Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
GVU Trojaner (abgesicherter modus geht nicht)

GVU Trojaner (abgesicherter modus geht nicht)


Plagegeister aller Art und deren Bekämpfung: GVU Trojaner (abgesicherter modus geht nicht)

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Seite 1 von 3 1 23
Alt 11.06.2013, 15:19   #1
zucker87
 
GVU Trojaner (abgesicherter modus geht nicht) - Standard

GVU Trojaner (abgesicherter modus geht nicht)


Hallo, habe gestern abend den gvu trojaner auf meinen pc bekommen...
laut dem yt video "GVU Trojaner Virus und BKA Trojaner entfernen 2013 ( Ohne Abgesicherten Modus )" von alex klen muss ich windows komplett platt machen um den rechner wieder frei zu bekommen, stimmt das?

abgesicherter modus nicht möglich,nach dem anmelden wird der rechner sofort wieder neu gestartet ._.

windows 7 64 bit

hilfe wäre ganz toll

liebe grüße

Alt 11.06.2013, 15:24   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
GVU Trojaner (abgesicherter modus geht nicht) - Standard

GVU Trojaner (abgesicherter modus geht nicht)


hi,

Mit einem sauberen 2. Rechner eine OTLPE-CD erstellen und den infizierten Rechner dann von dieser CD booten:

Falls Du kein Brennprogramm installiert hast, lade dir bitte ISOBurner herunter. Das Programm wird Dir erlauben, OTLPE auf eine CD zu brennen und sie bootfähig zu machen. Du brauchst das Tool nur zu installieren, der Rest läuft automatisch => Wie brenne ich eine ISO Datei auf CD/DVD.


Lade OTLpe Download OTLPENet.exe von OldTimer herunter und speichere sie auf Deinem Desktop. Anmerkung: Die Datei ist ca. 120 MB groß und es wird bei langsamer Internet-Verbindung ein wenig dauern, bis Du sie runtergeladen hast.
  • Wenn der Download fertig ist, mache einen Doppelklick auf die Datei und beantworte die Frage "Do you want to burn the CD?" mit Yes.
  • Lege eine leere CD in Deinen Brenner.
  • ImgBurn (oder Dein Brennprogramm) wird das Archiv extrahieren und OTLPE Network auf die CD brennen.
  • Wenn der Brenn-Vorgang abgeschlossen ist, wirst Du eine Dialogbox sehen => "Operation successfully completed".
  • Du kannst nun die Fenster des Brennprogramms schließen.
Nun boote von der OTLPE CD. Hinweis: Wie boote ich von CD


Bebilderte Anleitung: OTLpe-Scan
  • Dein System sollte nach einigen Minuten den REATOGO-X-PE Desktop anzeigen.
  • Mache einen Doppelklick auf das OTLPE Icon.
  • Hinweis: Damit OTLPE auch das richtige installierte Windows scant, musst du den Windows-Ordner des auf der Platte installierten Windows auswählen, einfach nur C: auswählen gibt einen Fehler!
  • Wenn Du gefragt wirst "Do you wish to load the remote registry", dann wähle Yes.
  • Wenn Du gefragt wirst "Do you wish to load remote user profile(s) for scanning", dann wähle Yes.
  • Vergewissere Dich, dass die Box "Automatically Load All Remaining Users" gewählt ist und drücke OK.
  • OTLpe sollte nun starten.
  • Drücke Run Scan, um den Scan zu starten.
  • Wenn der Scan fertig ist, werden die Dateien C:\OTL.Txt und C:\Extras.Txt erstellt
  • Kopiere diese Datei auf Deinen USB-Stick, wenn Du keine Internetverbindung auf diesem System hast.
  • Bitte poste den Inhalt von C:\OTL.txt und Extras.txt.
__________________

__________________
Alt 11.06.2013, 15:38   #3
zucker87
 
GVU Trojaner (abgesicherter modus geht nicht) - Standard

GVU Trojaner (abgesicherter modus geht nicht)


danke für die schnelle antwort dann mach ich mich mal auf den weg zu einem bekannten... denn das laufwerk meines lappys ist leider kaputt ._. bis später!
__________________
Alt 11.06.2013, 15:40   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
GVU Trojaner (abgesicherter modus geht nicht) - Standard

GVU Trojaner (abgesicherter modus geht nicht)


Ok, aber eine Bitte: lass solche Zwischenrufe, poste nur wenn es Probleme gibt oder wenn du die Logs hast (diese dann auch posten in CODE-Tags)
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 11.06.2013, 15:50   #5
zucker87
 
GVU Trojaner (abgesicherter modus geht nicht) - Standard

GVU Trojaner (abgesicherter modus geht nicht)


nachtrag: gibt es eine möglichkeit von einer externen festplatte zu booten? die hab ich noch unverpackt hier rum liegen


Alt 11.06.2013, 16:02   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
GVU Trojaner (abgesicherter modus geht nicht) - Standard

GVU Trojaner (abgesicherter modus geht nicht)


nein, wie soll das gehen?
Windows kann man so auch nicht auf eine externe Platte installieren
__________________
--> GVU Trojaner (abgesicherter modus geht nicht)

Alt 11.06.2013, 20:15   #7
zucker87
 
GVU Trojaner (abgesicherter modus geht nicht) - Standard

GVU Trojaner (abgesicherter modus geht nicht)


Deleted

Code:
ATTFilter
OTL logfile created on: 6/11/2013 10:23:11 PM - Run 
OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE
64bit-Windows 7 Professional Service Pack 1 (Version = 6.1.7601) - Type = System
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 91.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = D: | %SystemRoot% = D:\Windows | %ProgramFiles% = D:\Program Files (x86)
Drive C: | 100.00 Mb Total Space | 75.86 Mb Free Space | 75.87% Space Free | Partition Type: NTFS
Drive D: | 195.21 Gb Total Space | 24.60 Gb Free Space | 12.60% Space Free | Partition Type: NTFS
Drive E: | 270.45 Gb Total Space | 264.17 Gb Free Space | 97.68% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2010/09/28 21:51:08 | 000,203,264 | ---- | M] (AMD) [Auto] -- D:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Windows\System32\appmgmts.dll -- (AppMgmt)
SRV - [2013/05/14 18:19:10 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- D:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/05/13 07:56:02 | 002,245,232 | ---- | M] (Giraffic) [Auto] -- D:\Program Files (x86)\Giraffic\Veoh_GirafficWatchdog.exe -- (Giraffic)
SRV - [2013/03/15 12:29:10 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand] -- D:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013/02/28 12:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto] -- D:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/02/05 11:48:00 | 000,235,216 | ---- | M] (McAfee, Inc.) [On_Demand] -- D:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe -- (McComponentHostService)
SRV - [2013/01/04 13:01:47 | 002,554,472 | ---- | M] () [Auto] -- D:\ProgramData\BrowserProtect\2.6.1070.41\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe -- (BrowserProtect)
SRV - [2012/10/02 07:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto] -- D:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012/07/25 14:44:26 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand] -- D:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2012/04/25 13:53:38 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) [Auto] -- D:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe -- (KSS)
SRV - [2012/01/18 00:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto] -- D:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2011/08/12 18:25:29 | 000,269,480 | ---- | M] (Avira GmbH) [Auto] -- D:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/04/21 01:53:48 | 000,136,360 | ---- | M] (Avira GmbH) [Auto] -- D:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010/10/21 21:00:00 | 000,376,832 | ---- | M] (AVM Berlin) [Auto] -- D:\Program Files (x86)\avmwlanstick\WLanNetService.exe -- (AVM WLAN Connection Service)
SRV - [2010/03/18 08:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto] -- D:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled] -- D:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012/12/13 07:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/01/18 00:44:36 | 004,865,568 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\lvuvc64.sys -- (LVUVC64) Logitech Webcam C210(UVC)
DRV:64bit: - [2012/01/18 00:44:28 | 000,351,136 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2011/08/12 18:25:30 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System] -- D:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011/08/12 18:25:30 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto] -- D:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011/05/10 02:06:14 | 000,022,528 | ---- | M] (Apple Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\netaapl64.sys -- (Netaapl)
DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/10/21 21:00:00 | 000,460,800 | ---- | M] (AVM GmbH) [Kernel | On_Demand] -- D:\Windows\System32\drivers\fwlanusb.sys -- (FWLANUSB)
DRV:64bit: - [2010/10/21 21:00:00 | 000,014,120 | ---- | M] (AVM Berlin) [Kernel | On_Demand] -- D:\Windows\System32\drivers\avmeject.sys -- (avmeject)
DRV:64bit: - [2010/09/28 22:26:12 | 007,883,264 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/09/28 21:14:48 | 000,285,696 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/08/16 06:42:00 | 000,116,240 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2010/07/28 00:01:42 | 001,918,976 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\athurx.sys -- (athur)
DRV:64bit: - [2009/06/19 22:09:57 | 001,394,688 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/06/10 16:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand] -- D:\Windows\System32\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 16:35:42 | 000,187,392 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand] -- D:\Windows\System32\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2008/07/26 09:26:34 | 000,050,072 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\LVUSBS64.sys -- (LVUSBS64)
DRV:64bit: - [2008/07/26 09:22:34 | 002,624,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\LV302V64.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI)
DRV:64bit: - [2008/07/26 09:22:22 | 000,015,768 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\lv302a64.sys -- (lvpepf64)
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\annagy_ON_D\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://www.claro-search.com/?affID=116143&tt=0313_4&babsrc=HP_clro&mntrId=405aa4b5000000000000000d8881716e
IE - HKU\annagy_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.iminent.com/?appid=337a2d17-45a2-4e94-97c9-4bfcfbbd3bf8
IE - HKU\annagy_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\annagy_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\annagy_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B4 4C A0 C4 66 1C CC 01  [binary data]
IE - HKU\annagy_ON_D\..\URLSearchHook: {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - Reg Error: Key error. File not found
IE - HKU\annagy_ON_D\..\URLSearchHook: {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - Reg Error: Key error. File not found
IE - HKU\annagy_ON_D\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\annagy_ON_D\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: D:\Windows\System32\Macromed\Flash\NPSWF64_11_7_700_202.dll ()
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: D:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: D:\Program Files\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer: D:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=:  
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: D:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@divx.com/DivX OVS Helper,version=1.0.0: D:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin: D:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: D:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMSS.dll (McAfee, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: D:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: D:\Program Files (x86)\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: D:\Program Files (x86)\Microsoft Office\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: D:\Users\annagy\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: D:\Users\annagy\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: D:\Users\annagy\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: D:\Users\annagy\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: D:\Users\annagy\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2011/01/29 14:27:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2011/01/29 14:27:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/03/21 12:34:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\webbooster@iminent.com: C:\Program Files (x86)\Iminent\webbooster@iminent.com [2012/09/18 10:05:19 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/03/21 12:34:24 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{58bd07eb-0ee0-4df0-8121-dc9b693373df}: C:\ProgramData\BrowserProtect\2.6.1070.41\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension [2013/01/16 17:06:37 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\specialsavings@vshsolutions.com: C:\Users\annagy\AppData\Roaming\Mozilla\Extensions\specialsavings@vshsolutions.com [2013/01/16 17:06:37 | 000,000,000 | ---D | M]
 
[2013/05/30 15:22:29 | 000,000,000 | ---D | M] (No name found) -- D:\Users\annagy\AppData\Roaming\Mozilla\Extensions
[2013/01/16 17:06:37 | 000,000,000 | ---D | M] (Special Savings) -- D:\Users\annagy\AppData\Roaming\Mozilla\Extensions\specialsavings@vshsolutions.com
[2013/05/30 15:22:28 | 000,000,000 | ---D | M] (No name found) -- D:\Users\annagy\AppData\Roaming\Mozilla\Firefox\Profiles\j77jt8p5.default\extensions
[2013/05/30 15:22:28 | 000,000,000 | ---D | M] (No name found) -- D:\Users\annagy\AppData\Roaming\Mozilla\Firefox\Profiles\j77jt8p5.default\extensions\{C9B68337-E93A-44EA-94DC-CB300EC06444}
[2013/05/30 15:22:31 | 000,000,000 | ---D | M] (No name found) -- D:\Program Files (x86)\Mozilla Firefox\extensions
[2013/04/11 18:52:55 | 000,000,000 | ---D | M] (Skype Click to Call) -- D:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011/06/29 18:21:01 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- D:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2013/01/16 17:06:09 | 000,006,522 | ---- | M] () -- D:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2011/06/07 12:49:49 | 000,002,495 | ---- | M] () -- D:\Program Files (x86)\mozilla firefox\searchplugins\SearchResults.xml
[2012/08/24 09:02:46 | 000,002,157 | ---- | M] () -- D:\Program Files (x86)\mozilla firefox\searchplugins\SearchTheWeb.xml
 
O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - D:\Windows\System32\drivers\etc\hosts
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - D:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2:64bit: - BHO: (UrlHelper Class) - {CFC4F59B-A2DA-4e12-B337-52A4F871E10C} - D:\Program Files (x86)\Shareaza Applications\MediaBar\Datamngr\x64\IEBHO.dll (Discordia, LTD)
O2 - BHO: (Claro LTD Helper Object) - {000F18F2-09EB-4A59-82B2-5AE4184C39C3} - D:\Program Files (x86)\Claro LTD\claro\1.8.8.5\bh\claro.dll (Montera Technologeis LTD)
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - D:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - D:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (TBSB01620 Class) - {58124A0B-DC32-4180-9BFF-E0E21AE34026} - D:\Program Files (x86)\IMinent Toolbar\tbcore3.dll ()
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - D:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (IMinent WebBooster (BHO)) - {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} - D:\Program Files (x86)\Iminent\Iminent.WebBooster.InternetExplorer.dll (Iminent)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - D:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (no name) - {bb184e6d-26d1-461a-9226-b93ca8da2af9} - No CLSID value found.
O2 - BHO: (uTorrentBar_DE Toolbar) - {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - D:\Program Files (x86)\uTorrentBar_DE\prxtbuTo2.dll (Conduit Ltd.)
O2 - BHO: (UrlHelper Class) - {CFC4F59B-A2DA-4e12-B337-52A4F871E10C} - D:\Program Files (x86)\Shareaza Applications\MediaBar\Datamngr\IEBHO.dll (Discordia, LTD)
O2 - BHO: (MediaBar) - {d48c9ead-f59f-4dea-ac97-7065fea79f42} - D:\Program Files (x86)\Shareaza Applications\MediaBar\Datamngr\ToolBar\shdtxmltbpi.dll ()
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (IMinent Toolbar) - {977AE9CC-AF83-45E8-9E03-E2798216E2D5} - D:\Program Files (x86)\IMinent Toolbar\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (Claro LTD Toolbar) - {9E131A93-EED7-4BEB-B015-A0ADB30B5646} - D:\Program Files (x86)\Claro LTD\claro\1.8.8.5\claroTlbr.dll (Montera Technologeis LTD)
O3 - HKLM\..\Toolbar: (uTorrentBar_DE Toolbar) - {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - D:\Program Files (x86)\uTorrentBar_DE\prxtbuTo2.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (MediaBar) - {d48c9ead-f59f-4dea-ac97-7065fea79f42} - D:\Program Files (x86)\Shareaza Applications\MediaBar\Datamngr\ToolBar\shdtxmltbpi.dll ()
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKU\annagy_ON_D\..\Toolbar\WebBrowser: (IMinent Toolbar) - {977AE9CC-AF83-45E8-9E03-E2798216E2D5} - D:\Program Files (x86)\IMinent Toolbar\tbcore3.dll ()
O3 - HKU\annagy_ON_D\..\Toolbar\WebBrowser: (uTorrentBar_DE Toolbar) - {C840E246-6B95-475E-9BD7-CAA1C7ECA9F2} - D:\Program Files (x86)\uTorrentBar_DE\prxtbuTo2.dll (Conduit Ltd.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] D:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] D:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] D:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [AVMWlanClient] D:\Program Files (x86)\avmwlanstick\WLanGUI.exe (AVM Berlin)
O4 - HKLM..\Run: [DATAMNGR] D:\Program Files (x86)\Shareaza Applications\MediaBar\Datamngr\datamngrUI.exe (Discordia, LTD)
O4 - HKLM..\Run: [DivX Download Manager] D:\Program Files (x86)\DivX\DivX Plus Web Player\DDmService.exe (DivX, LLC)
O4 - HKLM..\Run: [DivXUpdate] D:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Iminent] D:\Program Files (x86)\Iminent\Iminent.exe (Iminent)
O4 - HKLM..\Run: [IminentMessenger] D:\Program Files (x86)\Iminent\Iminent.Messengers.exe (Iminent)
O4 - HKLM..\Run: [LWS] D:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [StartCCC] D:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\annagy_ON_D..\Run: [EA Core] D:\Program Files (x86)\Electronic Arts\EADM\Core.exe (Electronic Arts)
O4 - HKU\annagy_ON_D..\Run: [FreeAC] D:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe (Comfort Software Group)
O4 - HKU\annagy_ON_D..\Run: [KSS] D:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe (Kaspersky Lab ZAO)
O4 - HKU\annagy_ON_D..\Run: [Logitech Vid] D:\Program Files (x86)\Logitech\Vid HD\Vid.exe (Logitech Inc.)
O4 - HKU\annagy_ON_D..\Run: [qcgce2mrvjq91kk1e7pnbb19m52fx] D:\Users\annagy\3625145.exe (Adobe Systems Incorporated)
O4 - HKU\annagy_ON_D..\Run: [Steam] D:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O4 - HKU\annagy_ON_D..\Run: [VeohPlugin] D:\Program Files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe (Veoh Networks)
O4 - HKU\LocalService_ON_D..\Run: [Sidebar] D:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_D..\Run: [Sidebar] D:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\RunOnce: [SPReview]  File not found
O4 - HKU\LocalService_ON_D..\RunOnce: [mctadmin]  File not found
O4 - HKU\NetworkService_ON_D..\RunOnce: [mctadmin]  File not found
O4 - Startup: D:\Users\annagy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk ()
O4 - Startup: D:\Users\annagy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - D:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - D:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - D:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - D:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13:64bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - D:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SHAREA~1\MediaBar\Datamngr\x64\datamngr.dll) - D:\Program Files (x86)\Shareaza Applications\MediaBar\Datamngr\x64\datamngr.dll (Discordia, LTD)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SHAREA~1\MediaBar\Datamngr\x64\IEBHO.dll) - D:\Program Files (x86)\Shareaza Applications\MediaBar\Datamngr\x64\IEBHO.dll (Discordia, LTD)
O20 - AppInit_DLLs: (c:\progra~3\browse~1\261070~1.41\{c16c1~1\browse~1.dll) - D:\ProgramData\BrowserProtect\2.6.1070.41\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - D:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - D:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - D:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKU\annagy_ON_D Winlogon: Shell - (cmd.exe) - D:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{06c6c5bb-3c36-11e1-9041-1c6f65893c9c}\Shell - "" = AutoRun
O33 - MountPoints2\{06c6c5bb-3c36-11e1-9041-1c6f65893c9c}\Shell\AutoRun\command - "" = F:\pushinst.exe
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\pushinst.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
64bit: O35 - HKLM\..comfile [open] -- "%1" %* File not found
64bit: O35 - HKLM\..exefile [open] -- "%1" %* File not found
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/06/04 18:07:25 | 000,000,000 | ---D | C] -- D:\Users\annagy\Desktop\Tor Browser
[2013/06/04 18:06:43 | 027,184,454 | ---- | C] (Igor Pavlov) -- D:\Users\annagy\Desktop\tor-browser-2.3.25-8_de.exe
[2013/06/01 07:09:47 | 000,000,000 | ---D | C] -- D:\Users\annagy\Desktop\dominion
[2013/05/15 21:02:03 | 000,096,768 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\mshtmled.dll
[2013/05/15 21:02:02 | 000,073,216 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\mshtmled.dll
[2013/05/15 21:02:01 | 001,494,528 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\inetcpl.cpl
[2013/05/15 21:02:01 | 001,427,968 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\inetcpl.cpl
[2013/05/15 21:02:01 | 000,248,320 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\ieui.dll
[2013/05/15 21:02:01 | 000,237,056 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\url.dll
[2013/05/15 21:02:01 | 000,231,936 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\url.dll
[2013/05/15 21:02:01 | 000,176,640 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\ieui.dll
[2013/05/15 21:02:01 | 000,173,056 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\ieUnatt.exe
[2013/05/15 21:02:01 | 000,142,848 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\ieUnatt.exe
[2013/05/15 21:02:00 | 002,312,704 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\jscript9.dll
[2013/05/15 21:02:00 | 000,729,088 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\msfeeds.dll
[2013/05/15 21:02:00 | 000,607,744 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\msfeeds.dll
[2013/05/15 21:01:59 | 001,800,704 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\jscript9.dll
[2013/05/15 21:01:59 | 000,816,640 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\jscript.dll
[2013/05/15 21:01:59 | 000,717,824 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\jscript.dll
[2013/05/15 21:01:59 | 000,599,040 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\vbscript.dll
[2013/05/15 20:35:16 | 000,265,064 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\drivers\dxgmms1.sys
[2013/05/15 20:35:16 | 000,144,384 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\cdd.dll
[2013/05/15 20:34:43 | 001,930,752 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\authui.dll
[2013/05/15 20:34:43 | 000,197,120 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\shdocvw.dll
[2013/05/15 20:34:42 | 001,796,096 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\authui.dll
[2013/05/15 20:34:42 | 000,111,448 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\consent.exe
[2013/05/15 20:34:36 | 000,048,640 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\wwanprotdim.dll
 
========== Files - Modified Within 30 Days ==========
 
[2013/06/11 14:41:15 | 000,067,584 | --S- | M] () -- D:\Windows\bootstat.dat
[2013/06/11 14:41:12 | 000,196,608 | ---- | M] () -- D:\Windows\System32\Ikeext.etl
[2013/06/11 14:34:39 | 000,001,124 | ---- | M] () -- D:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2634919089-2357390100-837573140-1000UA.job
[2013/06/11 14:34:39 | 000,000,884 | ---- | M] () -- D:\Windows\tasks\Adobe Flash Player Updater.job
[2013/06/10 17:38:49 | 000,014,944 | -H-- | M] () -- D:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/06/10 17:38:49 | 000,014,944 | -H-- | M] () -- D:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/06/10 17:35:41 | 000,668,692 | ---- | M] () -- D:\Windows\System32\perfh007.dat
[2013/06/10 17:35:41 | 000,620,284 | ---- | M] () -- D:\Windows\System32\perfh009.dat
[2013/06/10 17:35:41 | 000,134,540 | ---- | M] () -- D:\Windows\System32\perfc007.dat
[2013/06/10 17:35:41 | 000,110,472 | ---- | M] () -- D:\Windows\System32\perfc009.dat
[2013/06/10 17:30:48 | 3219,300,352 | -HS- | M] () -- D:\hiberfil.sys
[2013/06/10 16:58:19 | 001,084,742 | ---- | M] () -- D:\ProgramData\2433f433
[2013/06/10 16:58:19 | 001,084,717 | ---- | M] () -- D:\Users\annagy\AppData\Local\2433f433
[2013/06/10 16:58:19 | 001,084,700 | ---- | M] () -- D:\Users\annagy\AppData\Roaming\2433f433
[2013/06/10 06:53:02 | 000,001,072 | ---- | M] () -- D:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2634919089-2357390100-837573140-1000Core.job
[2013/06/04 18:07:12 | 027,184,454 | ---- | M] (Igor Pavlov) -- D:\Users\annagy\Desktop\tor-browser-2.3.25-8_de.exe
[2013/06/04 14:51:33 | 000,056,103 | ---- | M] () -- D:\Users\annagy\Documents\ts3_clientui-win64-1361977727-2013-06-04 20_51_30.960417.dmp
[2013/05/31 15:56:53 | 014,943,554 | ---- | M] () -- D:\Users\annagy\Desktop\dominion_20111114.zip
[2013/05/29 20:25:13 | 000,001,340 | ---- | M] () -- D:\Users\annagy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
[2013/05/27 03:21:04 | 002,188,045 | ---- | M] () -- D:\Users\annagy\Desktop\IMG_2170.JPG
[2013/05/27 03:20:06 | 001,569,543 | ---- | M] () -- D:\Users\annagy\Desktop\IMG_2172.JPG
[2013/05/26 13:01:36 | 000,007,010 | ---- | M] () -- D:\Users\annagy\Desktop\032opera.zip
[2013/05/26 10:24:00 | 000,049,469 | ---- | M] () -- D:\Users\annagy\Desktop\DreadSprayVR-r5.zip
[2013/05/15 21:55:51 | 002,340,640 | ---- | M] () -- D:\Windows\System32\FNTCACHE.DAT
[2013/05/14 18:19:10 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- D:\Windows\SysWow64\FlashPlayerApp.exe
[2013/05/14 18:19:10 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- D:\Windows\SysWow64\FlashPlayerCPLApp.cpl
 
========== Files Created - No Company Name ==========
 
[2013/06/10 16:58:19 | 001,084,742 | ---- | C] () -- D:\ProgramData\2433f433
[2013/06/10 16:58:19 | 001,084,717 | ---- | C] () -- D:\Users\annagy\AppData\Local\2433f433
[2013/06/10 16:58:19 | 001,084,700 | ---- | C] () -- D:\Users\annagy\AppData\Roaming\2433f433
[2013/06/04 14:51:31 | 000,056,103 | ---- | C] () -- D:\Users\annagy\Documents\ts3_clientui-win64-1361977727-2013-06-04 20_51_30.960417.dmp
[2013/06/01 07:09:35 | 009,002,119 | ---- | C] () -- D:\Users\annagy\Desktop\dominion.CAB
[2013/05/31 15:38:00 | 014,943,554 | ---- | C] () -- D:\Users\annagy\Desktop\dominion_20111114.zip
[2013/05/27 03:20:53 | 002,188,045 | ---- | C] () -- D:\Users\annagy\Desktop\IMG_2170.JPG
[2013/05/27 03:19:40 | 001,569,543 | ---- | C] () -- D:\Users\annagy\Desktop\IMG_2172.JPG
[2013/05/26 13:01:36 | 000,007,010 | ---- | C] () -- D:\Users\annagy\Desktop\032opera.zip
[2013/05/26 10:23:59 | 000,049,469 | ---- | C] () -- D:\Users\annagy\Desktop\DreadSprayVR-r5.zip
[2012/12/02 20:32:45 | 000,000,000 | ---- | C] () -- D:\ProgramData\rR1H700.dat
[2012/12/02 20:32:31 | 000,000,001 | ---- | C] () -- D:\ProgramData\qi2rvj58.exe_.b
[2012/12/02 20:32:31 | 000,000,001 | ---- | C] () -- D:\ProgramData\qi2rvj58.exe.b
[2012/08/14 15:33:35 | 000,889,510 | ---- | C] () -- D:\Users\annagy\AppData\Local\census.cache
[2012/08/14 15:33:04 | 000,112,832 | ---- | C] () -- D:\Users\annagy\AppData\Local\ars.cache
[2012/08/14 12:12:12 | 000,000,036 | ---- | C] () -- D:\Users\annagy\AppData\Local\housecall.guid.cache
[2012/01/18 00:44:00 | 010,920,984 | ---- | C] () -- D:\Windows\SysWow64\LogiDPP.dll
[2012/01/18 00:44:00 | 000,336,408 | ---- | C] () -- D:\Windows\SysWow64\DevManagerCore.dll
[2012/01/18 00:44:00 | 000,104,472 | ---- | C] () -- D:\Windows\SysWow64\LogiDPPApp.exe
[2011/06/06 19:42:10 | 000,252,928 | ---- | C] () -- D:\Windows\SysWow64\DShowRdpFilter.dll
[2011/03/21 12:31:52 | 000,182,945 | ---- | C] () -- D:\Windows\hpoins38.dat
[2011/03/21 12:31:52 | 000,000,548 | ---- | C] () -- D:\Windows\hpomdl38.dat
[2011/01/19 19:19:04 | 000,000,000 | ---- | C] () -- D:\Windows\ativpsrm.bin
[2011/01/19 19:16:32 | 000,002,857 | ---- | C] () -- D:\Windows\SysWow64\atipblag.dat
[2011/01/19 12:35:37 | 000,000,056 | -H-- | C] () -- D:\ProgramData\ezsidmv.dat
[2009/07/14 01:38:36 | 000,067,584 | --S- | C] () -- D:\Windows\bootstat.dat
[2009/07/13 22:35:51 | 000,000,741 | ---- | C] () -- D:\Windows\SysWow64\NOISE.DAT
[2009/07/13 22:34:42 | 000,215,943 | ---- | C] () -- D:\Windows\SysWow64\dssec.dat
[2009/07/13 20:10:29 | 000,043,131 | ---- | C] () -- D:\Windows\mib.bin
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- D:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 18:25:04 | 000,197,632 | ---- | C] () -- D:\Windows\SysWow64\ir32_32.dll
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- D:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- D:\Windows\SysWow64\mlang.dat
 
========== LOP Check ==========
 
[2013/04/04 08:24:52 | 000,000,000 | ---D | M] -- D:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2011/01/19 11:51:23 | 000,000,000 | -HSD | M] -- D:\ProgramData\Anwendungsdaten
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- D:\ProgramData\Application Data
[2013/01/16 17:06:03 | 000,000,000 | ---D | M] -- D:\ProgramData\Babylon
[2012/04/21 08:14:29 | 000,000,000 | ---D | M] -- D:\ProgramData\Battle.net
[2011/06/15 05:29:17 | 000,000,000 | ---D | M] -- D:\ProgramData\boost_interprocess
[2013/01/16 17:06:31 | 000,000,000 | ---D | M] -- D:\ProgramData\BrowserProtect
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- D:\ProgramData\Desktop
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- D:\ProgramData\Documents
[2011/01/19 11:51:23 | 000,000,000 | -HSD | M] -- D:\ProgramData\Dokumente
[2011/08/08 13:24:52 | 000,000,000 | ---D | M] -- D:\ProgramData\Easybits GO
[2011/11/28 16:09:35 | 000,000,000 | ---D | M] -- D:\ProgramData\Electronic Arts
[2011/01/19 11:51:23 | 000,000,000 | -HSD | M] -- D:\ProgramData\Favoriten
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- D:\ProgramData\Favorites
[2013/06/10 17:10:16 | 000,000,000 | ---D | M] -- D:\ProgramData\Giraffic
[2013/01/16 17:06:39 | 000,000,000 | ---D | M] -- D:\ProgramData\IBUpdaterService
[2012/09/18 10:05:41 | 000,000,000 | ---D | M] -- D:\ProgramData\Iminent
[2012/06/13 10:52:52 | 000,000,000 | ---D | M] -- D:\ProgramData\SplitMediaLabs
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- D:\ProgramData\Start Menu
[2011/01/19 11:51:23 | 000,000,000 | -HSD | M] -- D:\ProgramData\Startmenü
[2012/09/18 10:04:45 | 000,000,000 | ---D | M] -- D:\ProgramData\Tarma Installer
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- D:\ProgramData\Templates
[2012/01/11 06:02:23 | 000,000,000 | ---D | M] -- D:\ProgramData\TP-LINK
[2011/01/19 11:51:23 | 000,000,000 | -HSD | M] -- D:\ProgramData\Vorlagen
[2013/05/09 06:52:02 | 000,000,000 | ---D | M] -- D:\ProgramData\WarThunder
[2011/01/20 05:40:06 | 000,000,000 | ---D | M] -- D:\ProgramData\WinZip
[2011/06/07 07:25:19 | 000,000,000 | ---D | M] -- D:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
[2012/08/31 06:22:58 | 000,032,632 | ---- | M] () -- D:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
< End of report >
hoffe das passt

hmmm
Geändert von zucker87 (11.06.2013 um 20:58 Uhr)

Alt 11.06.2013, 22:44   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
GVU Trojaner (abgesicherter modus geht nicht) - Standard

GVU Trojaner (abgesicherter modus geht nicht)


Mach einen OTL-Fix über OTLPE, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Hinweis: Falls Du Deinen Benutzernamen unkenntlich gemacht hast, musst Du das Ausgesternte in Deinen richtigen Benutzernamen wieder verwandeln, sonst funktioniert das Script nicht!!

Code:
ATTFilter
:OTL
O4 - HKU\annagy_ON_D..\Run: [qcgce2mrvjq91kk1e7pnbb19m52fx] D:\Users\annagy\3625145.exe (Adobe Systems Incorporated)
O20 - AppInit_DLLs: (c:\progra~3\browse~1\261070~1.41\{c16c1~1\browse~1.dll) - D:\ProgramData\BrowserProtect\2.6.1070.41\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll ()
[2013/06/10 16:58:19 | 001,084,742 | ---- | M] () -- D:\ProgramData\2433f433
[2013/06/10 16:58:19 | 001,084,717 | ---- | M] () -- D:\Users\annagy\AppData\Local\2433f433
[2013/06/10 16:58:19 | 001,084,700 | ---- | M] () -- D:\Users\annagy\AppData\Roaming\2433f433
[2012/12/02 20:32:45 | 000,000,000 | ---- | C] () -- D:\ProgramData\rR1H700.dat
[2012/12/02 20:32:31 | 000,000,001 | ---- | C] () -- D:\ProgramData\qi2rvj58.exe_.b
[2012/12/02 20:32:31 | 000,000,001 | ---- | C] () -- D:\ProgramData\qi2rvj58.exe.b
:Commands
[purity]
[resethosts]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Danach sollte Windows wieder normal starten - stell uns bitte den Quarantäneordner von OTL zur Verfügung. Dabei bitte so vorgehen:

1.) GANZ WICHTIG!! Virenscanner deaktivieren, der darf das Packen nicht beeinträchtigen!
2.) Ordner movedfiles in C:\_OTL in eine Datei zippen
3.) Die erstellte ZIP-Datei hier hochladen => http://www.trojaner-board.de/54791-a...ner-board.html

Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang in den Thread posten!

4.) Wenns erfolgreich war Bescheid sagen
5.) Erst dann wieder den Virenscanner einschalten
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 11.06.2013, 23:50   #9
zucker87
 
GVU Trojaner (abgesicherter modus geht nicht) - Standard

GVU Trojaner (abgesicherter modus geht nicht)


hey, danke schonmal

hier der code

Code:
ATTFilter
========== OTL ==========
Registry key HKEY_USERS\annagy_ON_D\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run not found.
File D:\Users\annagy\3625145.exe not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\progra~3\browse~1\261070~1.41\{c16c1~1\browse~1.dll deleted successfully.
File D:\ProgramData\BrowserProtect\2.6.1070.41\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll not found.
File D:\ProgramData\2433f433 not found.
File D:\Users\annagy\AppData\Local\2433f433 not found.
File D:\Users\annagy\AppData\Roaming\2433f433 not found.
File D:\ProgramData\rR1H700.dat not found.
File D:\ProgramData\qi2rvj58.exe_.b not found.
File D:\ProgramData\qi2rvj58.exe.b not found.
========== COMMANDS ==========
D:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTLPE by OldTimer - Version 3.1.48.0 log created on 06122013_024405
wenn ich meinen rechner neu starte luft windows leider nicht wieder, im hintergrund noch dieser gelbliche screen von dieser "gvu" seite und cmd. exe ist geöffnet mit folgender meldung:

"Der befehl "C:\users\annagy\3625145.exe"" ist entweder falsch geschrieben oder konnte nicht gefunden werden."


oO

Alt 12.06.2013, 08:35   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
GVU Trojaner (abgesicherter modus geht nicht) - Standard

GVU Trojaner (abgesicherter modus geht nicht)


Mach bitte ein neues OTLPE-Log
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 12.06.2013, 10:14   #11
zucker87
 
GVU Trojaner (abgesicherter modus geht nicht) - Standard

GVU Trojaner (abgesicherter modus geht nicht)


Code:
ATTFilter
OTL logfile created on: 6/12/2013 2:09:42 PM - Run 
OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE
64bit-Windows 7 Professional Service Pack 1 (Version = 6.1.7601) - Type = System
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 89.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = D: | %SystemRoot% = D:\Windows | %ProgramFiles% = D:\Program Files (x86)
Drive C: | 100.00 Mb Total Space | 75.86 Mb Free Space | 75.87% Space Free | Partition Type: NTFS
Drive D: | 195.21 Gb Total Space | 24.53 Gb Free Space | 12.57% Space Free | Partition Type: NTFS
Drive E: | 270.45 Gb Total Space | 264.17 Gb Free Space | 97.68% Space Free | Partition Type: NTFS
Drive F: | 488.34 Mb Total Space | 117.92 Mb Free Space | 24.15% Space Free | Partition Type: FAT
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2010/09/28 21:51:08 | 000,203,264 | ---- | M] (AMD) [Auto] -- D:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Windows\System32\appmgmts.dll -- (AppMgmt)
SRV - [2013/05/14 18:19:10 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- D:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/05/13 07:56:02 | 002,245,232 | ---- | M] (Giraffic) [Auto] -- D:\Program Files (x86)\Giraffic\Veoh_GirafficWatchdog.exe -- (Giraffic)
SRV - [2013/03/15 12:29:10 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand] -- D:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013/02/28 12:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto] -- D:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/02/05 11:48:00 | 000,235,216 | ---- | M] (McAfee, Inc.) [On_Demand] -- D:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe -- (McComponentHostService)
SRV - [2013/01/04 13:01:47 | 002,554,472 | ---- | M] () [Auto] -- D:\ProgramData\BrowserProtect\2.6.1070.41\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe -- (BrowserProtect)
SRV - [2012/10/02 07:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto] -- D:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012/07/25 14:44:26 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand] -- D:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2012/04/25 13:53:38 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) [Auto] -- D:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe -- (KSS)
SRV - [2012/01/18 00:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto] -- D:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2011/08/12 18:25:29 | 000,269,480 | ---- | M] (Avira GmbH) [Auto] -- D:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/04/21 01:53:48 | 000,136,360 | ---- | M] (Avira GmbH) [Auto] -- D:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010/10/21 21:00:00 | 000,376,832 | ---- | M] (AVM Berlin) [Auto] -- D:\Program Files (x86)\avmwlanstick\WLanNetService.exe -- (AVM WLAN Connection Service)
SRV - [2010/03/18 08:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto] -- D:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled] -- D:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012/12/13 07:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/01/18 00:44:36 | 004,865,568 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\lvuvc64.sys -- (LVUVC64) Logitech Webcam C210(UVC)
DRV:64bit: - [2012/01/18 00:44:28 | 000,351,136 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2011/08/12 18:25:30 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System] -- D:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011/08/12 18:25:30 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto] -- D:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011/05/10 02:06:14 | 000,022,528 | ---- | M] (Apple Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\netaapl64.sys -- (Netaapl)
DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/10/21 21:00:00 | 000,460,800 | ---- | M] (AVM GmbH) [Kernel | On_Demand] -- D:\Windows\System32\drivers\fwlanusb.sys -- (FWLANUSB)
DRV:64bit: - [2010/10/21 21:00:00 | 000,014,120 | ---- | M] (AVM Berlin) [Kernel | On_Demand] -- D:\Windows\System32\drivers\avmeject.sys -- (avmeject)
DRV:64bit: - [2010/09/28 22:26:12 | 007,883,264 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/09/28 21:14:48 | 000,285,696 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/08/16 06:42:00 | 000,116,240 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2010/07/28 00:01:42 | 001,918,976 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\athurx.sys -- (athur)
DRV:64bit: - [2009/06/19 22:09:57 | 001,394,688 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/06/10 16:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand] -- D:\Windows\System32\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 16:35:42 | 000,187,392 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand] -- D:\Windows\System32\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2008/07/26 09:26:34 | 000,050,072 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\LVUSBS64.sys -- (LVUSBS64)
DRV:64bit: - [2008/07/26 09:22:34 | 002,624,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\LV302V64.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI)
DRV:64bit: - [2008/07/26 09:22:22 | 000,015,768 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\lv302a64.sys -- (lvpepf64)
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\annagy_ON_D\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://www.claro-search.com/?affID=116143&tt=0313_4&babsrc=HP_clro&mntrId=405aa4b5000000000000000d8881716e
IE - HKU\annagy_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.iminent.com/?appid=337a2d17-45a2-4e94-97c9-4bfcfbbd3bf8
IE - HKU\annagy_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\annagy_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\annagy_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B4 4C A0 C4 66 1C CC 01  [binary data]
IE - HKU\annagy_ON_D\..\URLSearchHook: {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - Reg Error: Key error. File not found
IE - HKU\annagy_ON_D\..\URLSearchHook: {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - Reg Error: Key error. File not found
IE - HKU\annagy_ON_D\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\annagy_ON_D\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: D:\Windows\System32\Macromed\Flash\NPSWF64_11_7_700_202.dll ()
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: D:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: D:\Program Files\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer: D:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=:  
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: D:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@divx.com/DivX OVS Helper,version=1.0.0: D:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin: D:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: D:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMSS.dll (McAfee, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: D:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: D:\Program Files (x86)\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: D:\Program Files (x86)\Microsoft Office\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: D:\Users\annagy\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: D:\Users\annagy\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: D:\Users\annagy\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: D:\Users\annagy\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: D:\Users\annagy\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2011/01/29 14:27:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2011/01/29 14:27:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/03/21 12:34:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\webbooster@iminent.com: C:\Program Files (x86)\Iminent\webbooster@iminent.com [2012/09/18 10:05:19 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/03/21 12:34:24 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{58bd07eb-0ee0-4df0-8121-dc9b693373df}: C:\ProgramData\BrowserProtect\2.6.1070.41\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension [2013/01/16 17:06:37 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\specialsavings@vshsolutions.com: C:\Users\annagy\AppData\Roaming\Mozilla\Extensions\specialsavings@vshsolutions.com [2013/01/16 17:06:37 | 000,000,000 | ---D | M]
 
[2013/05/30 15:22:29 | 000,000,000 | ---D | M] (No name found) -- D:\Users\annagy\AppData\Roaming\Mozilla\Extensions
[2013/01/16 17:06:37 | 000,000,000 | ---D | M] (Special Savings) -- D:\Users\annagy\AppData\Roaming\Mozilla\Extensions\specialsavings@vshsolutions.com
[2013/05/30 15:22:28 | 000,000,000 | ---D | M] (No name found) -- D:\Users\annagy\AppData\Roaming\Mozilla\Firefox\Profiles\j77jt8p5.default\extensions
[2013/05/30 15:22:28 | 000,000,000 | ---D | M] (No name found) -- D:\Users\annagy\AppData\Roaming\Mozilla\Firefox\Profiles\j77jt8p5.default\extensions\{C9B68337-E93A-44EA-94DC-CB300EC06444}
[2013/05/30 15:22:31 | 000,000,000 | ---D | M] (No name found) -- D:\Program Files (x86)\Mozilla Firefox\extensions
[2013/04/11 18:52:55 | 000,000,000 | ---D | M] (Skype Click to Call) -- D:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011/06/29 18:21:01 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- D:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2013/01/16 17:06:09 | 000,006,522 | ---- | M] () -- D:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2011/06/07 12:49:49 | 000,002,495 | ---- | M] () -- D:\Program Files (x86)\mozilla firefox\searchplugins\SearchResults.xml
[2012/08/24 09:02:46 | 000,002,157 | ---- | M] () -- D:\Program Files (x86)\mozilla firefox\searchplugins\SearchTheWeb.xml
 
O1 HOSTS File: ([2013/06/12 02:44:06 | 000,000,098 | ---- | M]) - D:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1       localhost
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - D:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2:64bit: - BHO: (UrlHelper Class) - {CFC4F59B-A2DA-4e12-B337-52A4F871E10C} - D:\Program Files (x86)\Shareaza Applications\MediaBar\Datamngr\x64\IEBHO.dll (Discordia, LTD)
O2 - BHO: (Claro LTD Helper Object) - {000F18F2-09EB-4A59-82B2-5AE4184C39C3} - D:\Program Files (x86)\Claro LTD\claro\1.8.8.5\bh\claro.dll (Montera Technologeis LTD)
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - D:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - D:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (TBSB01620 Class) - {58124A0B-DC32-4180-9BFF-E0E21AE34026} - D:\Program Files (x86)\IMinent Toolbar\tbcore3.dll ()
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - D:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (IMinent WebBooster (BHO)) - {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} - D:\Program Files (x86)\Iminent\Iminent.WebBooster.InternetExplorer.dll (Iminent)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - D:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (no name) - {bb184e6d-26d1-461a-9226-b93ca8da2af9} - No CLSID value found.
O2 - BHO: (uTorrentBar_DE Toolbar) - {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - D:\Program Files (x86)\uTorrentBar_DE\prxtbuTo2.dll (Conduit Ltd.)
O2 - BHO: (UrlHelper Class) - {CFC4F59B-A2DA-4e12-B337-52A4F871E10C} - D:\Program Files (x86)\Shareaza Applications\MediaBar\Datamngr\IEBHO.dll (Discordia, LTD)
O2 - BHO: (MediaBar) - {d48c9ead-f59f-4dea-ac97-7065fea79f42} - D:\Program Files (x86)\Shareaza Applications\MediaBar\Datamngr\ToolBar\shdtxmltbpi.dll ()
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (IMinent Toolbar) - {977AE9CC-AF83-45E8-9E03-E2798216E2D5} - D:\Program Files (x86)\IMinent Toolbar\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (Claro LTD Toolbar) - {9E131A93-EED7-4BEB-B015-A0ADB30B5646} - D:\Program Files (x86)\Claro LTD\claro\1.8.8.5\claroTlbr.dll (Montera Technologeis LTD)
O3 - HKLM\..\Toolbar: (uTorrentBar_DE Toolbar) - {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - D:\Program Files (x86)\uTorrentBar_DE\prxtbuTo2.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (MediaBar) - {d48c9ead-f59f-4dea-ac97-7065fea79f42} - D:\Program Files (x86)\Shareaza Applications\MediaBar\Datamngr\ToolBar\shdtxmltbpi.dll ()
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKU\annagy_ON_D\..\Toolbar\WebBrowser: (IMinent Toolbar) - {977AE9CC-AF83-45E8-9E03-E2798216E2D5} - D:\Program Files (x86)\IMinent Toolbar\tbcore3.dll ()
O3 - HKU\annagy_ON_D\..\Toolbar\WebBrowser: (uTorrentBar_DE Toolbar) - {C840E246-6B95-475E-9BD7-CAA1C7ECA9F2} - D:\Program Files (x86)\uTorrentBar_DE\prxtbuTo2.dll (Conduit Ltd.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] D:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] D:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] D:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [AVMWlanClient] D:\Program Files (x86)\avmwlanstick\WLanGUI.exe (AVM Berlin)
O4 - HKLM..\Run: [DATAMNGR] D:\Program Files (x86)\Shareaza Applications\MediaBar\Datamngr\datamngrUI.exe (Discordia, LTD)
O4 - HKLM..\Run: [DivX Download Manager] D:\Program Files (x86)\DivX\DivX Plus Web Player\DDmService.exe (DivX, LLC)
O4 - HKLM..\Run: [DivXUpdate] D:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Iminent] D:\Program Files (x86)\Iminent\Iminent.exe (Iminent)
O4 - HKLM..\Run: [IminentMessenger] D:\Program Files (x86)\Iminent\Iminent.Messengers.exe (Iminent)
O4 - HKLM..\Run: [LWS] D:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [StartCCC] D:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\annagy_ON_D..\Run: [EA Core] D:\Program Files (x86)\Electronic Arts\EADM\Core.exe (Electronic Arts)
O4 - HKU\annagy_ON_D..\Run: [FreeAC] D:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe (Comfort Software Group)
O4 - HKU\annagy_ON_D..\Run: [KSS] D:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe (Kaspersky Lab ZAO)
O4 - HKU\annagy_ON_D..\Run: [Logitech Vid] D:\Program Files (x86)\Logitech\Vid HD\Vid.exe (Logitech Inc.)
O4 - HKU\annagy_ON_D..\Run: [qcgce2mrvjq91kk1e7pnbb19m52fx]  File not found
O4 - HKU\annagy_ON_D..\Run: [Steam] D:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O4 - HKU\annagy_ON_D..\Run: [VeohPlugin] D:\Program Files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe (Veoh Networks)
O4 - HKU\LocalService_ON_D..\Run: [Sidebar] D:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_D..\Run: [Sidebar] D:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\RunOnce: [SPReview]  File not found
O4 - HKU\LocalService_ON_D..\RunOnce: [mctadmin]  File not found
O4 - HKU\NetworkService_ON_D..\RunOnce: [mctadmin]  File not found
O4 - Startup: D:\Users\annagy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk ()
O4 - Startup: D:\Users\annagy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - D:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - D:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - D:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - D:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13:64bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - D:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SHAREA~1\MediaBar\Datamngr\x64\datamngr.dll) - D:\Program Files (x86)\Shareaza Applications\MediaBar\Datamngr\x64\datamngr.dll (Discordia, LTD)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SHAREA~1\MediaBar\Datamngr\x64\IEBHO.dll) - D:\Program Files (x86)\Shareaza Applications\MediaBar\Datamngr\x64\IEBHO.dll (Discordia, LTD)
O20 - AppInit_DLLs: (c:\progra~3\browse~1\261070~1.41\{c16c1~1\browse~1.dll) -  File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - D:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - D:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - D:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKU\annagy_ON_D Winlogon: Shell - (cmd.exe) - D:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{06c6c5bb-3c36-11e1-9041-1c6f65893c9c}\Shell - "" = AutoRun
O33 - MountPoints2\{06c6c5bb-3c36-11e1-9041-1c6f65893c9c}\Shell\AutoRun\command - "" = F:\pushinst.exe
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\pushinst.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
64bit: O35 - HKLM\..comfile [open] -- "%1" %* File not found
64bit: O35 - HKLM\..exefile [open] -- "%1" %* File not found
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/06/04 18:07:25 | 000,000,000 | ---D | C] -- D:\Users\annagy\Desktop\Tor Browser
[2013/06/04 18:06:43 | 027,184,454 | ---- | C] (Igor Pavlov) -- D:\Users\annagy\Desktop\tor-browser-2.3.25-8_de.exe
[2013/06/01 07:09:47 | 000,000,000 | ---D | C] -- D:\Users\annagy\Desktop\dominion
[2013/05/15 21:02:03 | 000,096,768 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\mshtmled.dll
[2013/05/15 21:02:02 | 000,073,216 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\mshtmled.dll
[2013/05/15 21:02:01 | 001,494,528 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\inetcpl.cpl
[2013/05/15 21:02:01 | 001,427,968 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\inetcpl.cpl
[2013/05/15 21:02:01 | 000,248,320 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\ieui.dll
[2013/05/15 21:02:01 | 000,237,056 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\url.dll
[2013/05/15 21:02:01 | 000,231,936 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\url.dll
[2013/05/15 21:02:01 | 000,176,640 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\ieui.dll
[2013/05/15 21:02:01 | 000,173,056 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\ieUnatt.exe
[2013/05/15 21:02:01 | 000,142,848 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\ieUnatt.exe
[2013/05/15 21:02:00 | 002,312,704 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\jscript9.dll
[2013/05/15 21:02:00 | 000,729,088 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\msfeeds.dll
[2013/05/15 21:02:00 | 000,607,744 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\msfeeds.dll
[2013/05/15 21:01:59 | 001,800,704 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\jscript9.dll
[2013/05/15 21:01:59 | 000,816,640 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\jscript.dll
[2013/05/15 21:01:59 | 000,717,824 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\jscript.dll
[2013/05/15 21:01:59 | 000,599,040 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\vbscript.dll
[2013/05/15 20:35:16 | 000,265,064 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\drivers\dxgmms1.sys
[2013/05/15 20:35:16 | 000,144,384 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\cdd.dll
[2013/05/15 20:34:43 | 001,930,752 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\authui.dll
[2013/05/15 20:34:43 | 000,197,120 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\shdocvw.dll
[2013/05/15 20:34:42 | 001,796,096 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\authui.dll
[2013/05/15 20:34:42 | 000,111,448 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\consent.exe
[2013/05/15 20:34:36 | 000,048,640 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\wwanprotdim.dll
 
========== Files - Modified Within 30 Days ==========
 
[2013/06/12 02:44:06 | 000,000,098 | ---- | M] () -- D:\Windows\System32\drivers\etc\Hosts
[2013/06/11 20:53:49 | 000,014,944 | -H-- | M] () -- D:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/06/11 20:53:49 | 000,014,944 | -H-- | M] () -- D:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/06/11 20:53:11 | 000,001,124 | ---- | M] () -- D:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2634919089-2357390100-837573140-1000UA.job
[2013/06/11 20:50:39 | 000,668,692 | ---- | M] () -- D:\Windows\System32\perfh007.dat
[2013/06/11 20:50:39 | 000,620,284 | ---- | M] () -- D:\Windows\System32\perfh009.dat
[2013/06/11 20:50:39 | 000,134,540 | ---- | M] () -- D:\Windows\System32\perfc007.dat
[2013/06/11 20:50:39 | 000,110,472 | ---- | M] () -- D:\Windows\System32\perfc009.dat
[2013/06/11 20:46:28 | 000,065,536 | ---- | M] () -- D:\Windows\System32\Ikeext.etl
[2013/06/11 20:46:26 | 000,067,584 | --S- | M] () -- D:\Windows\bootstat.dat
[2013/06/11 20:45:59 | 3219,300,352 | -HS- | M] () -- D:\hiberfil.sys
[2013/06/11 14:34:39 | 000,000,884 | ---- | M] () -- D:\Windows\tasks\Adobe Flash Player Updater.job
[2013/06/10 06:53:02 | 000,001,072 | ---- | M] () -- D:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2634919089-2357390100-837573140-1000Core.job
[2013/06/04 18:07:12 | 027,184,454 | ---- | M] (Igor Pavlov) -- D:\Users\annagy\Desktop\tor-browser-2.3.25-8_de.exe
[2013/06/04 14:51:33 | 000,056,103 | ---- | M] () -- D:\Users\annagy\Documents\ts3_clientui-win64-1361977727-2013-06-04 20_51_30.960417.dmp
[2013/05/31 15:56:53 | 014,943,554 | ---- | M] () -- D:\Users\annagy\Desktop\dominion_20111114.zip
[2013/05/29 20:25:13 | 000,001,340 | ---- | M] () -- D:\Users\annagy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
[2013/05/27 03:21:04 | 002,188,045 | ---- | M] () -- D:\Users\annagy\Desktop\IMG_2170.JPG
[2013/05/27 03:20:06 | 001,569,543 | ---- | M] () -- D:\Users\annagy\Desktop\IMG_2172.JPG
[2013/05/26 13:01:36 | 000,007,010 | ---- | M] () -- D:\Users\annagy\Desktop\032opera.zip
[2013/05/26 10:24:00 | 000,049,469 | ---- | M] () -- D:\Users\annagy\Desktop\DreadSprayVR-r5.zip
[2013/05/15 21:55:51 | 002,340,640 | ---- | M] () -- D:\Windows\System32\FNTCACHE.DAT
[2013/05/14 18:19:10 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- D:\Windows\SysWow64\FlashPlayerApp.exe
[2013/05/14 18:19:10 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- D:\Windows\SysWow64\FlashPlayerCPLApp.cpl
 
========== Files Created - No Company Name ==========
 
[2013/06/04 14:51:31 | 000,056,103 | ---- | C] () -- D:\Users\annagy\Documents\ts3_clientui-win64-1361977727-2013-06-04 20_51_30.960417.dmp
[2013/06/01 07:09:35 | 009,002,119 | ---- | C] () -- D:\Users\annagy\Desktop\dominion.CAB
[2013/05/31 15:38:00 | 014,943,554 | ---- | C] () -- D:\Users\annagy\Desktop\dominion_20111114.zip
[2013/05/27 03:20:53 | 002,188,045 | ---- | C] () -- D:\Users\annagy\Desktop\IMG_2170.JPG
[2013/05/27 03:19:40 | 001,569,543 | ---- | C] () -- D:\Users\annagy\Desktop\IMG_2172.JPG
[2013/05/26 13:01:36 | 000,007,010 | ---- | C] () -- D:\Users\annagy\Desktop\032opera.zip
[2013/05/26 10:23:59 | 000,049,469 | ---- | C] () -- D:\Users\annagy\Desktop\DreadSprayVR-r5.zip
[2012/08/14 15:33:35 | 000,889,510 | ---- | C] () -- D:\Users\annagy\AppData\Local\census.cache
[2012/08/14 15:33:04 | 000,112,832 | ---- | C] () -- D:\Users\annagy\AppData\Local\ars.cache
[2012/08/14 12:12:12 | 000,000,036 | ---- | C] () -- D:\Users\annagy\AppData\Local\housecall.guid.cache
[2012/01/18 00:44:00 | 010,920,984 | ---- | C] () -- D:\Windows\SysWow64\LogiDPP.dll
[2012/01/18 00:44:00 | 000,336,408 | ---- | C] () -- D:\Windows\SysWow64\DevManagerCore.dll
[2012/01/18 00:44:00 | 000,104,472 | ---- | C] () -- D:\Windows\SysWow64\LogiDPPApp.exe
[2011/06/06 19:42:10 | 000,252,928 | ---- | C] () -- D:\Windows\SysWow64\DShowRdpFilter.dll
[2011/03/21 12:31:52 | 000,182,945 | ---- | C] () -- D:\Windows\hpoins38.dat
[2011/03/21 12:31:52 | 000,000,548 | ---- | C] () -- D:\Windows\hpomdl38.dat
[2011/01/19 19:19:04 | 000,000,000 | ---- | C] () -- D:\Windows\ativpsrm.bin
[2011/01/19 19:16:32 | 000,002,857 | ---- | C] () -- D:\Windows\SysWow64\atipblag.dat
[2011/01/19 12:35:37 | 000,000,056 | -H-- | C] () -- D:\ProgramData\ezsidmv.dat
[2009/07/14 01:38:36 | 000,067,584 | --S- | C] () -- D:\Windows\bootstat.dat
[2009/07/13 22:35:51 | 000,000,741 | ---- | C] () -- D:\Windows\SysWow64\NOISE.DAT
[2009/07/13 22:34:42 | 000,215,943 | ---- | C] () -- D:\Windows\SysWow64\dssec.dat
[2009/07/13 20:10:29 | 000,043,131 | ---- | C] () -- D:\Windows\mib.bin
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- D:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 18:25:04 | 000,197,632 | ---- | C] () -- D:\Windows\SysWow64\ir32_32.dll
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- D:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- D:\Windows\SysWow64\mlang.dat
 
========== LOP Check ==========
 
[2013/04/04 08:24:52 | 000,000,000 | ---D | M] -- D:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2011/01/19 11:51:23 | 000,000,000 | -HSD | M] -- D:\ProgramData\Anwendungsdaten
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- D:\ProgramData\Application Data
[2013/01/16 17:06:03 | 000,000,000 | ---D | M] -- D:\ProgramData\Babylon
[2012/04/21 08:14:29 | 000,000,000 | ---D | M] -- D:\ProgramData\Battle.net
[2011/06/15 05:29:17 | 000,000,000 | ---D | M] -- D:\ProgramData\boost_interprocess
[2013/01/16 17:06:31 | 000,000,000 | ---D | M] -- D:\ProgramData\BrowserProtect
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- D:\ProgramData\Desktop
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- D:\ProgramData\Documents
[2011/01/19 11:51:23 | 000,000,000 | -HSD | M] -- D:\ProgramData\Dokumente
[2011/08/08 13:24:52 | 000,000,000 | ---D | M] -- D:\ProgramData\Easybits GO
[2011/11/28 16:09:35 | 000,000,000 | ---D | M] -- D:\ProgramData\Electronic Arts
[2011/01/19 11:51:23 | 000,000,000 | -HSD | M] -- D:\ProgramData\Favoriten
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- D:\ProgramData\Favorites
[2013/06/10 17:10:16 | 000,000,000 | ---D | M] -- D:\ProgramData\Giraffic
[2013/01/16 17:06:39 | 000,000,000 | ---D | M] -- D:\ProgramData\IBUpdaterService
[2012/09/18 10:05:41 | 000,000,000 | ---D | M] -- D:\ProgramData\Iminent
[2012/06/13 10:52:52 | 000,000,000 | ---D | M] -- D:\ProgramData\SplitMediaLabs
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- D:\ProgramData\Start Menu
[2011/01/19 11:51:23 | 000,000,000 | -HSD | M] -- D:\ProgramData\Startmenü
[2012/09/18 10:04:45 | 000,000,000 | ---D | M] -- D:\ProgramData\Tarma Installer
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- D:\ProgramData\Templates
[2012/01/11 06:02:23 | 000,000,000 | ---D | M] -- D:\ProgramData\TP-LINK
[2011/01/19 11:51:23 | 000,000,000 | -HSD | M] -- D:\ProgramData\Vorlagen
[2013/05/09 06:52:02 | 000,000,000 | ---D | M] -- D:\ProgramData\WarThunder
[2011/01/20 05:40:06 | 000,000,000 | ---D | M] -- D:\ProgramData\WinZip
[2011/06/07 07:25:19 | 000,000,000 | ---D | M] -- D:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
[2012/08/31 06:22:58 | 000,032,632 | ---- | M] () -- D:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
< End of report >

Alt 12.06.2013, 11:27   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
GVU Trojaner (abgesicherter modus geht nicht) - Standard

GVU Trojaner (abgesicherter modus geht nicht)


Neuer Fix:

Code:
ATTFilter
:OTL
O4 - HKU\annagy_ON_D..\Run: [qcgce2mrvjq91kk1e7pnbb19m52fx]
O20 - AppInit_DLLs: (c:\progra~3\browse~1\261070~1.41\{c16c1~1\browse~1.dll)
:Files
c:\progra~3\browse~1
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 12.06.2013, 11:38   #13
zucker87
 
GVU Trojaner (abgesicherter modus geht nicht) - Standard

GVU Trojaner (abgesicherter modus geht nicht)


Code:
ATTFilter
========== OTL ==========
Registry key HKEY_USERS\annagy_ON_D\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run not found.
File  not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\progra~3\browse~1\261070~1.41\{c16c1~1\browse~1.dll deleted successfully.
File pInit_DLLs: not found.
========== FILES ==========
File\Folder c:\progra~3\browse~1 not found.
 
OTLPE by OldTimer - Version 3.1.48.0 log created on 06122013_153458

Alt 12.06.2013, 11:51   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
GVU Trojaner (abgesicherter modus geht nicht) - Standard

GVU Trojaner (abgesicherter modus geht nicht)


Fährt Windows wieder normal bzw zumindest im abgesicherten Modus?
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 12.06.2013, 11:59   #15
zucker87
 
GVU Trojaner (abgesicherter modus geht nicht) - Standard

GVU Trojaner (abgesicherter modus geht nicht)


nein, kommt wieder die meldung in cmd
"der befehl c\users\annagy\3625145.exe ist entweder falsch geschrieben oder konnte nicht gefunden werden

c\windows\system32

edit: beim abgesicherten modus kommt die cmd auch mit der gleichen meldungm im hintergrund schwarzer bildschirm und in den ecken steht in weiss abgesicherter modus, passiert aber sonst nichts.
Geändert von zucker87 (12.06.2013 um 12:05 Uhr)

Antwort
Seite 1 von 3 1 23

Themen zu GVU Trojaner (abgesicherter modus geht nicht)
abend, abgesicherte, abgesicherten, abgesicherter, abgesicherter modus, anmelden, bka trojaner entfernen, entferne, entfernen, gestartet, gestern, komplett, melde, melden, modus, neu, nicht möglich, ohne abgesicherten modus, platt, rechner, sofort, troja, trojaner, trojaner virus, video, virus, windows, youtube


« Tuguu VAF-Player Malware eingefangen, seitdem Warnmeldungen (svchost) | GVU-Trojaner: Wie beseitige ich eventuell vorhandene "Reste" und wie gehe ich mit den "Folgen" um ? »


Ähnliche Themen: GVU Trojaner (abgesicherter modus geht nicht)


  1. Interpol Trojaner auf Windows 7 64 bit Rechner, Abgesicherter Modus geht nicht
    Log-Analyse und Auswertung - 29.05.2014 (8)
  2. GVU-Trojaner abgesicherter Modus in Win 7 geht nicht
    Plagegeister aller Art und deren Bekämpfung - 01.05.2014 (13)
  3. GVU Trojaner WinXP Abgesicherter Modus geht nicht
    Log-Analyse und Auswertung - 26.11.2013 (7)
  4. gvu trojaner - abgesicherter modus geht nicht
    Plagegeister aller Art und deren Bekämpfung - 23.10.2013 (2)
  5. Windows 7 Trojaner Interpol Blockierter Pc Abgesicherter Modus geht nicht
    Plagegeister aller Art und deren Bekämpfung - 20.10.2013 (5)
  6. GVU Trojaner - Kein abgesicherter Modus geht nicht
    Plagegeister aller Art und deren Bekämpfung - 20.10.2013 (3)
  7. Windows XP: GVU Trojaner, abgesicherter Modus geht nicht
    Plagegeister aller Art und deren Bekämpfung - 06.09.2013 (3)
  8. GVU Trojaner - Abgesicherter Modus geht nicht
    Log-Analyse und Auswertung - 27.07.2013 (15)
  9. GVU Trojaner Windows Vista business- Abgesicherter Modus geht nicht
    Log-Analyse und Auswertung - 22.07.2013 (5)
  10. GVU Trojaner - Abgesicherter Modus geht nicht
    Plagegeister aller Art und deren Bekämpfung - 08.07.2013 (13)
  11. GVU-Trojaner Win7 32Bit (Abgesicherter Modus geht nicht)
    Plagegeister aller Art und deren Bekämpfung - 17.06.2013 (49)
  12. GVU Trojaner abgesicherter Modus geht nicht
    Log-Analyse und Auswertung - 30.05.2013 (5)
  13. GVU-Trojaner blockt PC - abgesicherter Modus geht nicht
    Plagegeister aller Art und deren Bekämpfung - 21.05.2013 (7)
  14. GVU Trojaner - F8 abgesicherter Modus geht nicht
    Plagegeister aller Art und deren Bekämpfung - 10.03.2013 (4)
  15. GVU Trojaner blockiert Win7 Laptop - abgesicherter Modus geht nicht
    Plagegeister aller Art und deren Bekämpfung - 30.01.2013 (15)
  16. Bundespolizei-Trojaner: Abgesicherter Modus geht nicht mehr
    Log-Analyse und Auswertung - 05.12.2012 (8)
  17. (2x) 50 Euro BKA Trojaner, Win XP, abgesicherter Modus geht auch nicht mehr
    Mülltonne - 16.03.2012 (1)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema GVU Trojaner (abgesicherter modus geht nicht) - Hallo, habe gestern abend den gvu trojaner auf meinen pc bekommen... laut dem yt video "GVU Trojaner Virus und BKA Trojaner entfernen 2013 ( Ohne Abgesicherten Modus )" von alex - GVU Trojaner (abgesicherter modus geht nicht)...
Archiv
Du betrachtest: GVU Trojaner (abgesicherter modus geht nicht) auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129