2.5.3\PriceGongIE.dll (PriceGong)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Fast Search) - {5AB7104A-B71F-49AD-9154-F7F8806AE848} - C:\Program Files\Surf Canyon\surfcanyon.dll (Surf Canyon Incorporated)
O2 - BHO: (CescrtHlpr Object) - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Program Files\facemoods.com\facemoods\1.4.17.3\bh\facemoods.dll (facemoods.com BHO)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\14.0.2.14\AVG Secure Search_toolbar.dll ()
O2 - BHO: (softonic-Germany Toolbar) - {a51a36e6-31e7-4838-9ff7-76298b527ec0} - C:\Program Files\softonic-Germany\tbsoft.dll (Conduit Ltd.)
O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo Layers Runtime\YontooIEClient.dll (Yontoo LLC)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\14.0.2.14\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (softonic-Germany Toolbar) - {a51a36e6-31e7-4838-9ff7-76298b527ec0} - C:\Program Files\softonic-Germany\tbsoft.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (facemoods Toolbar) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Program Files\facemoods.com\facemoods\1.4.17.3\facemoodsTlbr.dll (facemoods.com)
O3 - HKU\Bastl_ON_C\..\Toolbar\WebBrowser: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKU\Bastl_ON_C\..\Toolbar\WebBrowser: (softonic-Germany Toolbar) - {A51A36E6-31E7-4838-9FF7-76298B527EC0} - C:\Program Files\softonic-Germany\tbsoft.dll (Conduit Ltd.)
O3 - HKU\Bastl_ON_C\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ASUS Camera ScreenSaver] C:\Windows\AsScrProlog.exe ()
O4 - HKLM..\Run: [ASUS Screen Saver Protector] C:\Windows\AsScrPro.exe (ASUS)
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMedia.exe ()
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe (ASUS)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [facemoods] C:\Program Files\facemoods.com\facemoods\1.4.17.3\facemoodssrv.exe (facemoods.com)
O4 - HKLM..\Run: [Google Quick Search Box] C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe (Google Inc.)
O4 - HKLM..\Run: [HControlUser] C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe (ASUS)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [P2Go_Menu] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [USB Storage Toolbox] C:\Program Files\USB Disk Win98 Driver\Res.exe (ali)
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\Bastl_ON_C..\Run: [EPSON Stylus D92 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIBZE.EXE (SEIKO EPSON CORPORATION)
O4 - HKU\Bastl_ON_C..\Run: [LightScribe Control Panel]  File not found
O4 - HKU\LocalService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\NetworkService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - Startup: C:\Users\Bastl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk = X:\I386\SYSTEM32\RUNDLL32.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000044 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O13 - gopher Prefix: missing
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.9.2)
O16 - DPF: {B07F54E6-0806-47DB-B5D8-398F240776F2} file:///E:/viewer/ORDcmViewCD.ocx (ORDcmViewCD Control)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.9.2)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.8.253.1
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\14.0.1\ViProtocol.dll ()
O20 - AppInit_DLLs: (C:\PROGRA~1\GOOGLE\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: 
O24 - Desktop BackupWallPaper: 
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{52269df2-09cf-11de-81bc-002354972c6f}\Shell - "" = AutoRun
O33 - MountPoints2\{52269df2-09cf-11de-81bc-002354972c6f}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
O33 - MountPoints2\{643f472c-8fde-11df-aa0c-002243c57d09}\Shell - "" = AutoRun
O33 - MountPoints2\{643f472c-8fde-11df-aa0c-002243c57d09}\Shell\AutoRun\command - "" = "I:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\{d8fd5a59-24ee-11de-ae58-002354972c6f}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe ERIC-PC.vbs
O33 - MountPoints2\{efbc0ca3-48f4-11de-92b5-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{efbc0ca3-48f4-11de-92b5-806e6f6e6963}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O33 - MountPoints2\J\Shell - "" = AutoRun
O33 - MountPoints2\J\Shell\AutoRun\command - "" = J:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/01/23 18:44:00 | 000,000,000 | ---D | C] -- C:\Users\Bastl\Desktop\Musik 96. Fasching
[2013/01/22 16:41:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\aTube Catcher
[2013/01/09 16:53:16 | 002,048,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013/01/09 16:52:37 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
[2013/01/04 14:57:09 | 000,000,000 | --SD | C] -- C:\Users\Bastl\Documents\Passwords Database
[2013/01/04 14:50:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2013/01/04 14:49:54 | 000,000,000 | ---D | C] -- C:\Users\Bastl\AppData\Local\AskToolbar
[2013/01/04 14:49:27 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com
[2013/01/04 14:49:14 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2013/01/04 14:49:13 | 000,134,336 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys
[2013/01/04 14:49:13 | 000,036,552 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys
[2013/01/04 14:49:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2013/01/04 14:49:12 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2008/06/03 01:41:51 | 000,015,928 | ---- | C] ( ) -- C:\Windows\System32\drivers\kbfiltr.sys
 
========== Files - Modified Within 30 Days ==========
 
[2013/01/25 15:19:38 | 095,023,320 | ---- | M] () -- C:\ProgramData\lhyXh2j.pad
[2013/01/25 15:19:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/01/25 15:17:37 | 000,441,444 | ---- | M] () -- C:\ProgramData\nvModes.001
[2013/01/25 15:14:41 | 000,441,444 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2013/01/25 15:14:16 | 000,000,376 | ---- | M] () -- C:\Windows\tasks\RNUpgradeHelperLogonPrompt_Bastl.job
[2013/01/25 15:14:15 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/01/25 15:14:14 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\ROC_JAN2013_TB_rmv.job
[2013/01/25 15:14:09 | 000,000,386 | ---- | M] () -- C:\Windows\tasks\Final Media Player Update Checker.job
[2013/01/25 15:14:06 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/01/25 15:14:06 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/01/25 10:27:11 | 000,003,201 | ---- | M] () -- C:\ProgramData\lhyXh2j.js
[2013/01/25 10:27:11 | 000,000,917 | ---- | M] () -- C:\Users\Bastl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk
[2013/01/25 10:20:52 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/01/25 10:18:04 | 000,045,056 | ---- | M] () -- C:\Windows\System32\acovcnt.exe
[2013/01/24 18:27:40 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2013/01/24 17:44:03 | 000,000,366 | ---- | M] () -- C:\Windows\tasks\ReclaimerUpdateXML_Bastl.job
[2013/01/24 17:41:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/01/22 17:14:37 | 008,752,728 | ---- | M] () -- C:\Users\Bastl\Desktop\Flo Rida   I Cry [Official Video].mp3
[2013/01/22 16:47:21 | 008,206,488 | ---- | M] () -- C:\Users\Bastl\Desktop\Linkin Park   Castle Of Glass [LyricsHD].mp3
[2013/01/22 16:41:55 | 000,000,986 | ---- | M] () -- C:\Users\Public\Desktop\aTube Catcher.lnk
[2013/01/22 16:41:40 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\aTube Catcher
[2013/01/22 16:39:11 | 000,031,576 | ---- | M] (AVG Technologies) -- C:\Windows\System32\drivers\avgtpx86.sys
[2013/01/22 14:41:27 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\ReclaimerUpdateFiles_Bastl.job
[2013/01/16 17:48:41 | 000,000,680 | ---- | M] () -- C:\Users\Bastl\AppData\Local\d3d9caps.dat
[2013/01/15 16:25:01 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013/01/13 18:16:29 | 000,134,656 | ---- | M] () -- C:\Users\Bastl\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/01/13 18:16:27 | 434,208,563 | ---- | M] () -- C:\Users\Bastl\Desktop\ARD    DDR vereist   Einsatz an der Winterfront.wmv
[2013/01/11 17:38:44 | 000,002,425 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2013/01/10 17:32:32 | 000,446,480 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/01/09 18:25:16 | 000,679,210 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013/01/09 18:25:16 | 000,645,858 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/01/09 18:25:16 | 000,122,866 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/01/09 18:25:15 | 000,145,416 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013/01/09 12:41:44 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013/01/09 12:41:44 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013/01/04 14:50:14 | 000,001,854 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2013/01/04 14:50:14 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2013/01/04 14:44:05 | 000,134,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys
[2013/01/04 14:44:05 | 000,036,552 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys
[2013/01/04 14:44:05 | 000,028,520 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2013/01/04 14:44:04 | 000,083,944 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys
 
========== Files Created - No Company Name ==========
 
[2013/01/25 10:27:11 | 000,003,201 | ---- | C] () -- C:\ProgramData\lhyXh2j.js
[2013/01/25 10:27:11 | 000,000,917 | ---- | C] () -- C:\Users\Bastl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk
[2013/01/25 10:27:08 | 095,023,320 | ---- | C] () -- C:\ProgramData\lhyXh2j.pad
[2013/01/22 17:08:26 | 008,752,728 | ---- | C] () -- C:\Users\Bastl\Desktop\Flo Rida   I Cry [Official Video].mp3
[2013/01/22 16:47:11 | 008,206,488 | ---- | C] () -- C:\Users\Bastl\Desktop\Linkin Park   Castle Of Glass [LyricsHD].mp3
[2013/01/22 16:41:55 | 000,000,986 | ---- | C] () -- C:\Users\Public\Desktop\aTube Catcher.lnk
[2013/01/22 16:39:41 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\ROC_JAN2013_TB_rmv.job
[2013/01/13 18:11:43 | 434,208,563 | ---- | C] () -- C:\Users\Bastl\Desktop\ARD    DDR vereist   Einsatz an der Winterfront.wmv
[2013/01/11 17:34:51 | 000,000,376 | ---- | C] () -- C:\Windows\tasks\RNUpgradeHelperLogonPrompt_Bastl.job
[2013/01/11 17:34:18 | 000,000,370 | ---- | C] () -- C:\Windows\tasks\ReclaimerUpdateFiles_Bastl.job
[2013/01/11 17:34:15 | 000,000,366 | ---- | C] () -- C:\Windows\tasks\ReclaimerUpdateXML_Bastl.job
[2013/01/04 14:50:14 | 000,001,854 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012/07/29 14:32:43 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll
[2012/04/08 12:20:24 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2012/01/01 16:38:02 | 000,000,062 | ---- | C] () -- C:\Windows\wininit.ini
[2011/08/27 13:38:20 | 000,000,000 | ---- | C] () -- C:\Users\Bastl\AppData\Local\{4E709E28-3B4B-493B-A283-03B4707D21DE}
[2011/07/17 13:48:30 | 000,001,052 | R--- | C] () -- \reatogoMenu.ini
[2011/07/17 13:43:36 | 000,000,000 | R--- | C] () -- \WIN51IP.SP2
[2011/07/17 13:43:36 | 000,000,000 | R--- | C] () -- \WIN51IP
[2011/07/14 02:42:51 | 000,233,509 | ---- | C] () -- C:\Windows\hpoins47.dat
[2011/04/09 07:24:18 | 000,233,398 | ---- | C] () -- C:\Windows\hpoins47.dat.temp
[2011/04/09 07:24:18 | 000,000,574 | ---- | C] () -- C:\Windows\hpomdl47.dat.temp
[2010/09/01 14:44:40 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
[2010/03/31 18:39:01 | 000,000,574 | ---- | C] () -- C:\Windows\hpomdl47.dat
[2009/11/08 14:35:46 | 000,000,680 | ---- | C] () -- C:\Users\Bastl\AppData\Local\d3d9caps.dat
[2009/10/21 02:10:40 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/10/21 02:10:40 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/06/07 06:27:20 | 000,073,728 | ---- | C] () -- C:\Windows\System32\vbzlib1.dll
[2009/05/09 12:52:55 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2009/05/09 12:52:55 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2009/05/09 12:52:55 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2009/05/09 12:52:55 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2009/05/09 12:52:55 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2009/05/09 12:52:55 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2009/05/09 12:52:55 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2009/05/09 12:52:55 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2009/05/09 12:52:55 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2009/05/09 12:52:55 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat
[2009/05/09 12:52:55 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2009/05/09 12:52:55 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2009/05/09 12:52:55 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2009/05/09 12:52:55 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2009/05/09 12:52:55 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2009/05/09 12:52:55 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat
[2009/05/09 12:52:55 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat
[2009/05/09 12:52:55 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2009/05/09 12:52:55 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2009/05/09 12:51:49 | 000,065,793 | ---- | C] () -- C:\Windows\System32\esfw7a.bin
[2009/05/09 12:51:39 | 000,000,027 | ---- | C] () -- C:\Windows\CDE V200DEFGIPSRUk.ini
[2008/12/28 11:48:02 | 000,134,656 | ---- | C] () -- C:\Users\Bastl\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/12/26 06:18:46 | 000,441,444 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2008/12/26 06:18:46 | 000,441,444 | ---- | C] () -- C:\ProgramData\nvModes.001
[2008/11/27 21:48:42 | 000,045,056 | ---- | C] () -- C:\Windows\System32\acovcnt.exe
[2008/11/27 21:40:49 | 000,047,672 | ---- | C] () -- C:\Windows\AsScrProlog.exe
[2008/11/27 20:07:20 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/11/27 19:21:46 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2008/08/08 17:48:20 | 000,090,112 | ---- | C] () -- C:\Program Files\Common Files\CPInstallAction.dll
[2008/07/29 20:33:22 | 000,057,344 | ---- | C] () -- C:\Windows\System32\BtwNamespaceExt2.dll
[2008/06/09 03:45:07 | 001,748,352 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys
[2008/05/22 12:35:54 | 000,051,962 | ---- | C] () -- C:\Program Files\Common Files\banner.jpg
[2008/05/11 22:20:31 | 000,028,672 | ---- | C] () -- C:\Windows\System32\drivers\sncduvc.sys
[2008/04/16 06:11:34 | 000,679,210 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008/04/16 06:11:34 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008/04/16 06:11:34 | 000,145,416 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008/04/16 06:11:34 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2008/04/16 05:43:39 | 000,000,010 | ---- | C] () -- C:\Windows\System32\ABLKSR.ini
[2007/04/16 06:24:16 | 000,023,752 | ---- | C] () -- C:\Windows\System32\providers.bin
[2006/11/02 07:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:47:37 | 000,446,480 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:33:01 | 000,645,858 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 05:33:01 | 000,122,866 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/03/24 06:06:41 | 000,000,053 | R--- | C] () -- \AUTORUN.INF
[2006/03/08 20:57:59 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2005/07/16 16:36:50 | 000,240,128 | R--- | C] () -- \reatogoMenu.exe
[2001/11/14 16:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll
 
========== LOP Check ==========
 
[2011/07/17 13:50:33 | 000,000,000 | R--D | M] -- \I386
[2011/07/17 13:43:48 | 000,000,000 | R--D | M] -- \PROGRAMS
[2011/07/17 13:49:08 | 000,000,000 | R--D | M] -- \SFX
[2012/12/16 18:41:30 | 000,000,000 | ---D | M] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2006/11/02 08:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data
[2012/08/07 14:29:02 | 000,000,000 | ---D | M] -- C:\ProgramData\Ask
[2009/01/12 16:16:02 | 000,000,000 | ---D | M] -- C:\ProgramData\ASUS
[2009/11/26 18:17:48 | 000,000,000 | ---D | M] -- C:\ProgramData\Autodesk
[2012/11/08 13:33:10 | 000,000,000 | ---D | M] -- C:\ProgramData\AVG Secure Search
[2012/04/07 15:02:52 | 000,000,000 | ---D | M] -- C:\ProgramData\Babylon
[2012/10/03 06:34:20 | 000,000,000 | -H-D | M] -- C:\ProgramData\Common Files
[2006/11/02 08:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
[2011/01/16 09:01:26 | 000,000,000 | ---D | M] -- C:\ProgramData\DMU
[2006/11/02 08:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents
[2009/05/12 14:50:04 | 000,000,000 | ---D | M] -- C:\ProgramData\EPSON
[2006/11/02 08:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites
[2011/11/16 12:52:17 | 000,000,000 | ---D | M] -- C:\ProgramData\LightScribe
[2009/01/20 06:04:04 | 000,000,000 | ---D | M] -- C:\ProgramData\Lodgit
[2009/06/18 13:03:36 | 000,000,000 | ---D | M] -- C:\ProgramData\MemeoCommon
[2008/11/27 21:40:30 | 000,000,000 | ---D | M] -- C:\ProgramData\P4G
[2011/12/18 10:53:45 | 000,000,000 | ---D | M] -- C:\ProgramData\Sony
[2006/11/02 08:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu
[2011/11/16 16:22:20 | 000,000,000 | ---D | M] -- C:\ProgramData\Tarma Installer
[2008/11/27 19:43:39 | 000,000,000 | ---D | M] -- C:\ProgramData\Temp
[2006/11/02 08:02:04 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates
[2011/12/18 13:33:35 | 000,000,000 | ---D | M] -- C:\ProgramData\TuneUpMedia
[2009/04/14 14:46:03 | 000,000,000 | --SD | M] -- C:\ProgramData\WD
[2008/12/27 12:30:09 | 000,000,000 | ---D | M] -- C:\ProgramData\WindowsSearch
[2011/07/19 11:41:03 | 000,000,000 | ---D | M] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2008/11/27 19:37:01 | 000,000,000 | ---D | M] -- C:\ProgramData\{623D32E9-0C62-4453-AD44-98B31F52A5E1}
[2013/01/25 15:14:09 | 000,000,386 | ---- | M] () -- C:\Windows\Tasks\Final Media Player Update Checker.job
[2013/01/22 14:41:27 | 000,000,370 | ---- | M] () -- C:\Windows\Tasks\ReclaimerUpdateFiles_Bastl.job
[2013/01/24 17:44:03 | 000,000,366 | ---- | M] () -- C:\Windows\Tasks\ReclaimerUpdateXML_Bastl.job
[2013/01/25 15:14:16 | 000,000,376 | ---- | M] () -- C:\Windows\Tasks\RNUpgradeHelperLogonPrompt_Bastl.job
[2013/01/25 15:14:14 | 000,000,342 | ---- | M] () -- C:\Windows\Tasks\ROC_JAN2013_TB_rmv.job
[2013/01/24 18:27:41 | 000,032,530 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
< End of report >
Ich hoffe ihr könnt mir helfen und bedanke mich schon mal im Voraus! Danke

 

Themen zu GVU Trojaner Laptop gesperrt
adware.yontoo, antivir, avg, avg secure search, avg security toolbar, avira searchfree toolbar, bho, bildschirm, browser, defender, desktop, error, firefox, flash player, format, hacktool.hiderun, helper, home, logfile, object, plug-in, pup.spyware.marketscore, realtek, registry, secure search, security, software, tarma, trojaner, vista, vtoolbarupdater, wscript.exe


« T-mobile mms mit Anhang foto_{symbol}.zip | GVU Trojaner - abgesicherter Modus nicht möglich - OTL Ergebnis vorhanden »


Ähnliche Themen: GVU Trojaner Laptop gesperrt


  1. GVU Trojaner - Start im abgesicherten Modus wird herunter gefahren - Laptop wird sofort gesperrt
    Log-Analyse und Auswertung - 20.07.2015 (13)
  2. Laptop von Brd Virus gesperrt
    Alles rund um Windows - 19.11.2014 (2)
  3. Windows XP Laptop gesperrt durch BKA Trojaner/ startet im abgesicherten Modus von alleine neu!
    Log-Analyse und Auswertung - 28.03.2014 (7)
  4. laptop gesperrt von Polizei
    Plagegeister aller Art und deren Bekämpfung - 05.09.2013 (5)
  5. laptop gesperrt von Polizei
    Mülltonne - 29.08.2013 (3)
  6. Laptop von BSI /GVU gesperrt
    Plagegeister aller Art und deren Bekämpfung - 28.07.2013 (1)
  7. GVU Trojaner... gesperrt auch im abgesichertem modus auf einen laptop
    Plagegeister aller Art und deren Bekämpfung - 28.02.2013 (11)
  8. vermeintlicher GVU-Trojaner, Laptop gesperrt, 100€ innerhalb von 48
    Plagegeister aller Art und deren Bekämpfung - 24.02.2013 (6)
  9. GVU-Trojaner, Laptop gesperrt bis ich 100€ zahle
    Plagegeister aller Art und deren Bekämpfung - 03.12.2012 (13)
  10. AKM Trojaner 100€; Laptop komplett gesperrt
    Plagegeister aller Art und deren Bekämpfung - 21.11.2012 (2)
  11. GVU Trojaner hat nun auch meinen Laptop gesperrt
    Plagegeister aller Art und deren Bekämpfung - 13.10.2012 (5)
  12. laptop gesperrt
    Log-Analyse und Auswertung - 06.10.2012 (14)
  13. GVU Trojaner - Laptop gesperrt
    Plagegeister aller Art und deren Bekämpfung - 11.09.2012 (16)
  14. BKA Trojaner auf meinem Laptop "Ihr Computer wurde gesperrt" Benötige Hilfe
    Plagegeister aller Art und deren Bekämpfung - 20.07.2012 (10)
  15. Laptop gesperrt, durch Trojaner im EmailAnhang
    Plagegeister aller Art und deren Bekämpfung - 17.05.2012 (1)
  16. AKM Virus, Laptop gesperrt
    Log-Analyse und Auswertung - 05.03.2012 (1)
  17. Laptop gesperrt durch Virus gesperrt. Zahlung von 50 Euro etc.
    Plagegeister aller Art und deren Bekämpfung - 17.12.2011 (7)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema GVU Trojaner Laptop gesperrt - Hallo liebes TB Team bei mir hat ebenfalls der GVU Trojaner zugeschlagen. :-( Wenn ich meinen Laptop - ASUS pro 72series Winows Vista - starte erscheint kurz der normale Dektop - GVU Trojaner Laptop gesperrt...
Archiv
Du betrachtest: GVU Trojaner Laptop gesperrt auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131